Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

FWIW, Azure has started rolling out free certificates for App Service - they have some kinda annoying limitations, but it's a start and some of them are planned to be lifted: https://docs.microsoft.com/en-us/azure/app-service/configure...


By "kinda annoying" you mean ludicrous and show-stopping, right?

    Does not support wildcard certificates.
    Does not support naked domains.
    Is not exportable.
    Is not supported on App Service Environment (ASE)
    Does not support A records. For example, automatic renewal doesn't work with A records.
There's probably at least several other restrictions not listed there. I recently tried to buy a certificate for App Service for a government agency, but it was refused because of a design flaw in GoDaddy's validation code.

Not to mention that this doesn't cover other very common scenarios, such as Application Gateway, VM scale sets, API Gateway, or... anything else.

Each Azure team seems to be operating under the model that HTTPS with a custom domain is some sort of bolt-on that's unique and special to their service. The verification and enrolment is distinct for every service, with gaps and weird and wonderful limitations.

It's like they've been told, recently, that HTTPS is something they should do, so they've all gone and done "something" to tick that checkbox. Some free. Some not free. Some with restrictions. Some without. Some automatically renewing. Some not. Some with ECC, some without. HSTS on some, not others. Etc...

It's a shit show.


it's Azure, what can I say ¯\_(ツ)_/¯




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: