I have a Ubuntu VM running on Microsoft azure. Currently I can access it using HTTP, but not with HTTPS. In the network interface, inbound port rule, 443 is already allowed.

I already added a certificate into the VM, by creating a key vault and a certificate, prepare it for deployment following this documentation:

az keyvault update -n <keyvaultname> -g <resourcegroupname> --set properties.enabledForDeployment=true

then added the certificate following this answer.

In Azure CLI:

$secret=$(az keyvault secret list-versions \
          --vault-name <keyvaultname> \
          --name <certname> \
          --query "[?attributes.enabled].id" --output tsv)
$vm_secret=$(az vm secret format --secret "$secret")

az vm update -n <vmname> -g <keyvaultname> --set osProfile.secrets="$vm_secret"

I got the following error:

Unable to build a model: Cannot deserialize as [VaultSecretGroup] an object of type <class 'str'>, DeserializationError: Cannot deserialize as [VaultSecretGroup] an object of type <class 'str'>

However, when I do az vm show -g <resourcegroupname> -n <vmname> after that, in the osProfile, the secrets already contained the secret I added

"secrets": [
      {
        "sourceVault": {
          "id": "/subscriptions/<subsID>/resourceGroups/<resourcegroupName>/providers/Microsoft.KeyVault/vaults/sit-key-vault"
        },
        "vaultCertificates": [
          {
            "certificateStore": null,
            "certificateUrl": "https://<keyvaultname>.vault.azure.net/secrets/<certname>/<certhash>"
          }
        ]
      }
    ],

When accessing using HTTPS, I failed. I can access it using HTTP but chrome still shows the "Not secure" mark next to the address.

What did I miss?

I also checked answer from similar question, but could not find "Enable Direct Server Return" anywhere in the VM control panel page.

As far as I known, we can follow these following steps to configure SSL for nginx server.

1. Add SSl cert

   $secret=$(az keyvault secret list-versions --vault-name "keyvault_name" --name "cert name" --query "[?attributes.enabled].id" --output tsv)

   $vm_secret=$(az vm secret format --secrets "$secret")

   az vm update -n “VM name” -g “resource group name” --set osProfile.secrets="$vm_secret"

2. Install Nginx

   sudo apt-get update

   sudo apt-get install nginx

3. Configure SSL Cert

    #get cert name
    find /var/lib/waagent/ -name "*.prv" | cut -c -57
   
    #paste cert
    mkdir /etc/nginx/ssl
    cp “your cert name” /etc/nginx/ssl/mycert.cer
    cp “your cert name” /etc/nginx/ssl/mycert.prv
   
    #change nginx configuration file
    sudo nano /etc/nginx/sites-available/default
    PS: add the next content in the file
    server {
       listen 443 ssl;
       ssl_certificate /etc/nginx/ssl/mycert.cert;
       ssl_certificate_key /etc/nginx/ssl/mycert.prv;
              }
     service nginx restart