As I posted previously, I am working on moving all of my websites to Azure. I started with the easiest one, which is a static page. So far, I have moved it, and it is now reachable via HTTPS, but not without the ‘www’. While that isn’t important for that particular site, it is important for this site, because there are at least 10 links to this site from external pages. (Mostly people who copied the wrong link when they got lost and found themselves here, but still…)
If you haven’t heard about it:
”Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).”
Since I am not making money off of any of my sites, I am happy with the ‘free’ price.
Let’s Encrypt is geared toward making certificate renewal easy and automated. As I have mentioned before, easy doesn’t always work for me.
The way you work with Let’s Encrypt is via software running the ‘ACME protocol’. In this case, ACME is Automatic Certificate Management Environment. In this post, we are going to remove as much of the ‘Automatic’ as possible.
First up, I am a Windows guy, and at the moment, I am really not interested in automating the certificate process. (I will be later, but not today.) So I first download the Certbot installer for Windows at
https://dl.eff.org/certbot-beta-installer-win32.exe
and then get complained at by my computer because this isn’t often downloaded, and looks funny.
Once you install it, navigate to the install directory and run the ‘run.bat’. It wants to run elevated, and begins with the friendly instruction to run ‘certbot’ commands here, and tells you how to find help: 
To get to where I need to go, I need to do the Cert only option:
Enter your email, agree to the Terms of Service, agree to be emailed (or not) by EFF, and then enter your domain names.
Fun fact, they log the IP requesting the cert. I am requesting it from a computer that is NOT the host for my domain. Also, I need to get the cert to make the root work, so I need to use the DNS challenge. To get to that, I needed to run ‘certbot –manual –preferred-challenge dns’. After running that, it gives me a DNS TXT entry to add, which will verify I own the domain. Once the text value is entered, hit enter to continue, and get your cert: 