Create a VM with ansible and configure a DNS

Make Az DNS:

public-ip12 | Configuration

Choose the same as the VM name

Follow this guide up to step 3

WordPress HTTPS (self-signed) and WP API

Use this in the certificate as CN

vm-uksqa13.uksouth.cloudapp.azure.com

Up to step http

http://20.77.73.218 = Apache2 Default Page
http://vm-uksqa13.uksouth.cloudapp.azure.com/ = Apache2 Default Page

openssl cn

Common Name (e.g. server FQDN or YOUR name) []:vm-uksqa13.uksouth.cloudapp.azure.com

sudo nano /etc/apache2/sites-available/testssl.conf

<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/test
ServerName 20.77.73.218
ServerAlias vm-uksqa13.uksouth.cloudapp.azure.com

<Directory /var/www/test/>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
   </Directory>
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
   ServerName 20.77.73.218
   ServerAlias vm-uksqa13.uksouth.cloudapp.azure.com
   DocumentRoot /var/www/test

   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
   SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>

sudo a2ensite testssl.conf

sudo apache2ctl configtest

sudo systemctl reload apache2

sudo service apache2 status

# this is what we have now
ls
000-default.conf  default-ssl.conf  testssl.conf

# Now none are using the certificate.
Must make new .conf with ip

sudo nano /etc/apache2/sites-available/20.77.73.218.conf

sudo a2ensite 20.77.73.218.conf

sudo a2dissite testssl.conf

sudo a2enmod rewrite

sudo apache2ctl configtest

sudo systemctl restart apache2

sudo systemctl enable apache2

sudo service apache2 status

http://20.77.73.218
http://vm-uksqa13.uksouth.cloudapp.azure.com/

Does not work with Public IP DNS (vm-uksqa13.uksouth.cloudapp.azure.com) as CN on certificate.

# Make CN with IP
# Keep same apache vhost config
# Remove current cert and run

sudo rm /etc/ssl/private/apache-selfsigned.key
sudo rm /etc/ssl/certs/apache-selfsigned.crt

sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

Common Name (e.g. server FQDN or YOUR name) []:20.77.73.218

sudo systemctl restart apache2

Yes, now cert is loaded

This DNS works now as server alias.