Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Azure DNS validation
This assumes you already have your DNS managed in Azure; if not, you'll need to set that up first.
If you are using the Azure DNS option for validation, you'll need to get certain info from your Azure Tenant, and create a service principal for Let's Encrypt to use (you'll only need to create on of these for your entire domain - it's basically an account that has authority to create DNS records).
Create Azure AD Service Principal Account
Run the following commands in Powershell. You will need to install the AzureRM Powershell module first if you don't have it installed already.
$sp = New-AzureRmADServicePrincipal -DisplayName LetsEncrypt -Password "SuperSecretPasswordGoesHere"
You can change the DisplayName to something else if you like, and you should certainly change the password. Keep a note of the password as you'll need it to set up the client in a minute.
You then need to give this Service Principal access to change DNS entries. In the Azure Portal:
- go to DNS Zones -> your.dns.zone.net -> Access Control (IAM)
- Click Add
- For Role, choose DNS Zone Contributor
- Assign access to Azure AD user, group, or application
- Select LetsEncrypt (or whatever you called your Service Principal above)
- Click Save
Setting up letsencrypt-win-simple
- Run Let's Encrypt, and choose which site you want to secure.
- At the section 'How you you like to validate this certificate' choose Azure DNS
- For Tenant ID: in the Azure Portal: Azure Active Directory -> Properties -> Directory ID.
- For Client ID: in the Azure Portal: Azure Active Directory -> App registrations -> LetsEncrypt (or whatever you called your Service Principal before), and find the Application ID.
- For the Secret: enter the password you created before.
- For the DNS Subscription ID: in the Azure Portal: DNS zones -> your.dns.zone.net -> Subscription ID
- For the DNS Resource Group Name: the name of the Resource Group your DNS zone is in (you can find this in Azure Portal: DNS zones -> your.dns.zone.net -> Resource Group
(most of this comes from https://docs.microsoft.com/en-us/azure/dns/dns-sdk)