Key Vault Acmebot
This function provide easy automation of Let's Encrypt for Azure Key Vault. This project started to solve some problems.
- Store certificates securely with Key Vault
- Centrally manage many certificates with one Key Vault
- Simple deployment and configuration
- Robustness of implementation
- Easy monitoring (Application Insights, Webhook)
Use Key Vault for secure and centralized management of Let's Encrypt certificates.
Table Of Contents
- All Azure App Service (Web Apps / Functions / Containers, any OS)
- Azure CDN / Front Door
- Azure Application Gateway v2
- Subject Alternative Names (SANs) certificates (multi-domains support)
- Wildcard certificates
- Azure Subscription
- Azure DNS and Key Vault resource
- Email address (for Let's Encrypt account)
1. Deploy to Azure Functions
2. Add application settings key
- Azure Subscription Id
- Email address for Let's Encrypt account
- Azure Key Vault DNS name (Only when using an existing Key Vault)
- Webhook destination URL (optional, Slack recommend)
3. Enable App Service Authentication (EasyAuth) with AAD
Authentication / Authorization from Azure Portal and turn on App Service Authentication. Then select
Log in with Azure Active Directory as an action when not logging in.
Set up Azure Active Directory provider by selecting
4. Assign role to Azure DNS
DNS Zone Contributor role to Azure DNS zone or Resource Group.
5. Add a access policy (Only when using an existing Key Vault)
Add the created Azure Function to the Key Vault
Certificate management access policy.
Adding new certificate
https://YOUR-FUNCTIONS.azurewebsites.net/add-certificate. Since the Web UI is displayed, if you select the target DNS zone and input domain and execute it, a certificate will be issued.
If nothing is displayed in the dropdown, the IAM setting is incorrect.
App Service (Web Apps / Functions / Containers)
Select "Import Key Vault Certificate" button to import the certificate from Key Vault into App Service.
After that, the certificate will automatically be renewed from Key Vault.
Application Gateway v2
Azure CDN / Front Door
This project is licensed under the Apache License 2.0