Skip to content

DNS Challenge, API, Version without Web Job
Compare
Choose a tag to compare
@sjkp sjkp released this 19 Nov 12:39
· 134 commits to master since this release
0.8.5
f2e8f39

This latest release include a few nice things as well as some bug fixes.

The major new features are:

  • Support for DNS Challenge using Azure DNS for now
  • A version that doesn't include the web job
  • An API hosted inside the site extension (for now) that allow you to operate the extension

DNS challenge

Until now the extension have relied on the http challenge, which requires the challenge file to be written to the web server and accessible over http to the Lets Encrypt servers in order for them to validate that you own the domain that you are requesting a SSL certificate for.

However Lets Encrypt also supports, a DNS challenge where you make a TXT record with a random value provided by Lets Encrypt, and that way prove ownership of the domain.

Using the DNS challenge method, have some benefits in that the extension can be used to request certificates that doesn't have to be used for SSL and doesn't have to be installed in an Azure Web App. For now however it only supports manual installation or automatic installation of the DNS challenge requested certificate in Azure Web App, so if you want to install them else where you have to do that manually.

Another obvious limitation of the DNS challenge is for it to work, the extension needs to know how to make a TXT record on your DNS server. For now I have only implemented support for Azure DNS (which few people probably use) but let me know which DNS services that people would like supported and I can see if they have an API that allow me to integrate with them. Currently I'm looking at supporting godaddy.

To use the DNS challenge you have to use the API for now, there is no UI to support it.

No Web Job Version

The web job have and still do cause some people problems. For that reason I have decided to make a package of the extension that doesn't come bundled with the web job. It is named Azure Let's Encrypt (No Web Jobs) pick that if you don't want the web job. Besides not including the web job, the two versions of the extension are identical, and will continue to be.

API Support

In order allow people using the version without the web job to have a way to operate the extension automatically, I have included an API that basically exposes the core functionality found in the LetsEncrypt.Azure.Core library.

You can browse the Swagger UI for the API using
https://<your-web-app>.scm.azurewebsites.net/letsencrypt/swagger/ui/index

image

If you decide to use the API for handling your Lets Encrypt certificates, you can have the site extension installed in a single site, and use that site to manage multiple other sites.

I will write some more documentation on how the API can be used in the coming weeks, until then please take a look at the unit tests in CertificateControllerTest to get an idea on which parameters to pass to the APIs.

Bugs

#173 #174 #92

Assets 2
Loading