I've had fun and games before getting certificates into Azure. Using certreq and/or certmgr.msc on a windows PC being fussy about where and how the CSR was generated, after you have already obtained a .crt, trying to generate the pfx Azure wants.
Here's a relatively painless way of getting things playing nicely together,
- zerossl.com has a simple interface for generating what's needed.
Go to https://zerossl.com/free-ssl/#crt and fill in your email and domain and click next a few times to allow it to generate a csr.
- Download the account-key.txt, domain-csr.txt, domain-key.txt and domain-crt.txt along the way for safe keeping.
- Download the latest openssl for your OS here https://indy.fulgan.com/SSL/
- Run
openssl.exe pkcs12 -export -out myserver.pfx -inkey .\domain-key.txt -in .\domain-crt.txt - Upload the myserver.pfx into Azure portal in the certificates section and allocate it to the domain.
To my amazement it works a treat and as long as you put a reminder in your diary, and you renew before the certificate expires in 90 days, you'll have free secure sites.
Update:
Have a look here: https://gooroo.io/GoorooTHINK/Article/16420/Lets-Encrypt-Azure-Web-Apps-the-Free-and-Easy-Way for an automated way of getting a cert.