diff --git a/docs/dns-azuredns-portal.md b/docs/dns-azuredns-portal.md new file mode 100644 index 00000000..8c74e4a9 --- /dev/null +++ b/docs/dns-azuredns-portal.md @@ -0,0 +1,57 @@ +--- +id: dns-azuredns +title: Using Azure DNS +--- + +*Azure DNS documentation originally written by: Tony Johncock @Tony1044* + +## Step 1 – Create App registrations (Legacy) in Azure Portal + +- Login to https://portal.azure.com +- Select Azure Active Directory +- Click App registrations (Legacy) +- Click New application registration + - Name: LetsCertify + - Application type: Web app / API + - Sign-on URL: https://www.mydomain.com +- Copy Application ID (like: xxxxxxxx-yyyy-zzzz-aaaa-bbbbbbbbbbbb) +- Click Settings +- Click Keys + - Description: Login + - Expires: never expires +- Click Save +- Copy Password value (aka Service Principal Secret) + +*IMPORTANT: The secret is only shown at this point. Copy it as once it’s hidden there is NO way to retrieve it* + +## Step 2 - Grant the Application rights to update DNS +- Click on your DNS Zone +- Click on Access Control (IAM) +- Click on (+) Add +- Select: + - Role: DNS Zone Contributor + - Assign access to: Azure AD user, group or application + - Select: Type in LetsEcnrypt + - Click Save + +## Step 3 – Retrieve Tenant ID +There are any number of ways to get Tenant ID: + +- Click on Azure Active Directory +- Click on Properties +- Copy the Directory ID (Tenant ID) + +## Step 4 – Retrieve Subscription ID +There are any number of ways to get Subscription ID: + +- Click on Subscriptions +- Select your subscription +- In Overview, copy Subscription ID + +## 6 – Configure Credentials in Certify SSL Manager + +You now have all the information you require to configure Azure settings in the app. + +You can add this is a new Stored Credential under Settings or while you are editing a Managed Certificate, under Authorization > DNS. + +When using the credential as part of DNS validation in the app you will be prompted for the "Zone Id", for Azure DNS this is the DNS zone name, usually in the form of "yourdomain.com" diff --git a/docs/dns-azuredns.md b/docs/dns-azuredns.md deleted file mode 100644 index 03df82eb..00000000 --- a/docs/dns-azuredns.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -id: dns-azuredns -title: Using Azure DNS ---- - -*Azure DNS documentation originally written by: Tony Johncock @Tony1044* - -*Note: If you have not yet selected a DNS API provider to host your domain with be aware that Azure DNS is currently amongst the most complex to configure for API access.* - -## Step 1 – Install and configure Azure PowerShell - -Follow the instructions here: https://docs.microsoft.com/en-us/powershell/azure/install-azurerm-ps?view=azurermps-5.7.0 - -## Step 2 – Connect to Azure PS and create the Azure Service Principal and Enterprise Application -From PowerShell: - -```powershell -PS C:\Users\Tony> Connect-AzureRmAccount -``` - -This will launch a web dialog to log into your Azure tenant. Ensure you connect with an account with the relevant administrative credentials in the portal. - -Pop your password and MFA requirements in as required when prompted. - -Note: I found that this wouldn’t authenticate via the ageing proxy server on one site, with the rather esoteric error as below: - -``` -Connect-AzureRmAccount : An error occurred while sending the request. -At line:1 char:1 -+ Connect-AzureRmAccount -+ ~~~~~~~~~~~~~~~~~~~~~~ - + CategoryInfo : CloseError: (:) [Connect-AzureRmAccount], HttpRequestException - + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand -``` - -Once connected, create the Application and Service Principal -Run the following script: - -```powershell -$azurePassword = ConvertTo-SecureString "your secure password" -AsPlainText -Force - -New-AzureRmADServicePrincipal -DisplayName LetsEncrypt -Password $azurePassword -``` - -Once this has successfully run, you need to retrieve the ApplicationID: - -```powershell -Get-AzureRmADApplication | Select-Object displayname, objectid, applicationid -``` - -It returns something like the following: - -``` -DisplayName ObjectId ApplicationId ------------ -------- ------------- -LetsEncrypt 7f64adcf-xxxx-yyyy-zzzz-aabbccddeeff aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee -``` - -Make a note of the ApplicationID - -This will have created a service principal and an underlying Azure application. - -## 3 - Grant the Application rights to update DNS -- Login to portal.azure.com from a web browser -- Click on your DNS Zone -- Click on Access Control (IAM) -- Click on (+) Add -- Select: - - Role: DNS Zone Contributor - - Assign access to: Azure AD user, group or application - - Select: Type in LetsEcnrypt - - Click Save - -## 4 - Create Service Principal Secret - -From the Azure portal, click Azure Active Directory: - -- Click App Registrations -- Click Show all Applications -- Click LetsEncrypt -- Click Settings -- Click Keys -- Type a key description, choose when it will expire (or never – your choice) and click save. - -*IMPORTANT: The secret is only shown at this point. Copy it as once it’s hidden there is NO way to retrieve it* - -## 5 – Retrieve Tenant ID -There are any number of ways to get the tenant ID, but since we’re already in PowerShell: - -```powershell -Get-AzureRmTenant - -Id : xxxxxxxx-yyyy-zzzz-aaaa-bbbbbbbbbbbb -Directory : somedomain.com -``` - -## 6 – Configure Credentials in Certify SSL Manager - -You now have all the information you require to configure Azure settings in the app. - -You can add this is a new Stored Credential under Settings or while you are editing a Managed Certificate, under Authorization > DNS. - -When using the credential as part of DNS validation in the app you will be prompted for the "Zone Id", for Azure DNS this is the DNS zone name, usually in the form of "yourdomain.com"