How to get free SSL for Azure Web Apps using Cloudflare

If you're looking to add SSL to your Azure Web app using a custom domain name but don't want to spend a dime, you can get a free certificate from StartSSL and configure it in the Azure portal or use Cloudflare free plan that include SSL at no cost.  In this blog post, I'll explain how to configure GoDaddy and Cloudflare.

First thing first, doesn't Azure encrypts Web Apps using SSL?  Yes but only is you're using the default domain like this:

If you set a custom domain name and try to access it using HTTPS, you get this:

So you absolutely need a certificate if you want to secure traffic to your Azure Web App with HTTPS. 

OK, so what is Cloudflare? According to Wikipedia:

CloudFlare is a U.S. company that provides a content delivery network and distributed domain name server services, sitting between the visitor and the CloudFlare user's hosting provider, acting as a reverse proxy for websites. Its network protects, speeds up, and improves availability for a website or mobile application with a change in DNS.

Here are Cloudflare's building blocks:  

What we're interested in is getting SSL for free and Cloudflare has a free service tier that includes SSL: 

Great but how does it works?  Do I need to install something on Azure?  Cloudflare offers three ways to set SSL: Flexible, Full and Full (strict).  The default one is Flexible and it encrypts data between the visitors and Cloudflare but not the traffic between them (Cloudflare) and Azure.  Note that by using Cloudflare, the visitors never reach your Web App directly on Azure.  

Great!  That seems perfect: a free service that includes SSL without dealing with certificate installation.  Too good to be true?  Let's try it out.

The first step is to provide Cloudflare with the domain name (this assume that you already configured your custom domain name in the Azure portal):

Cloudflare scans your DNS and show you a quick video explaining the process:

This is what Cloudflare found:

And this is what is set in GoDaddy:

We need the A record to point to Azure and the CName record "www" so visitors can type either or in their browser to reach the site.  The "awverify" is only needed when setting the domain name in the Azure portal.  It should not be needed anymore.

Let's now select the "Free Website" plan:

Cloudflare wasn't able to change the GoDaddy's nameservers so I'll need to change this directly in GoDaddy's console.

In GoDaddy's console, you'll need to locate the nameservers section for your domain and click on the "Manage" link:

You then need to select "Custom" and click on the "Add Nameserver" button:

Enter the namesersers provided earlier by Cloudflare.  Click "OK" and "Save" on the next step:

That's it for GoDaddy!  Now back to Cloudflare.  Let's hit the "Continue" button.  Cloudflare informs us that the status is pending. 

You now need to wait, this step could take up to 24 hours when using Cloudflare's Free tier.  In my case, it took about 2 minutes and I received a confirmation email:

And the status changed to Active in the Cloudflare console:

We now have to wait for the certificate to be issued and configured.  Click on the "Crypto" tab to see the status.  Note that this step can take up to 24 hours to complete.  In my case, it took just a few minutes.

You can now access your Website using SSL:

Voilà!  Free SSL for your Azure Web Apps!  Note that Cloudflare offers way more then SSL and you should take some time exploring what's included in the Free plan.

blog comments powered by Disqus

Page List

Month List