Giters

f-bader / AzAutomation-PoshACME

Automatically create and renew Let’s Encrypt certificates using Azure Automation and the Posh-ACME module

Home Page:https://cloudbrothers.info

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

AzAutomation-PoshACME

Automatically create and renew Let’s Encrypt certificates using Azure Automation and the Posh-ACME module

Quick start

To implement this solution in your environment you have to setup your DNS environment the right way.
Follow Prepare your DNS infrastructure to do this.

Next set all the variables in DeployRessources.ps1 to custom values.

Caution: "BlobStorageName" has to be a globally unique name and may only contain lowercase characters and numbers.

The DeployRessources.ps1 is not meant to be executed as one script but is build to follow each region step for step.

Known issues

The deployment of the "Az.Resources" module sometimes fails the first time. Remove it and try again.

Security consideration

Posh-ACME saves all artefacts to the created storage account, including the private key of the certificates.
Limit access to this subscription only to persons who would handle the private key anyways.
Consider using a own key to add additional security for the private keys at rest.

Presentation

Changelog

  • 2020.03.08 - Added 'WriteLock' variable to avoid corrupt configuration
  • 2020.02.22 - Inital public release

About

Automatically create and renew Let’s Encrypt certificates using Azure Automation and the Posh-ACME module

https://cloudbrothers.info

Languages

Language:PowerShell 100.0%