Our great sponsors
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
They're not really free: "This feature is available for customers on an App Service Plan of Basic and above (free and shared tiers are not supported)." They're GoDaddy certificates, and their price is charged back through the App Service pricing.
Similarly, Azure Front Door also has "free" certificates, but they just integrate it into the relatively high cost of the service.
If you want certificates for some other unrelated IaaS or PaaS service... Microsoft says no. They want their margin.
Back to GoDaddy: their attitude is very 1990s, so they sometime use manual approval for certificates. This makes ARM Templates that normally take minutes to deploy just hang and take hours, or even fail.
Worse, they don't use the DNS address you requested for your certificate for validation. They use the "TLD", but there is no such concept in the Domain Name System, so this is unreliable at best. Validation is 100% broken by design and cannot be made to work for many domains. For example, in Australia, App Service Certificates cannot ever be used for subdomains of act.gov.au, nsw.gov.au, and nt.gov.au!
PS: For people who are unaware, the concept of the TLD is at best a fuzzy one, and is decided by the informally maintained Public Suffix list, which is currently managed by Mozilla. It's not an RFC, it's not a standard, and isn't suitable for certificate validation. See: https://publicsuffix.org/
This is one of the key philosophical differences between Let's Encrypt and GoDaddy. When issuing automated, free certificates, manual labour for validation is not a viable approach and hence Let's Encrypt eliminated all such sources of informal, error-prone, manually verified sources. GoDaddy hasn't changed their validation approach in decades, because for $70/year, this kind of inefficiency is acceptable.
To put things in perspective: GoDaddy has a support phone number. For certificates! They're literally 1KB files with two numbers and some text in them. Why do they need support!?