How exactly would you use the free App Service Managed Certificate in Azure to properly secure your domain?
I actually did get it to work for the most part by following the instructions at https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain But, in the end, the app is not 100% secure as it will come up with unsecure browser warnings – basically making the free certificate useless.
It says that it does not support 'naked' domains, which I'm assuming is 'yourdomain.com', versus 'www.yourdomain.com', but again, there is no point to the free certificate then. Can I actually get my site 100% secure without purchasing an ssl certificate?
I already have an SSL cert, but don't want to use it in this case. I've followed the examples on redirecting naked domain to www, but that doesn't seem to work either. When you type in 'www.yourdomain.com' it gets redirected to https://yourdomain.com in the browser, then displays my web app properly. So, if you add a redirect from yourdomain.com to www.yourdomain.com shouldn't that end up in an endless redirect?
Either way, I've read all the documentation from microsoft, and can't quite get the web app secured. Any advice on this?
Best Answer
The lack of support for apex domains is a fairy glaring omission from free certs and I hope this gets added in the future. That said, that’s a known issue with the current preview, so if you need a cert for your apex domain then this probably isn’t for you.
Free certs work just fine for subdomains, so there will be plenty of scenarios where they will be useful, just not your current scenario. It’s a preview and it has specific limitations to work with. If those limitations don’t work for you then it’s not the solution for you.
If you want to redirect your apex domain to www the you would need to remove the redirect going the other way to avoid a loop.