Azure Key Vault Let's Encrypt

Requirements

• Azure Subscription
• Azure DNS and Key Vault resource
• Email address (for Let's Encrypt account)

Getting Started

1. Deploy to Azure Functions

2. Add application settings key

• LetsEncrypt:SubscriptionId
  • Azure Subscription Id
• LetsEncrypt:Contacts
  • Email address for Let's Encrypt account
• LetsEncrypt:VaultBaseUrl
  • Azure Key Vault DNS name

3. Add a access policy

Add the created Azure Function to the Key Vault Certificate management access policy.

4. Assign role to Azure DNS

Assign DNS Zone Contributor role to Azure DNS.

Usage

Adding new certificate

Run AddCertificate_HttpStart function with parameters.

curl https://YOUR-FUNCTIONS.azurewebsites.net/api/AddCertificate_HttpStart?code=YOUR-FUNCTION-SECRET -X POST \
    -H 'Content-Type:application/json' \
    -d '{"Domains":["example.com","www.example.com"]}'

• Domains
  • DNS names to issue certificates.

Thanks

• ACMESharp Core by @ebekker
• Durable Functions by @cgillum and contributors

License

This project is licensed under the Apache License 2.0