Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
97 lines (97 sloc) 3.63 KB
{
// file used to run scheduled integration tests against let's encrypt staging with various configuration options
"acme": {
"email": "marcstan@live.com",
// renew often so we get fast feedback on errors
"renewXDaysBeforeExpiry": 85,
// letsencrypt limits real certs, so use staging (unlimited certs) to not interrupt real domains
"staging": false
},
"certificates": [
// full fallback system should work when all resources are named identical + MSI storage access
{
"hostNames": [
"letsencrypt-integration.marcstan.net"
],
"targetResource": {
"type": "cdn",
"name": "letsencrypt-integration"
}
},
// some resource names + MSI storage access
{
"hostNames": [
"letsencrypt-integration-02.marcstan.net"
],
"certificateStore": {
"type": "keyVault",
"properties": {
"name": "letsencrypt-integration"
}
},
"targetResource": {
"type": "cdn",
"properties": {
"name": "letsencrypt-integration-02",
"resourceGroupName": "letsencrypt-integration"
}
}
},
// everything specified explicitely + connection string in keyvault (MSI should be tried, fails and falls back to keyvault)
{
"hostNames": [
"letsencrypt-integration-03.marcstan.net",
"www.letsencrypt-integration-03.marcstan.net"
],
"challengeResponder": {
"type": "storageAccount",
"properties": {
"container": "$web",
"path": ".well-known/acme-challenge/",
// used for connection string access (will look for secret "Storage" to contain storage account connectionstring)
"keyVaultName": "letsencrypt-integration"
}
},
"certificateStore": {
"type": "keyVault",
"properties": {
"name": "letsencrypt-integration",
"certificateName": "letsencrypt-integration-03-marcstan-net"
}
},
"targetResource": {
"type": "cdn",
"properties": {
"name": "letsencrypt-integration-03",
"resourceGroupName": "letsencrypt-integration",
"endpoints": [
"letsencrypt-integration-03"
]
}
}
},
// assign certificate to a webapp (domain must already be assigned to the webapp)
{
"hostNames": [
"letsencrypt-integration.web.marcstan.net"
],
// must use redirect to read content from storage account when path .well-known/acme-challenge/ is accessed
// see "Supported resources.md" for examples
// uses MSI access to write files to storage
"challengeResponder": {
"type": "storageAccount"
},
"certificateStore": {
"type": "keyVault",
"name": "letsencrypt-integration"
},
"targetResource": {
"type": "appService",
"properties": {
"name": "letsencrypt-integration",
"resourceGroupName": "letsencrypt-integration"
}
}
}
]
}
You can’t perform that action at this time.