Cannot enable SNI SSL for a hostname because current site does not allow it

Let me guess, you're trying to set up an SSL certificate on Azure. I know, it happened to me.

You decide to do the right thing, the good thing and set up an SSL certificate for your site so that your users can enjoy browsing securely over HTTPS. But man they are a pain and are never an easy/enjoyable experience.

The pain

I decided to create an SSL for my blog using Let's Encrypt because it's free and it's open. This blog is hosted on Azure and whilst it is possible to set up a certificate with Let's Encrypt it is not a trivial task. I was following Troy Hunt's step by step guide to loading a free Let's Encrypt certificate into an Azure website.

I got to the very last step, request and install certificate, then bang.

The solution

The solution is a simple if not expensive one. To be able to have an SSL certificate on a custom domain in Azure your web site/app must be at least Basic Tier. I was on the Shared Tier which is the cheapest available for a website site with a custom domain.

Shared Tier

In a Shared Tier your app runs on a shared infrastructure. Shared includes a custom domain and does actually come with SSL support. However, it is not for your vanity URL but for the default Azure websites URL. E.g. https://{your-name}.azurewebsites.net. If you have a production website this is not going to be much use to you.

Basic Tier

In a Basic Tier you have a dedicated instance all to yourself. As well other benefits, this tier supports an SSL certificate. Only one mind you.

The cost of SSL

The price difference between Shared and Basic isn't trivial. The estimated monthly costs shown were almost 4 times higher.

For a small blog site that's a fair bit to pay for hosting and I believe that most people, if happy on the Shared Tier, wouldn't want to pay that much extra. I happen to have Azure credits I can use but otherwise I would certainly be looking at other alternatives for hosting my blog.