Skip to content
Use AzureDNS with dehydrated (formerly and DNS challenges
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

AzureDNS hook for dehydrated

This is a hook for the Let's Encrypt ACME client dehydrated (previously known as that allows you to use AzureDNS DNS records to respond to dns-01 challenges. Requires Bash and an existing SPN set up in Azure to authorize the DNS changes (instructions here or in the included script).


$ cd ~
$ git clone
$ git clone
$ cd dehydrated


In order for this hook script to work, you will need an existing service principal in the Azure ARM portal that has at least Contributor access to the DNS instance being used (see the script for help creating this)

Make sure that you update the tenant specific configuration variables in the script. These are the configuration settings that need to be changed in that file:

TENANT="<tenant name>"      # Your tenant name - the value
SPN_USERNAME="<spn uri id or guid>"         # This is one of the SPN values (the identifier-uri or guid value)
SPN_PASSWORD="<password>"                   # This is the password associated with the SPN account 
RESOURCE_GROUP="<resource group name>"      # This is the resource group containing your Azure DNS instance
DNS_ZONE="<dns zone name>"                  # This is the DNS zone you want the SPN to manage (Contributor access)
TTL="<time in seconds>"                     # This is the TTL for the dnz record-set


$ ./dehydrated -c -d "" --config ../letsencrypt-azuredns-hook/ -k ../letsencrypt-azuredns-hook/

You can’t perform that action at this time.