When you want your own blog but WordPress is beast for you, you can end up with Ghost.

Nowadays it is much simpler to start with Ghost 2.x on Azure as there are lot of tutorials. According to this blog: https://www.gatevnotes.com/introducing-ghost-2-on-azure-web-app-service/ you can install Ghost by one click.

Now your blog is running on https://{something}.azurewebsites.net which is great for testing but you would like your own domain, right :) You can buy your own at your domain registrar or through Azure portal. In this tutorial is simply explained how to map your domain to App Service powering your blog: https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain.

Now you have domain, but browser would complain about certificate as it is still using certificate for azurewebsites.net domain. Nowadays you can have free certificate from Let's Encrypt and it is quite easy to deploy it in Azure. Follow this blog post: https://gooroo.io/GoorooTHINK/Article/16420/Lets-Encrypt-Azure-Web-Apps-the-Free-and-Easy-Way/21872. As it is bit dated there are two changes. Instead of:

$password = '{some strong password}'

you should create secure string:

$password = ConvertTo-SecureString '{some strong password}' -AsPlainText -Force

When finished with tutorial, blog should run on new domain with new certificate. What you need is to ensure that there is nowhere used old azurewebsites.net links. Go to in Ghost admin and on Design tab change all navigation links to your new domain. In Azure portal change App Setting called url to new domain. That would be it.

Certificate renewal

In the GooRoo article is section 5 about certificate renewal. You should check the WebJob being created and running. In my case I saw warning about Cron:

To setup Always on, go to App Settings -> General Settings and there you can find a knob Always on:

That's it.

P.S.: The password for Let's Encrypt application will expire in one year. I expect you would be interested in renewal. Please read https://blog.rassie.dk/2019/08/update-azure-active-directory-service-principal-credentials/ and store generated password in letsencrypt:ClientSecret application setting.

P.S.2: 1.0.5+ Let's Encrypt extension application require two new connection strings: 1.0.5 DashboardConnectionString and StorageConnectionString not documented · Issue #354 · sjkp/letsencrypt-siteextension · GitHub. When you are running this app, just copy paste the storage account string into the two fields and check the checkbox under them (Update Application Settings and Virtual Directory).

P.S.3: Azure team is working on free certificates, see: Secure your Custom Domains at no cost with App Service Managed Certificates (preview) | Azure updates | Microsoft Azure