az group create --name mtidns000rg --location "ukwest"
az network dns zone create -g mtidns000rg --name mtifl.considrd.dev
At this point you'll have to go do your name service provider and repoint your NS records and SOA records to the name servers inside azure
az network dns record-set list -g mtidns000rg --zone-name mtifl.considrd.dev --query "[?name=='@']"
az network dns record-set list -g mtidns000rg --zone-name mtifl.considrd.dev
Create a DNS CNAME ver in the sub-domain mtifl.considrd.dev and point it to mti-test.azurewebsites.net
az network dns record-set cname create --resource-group mtidns000rg --zone-name mtifl.considrd.dev --ttl 30 --name ver
az network dns record-set cname set-record --resource-group mtidns000rg --zone-name mtifl.considrd.dev -c mti-test.azurewebsites.net --record-set-name ver
Show all the CNAMEs in the sub-domain mtifl.considrd.dev
az network dns record-set cname list -g mtidns000rg -z mtifl.considrd.dev -o table
Show the CNAME for ver in the sub-domain _mtifl.considrd.dev
az network dns record-set cname show -g mtipoc -z mtifl.considrd.dev -n ver -o table
az network dns record-set cname delete --resource-group mtidns000rg --zone-name mtifl.considrd.dev --name ver
az webapp config hostname add --webapp-name mti-example --resource-group mtiexample000rg --hostname ver.mtifl.considrd.dev
Having placed used a Custom Domain name with a Web/FunctionApp on Azure you need to create new certificates Letsencrypt Clients allow scripted generation of certificates on demand so these can be used for SSL/TLS transport
win-acme can make use of Letsencrypt. It has a plugin for Azure as well.
scoop install win-acme
The Letsencrypt URL
https://acme-staging-v02.api.letsencrypt.org
is used with win-acme which is started by typing wacs at the command line and choosing the following options
M: Create Certificate (Full Options) -> 2: Manual Input -> ver.mtifl.considrd.dev -> 6 [dns-01] create verification records manually]
-> 3: RSA -> 2: PEM encoded files -> Path where .pem files stored -> .
-> 3: 1: IIS (pfx per host) -> Pathere to store -> . -> Password for .pfx -> password
-> 5: No (additional store steps)
-> 4: No (additional) installation steps
During the [dns-01] verification process, it asks you to populate a DNS TXT record with a particular value in place and to delete it onces verification is finished. Do this using the Azure Portal DNS tools for the domain you are working with
This creates both PEM and PFX files
az webapp config ssl upload --certificate-file ver.mtifl.considrd.dev.pfx --certificate-password password --name mti-example --resource-group mtiexample000rg --query thumbprint --output tsv
It is CRUCIAL to keep the thumbprint output as you need it for the next step
az webapp config ssl bind --certificate-thumbprint ***************** --ssl-type SNI --resource-group mtiexample000rg --name mti-example
func azure functionapp list-functions mti-example --show-keys
This will return something like
Functions in mti-example:
mti-example - [httpTrigger]
Invoke url: https://mti-example.azurewebsites.net/api/mti-example?code=7****************=
Check it is working as on azurewebsites.net
curl -l "https://mti-example.azurewebsites.net/api/mti-example?code=7****************="
Now replace the URL with your new URL and re-test
curl -l "https://ver.mtifl.considrd.dev/api/mti-example?code=7****************=