Cloud CI/CD Showdown Part 4: Azure Application Secure Certificate with LetsEncrypt

Michael P Tuszynski -

Part 2: Setting up the certificates

In the preceding part of this series, we set up the groundwork for a simple Todo App running Microsoft Azure. Next, we set up a secure SSL certificate for the app using LetsEncrypt and Terraform.

Tl;dr you can find the entire second-stage script here.

Let's Encrypt is a free, automated, and open Certificate Authority (CA) that provides website owners with the digital certificates needed to enable HTTPS (SSL/TLS) for their websites, thereby encrypting web traffic and enhancing online privacy and security. It's essential because it democratizes internet security by making SSL/TLS encryption accessible to anyone, removing financial and complexity barriers, and thus promoting a more secure web by encouraging widespread use of HTTPS.

Setting up the next stage

We will set up the next stage as we did in Part 3. 

stage_name
- main.tf
- outputs.tf
- variables.tf
- versions.tf
- config.tfvars

First, we setup versions.tf to import the Acme provider, which is how we will interact with the LetsEncrypt API to create the TLS certificate.

2nd Stage Providers

Next, we set up some input variables for the second stage. This includes the prefix from the last stage, the key vault, the resource group, and the DNS zone name from the previous stage's output,

Certificate Input Variables

The input variables map to a commensurate config.tfvars file:

email_address  = "you@someotherdomain.com" #any valid email
zone_name      = "YOURDOMAINHERE.COM" #your preregistered domain name
subdomain      = "www" #any subdomain you choose
key_vault      = "todoapp-kv" #output from previous stage
resource_group = "todoapp-resources" #output from previous stage
prefix         = "todoapp" #should be the same prefix as the previous stage

In the main.tf file, Terraform makes use of the data directive to import the recently created resources into the second stage script.

Stage 2 Imports

Then, we create a private TLS key and a certificate request to the LetsEncrypt Certificate Authority via the Acme provider. The provider has a dns_challenge section where we pass in the app registration information created in the first stage.

Create Certificate

Once we have created the certificate, we add a secondary bash script that checks the DNS propagation of the DNS challenge record to ensure a valid TLS certificate.

Check DNS Propagation

And implement the check_dns_propagation the script within the Terraform stage 2:

Check DNS Prop via Terraform

Upon compilation of the script, run a plan to be sure you know what you are about to create in Azure and check for any syntax errors:

terraform plan -var-file config.tfvars

Copy and paste the values that are produced upon running the first stage script:

terraform apply -var-file config.tfvars

Second stage complete

We have created a valid TLS certificate ready to be used in stage 3 of the demo. Read on for the final stage of the application, where we build the significant components of the app and implement CI/CD.