This application automates the issuance and renewal of ACME SSL/TLS certificates. The certificates are stored inside Azure Key Vault. Many Azure services such as Azure App Service, Application Gateway, CDN, etc. are able to import certificates directly from Key Vault.
- Documentation: Key Vault Acmebot wiki
- Community: GitHub Discussions
We have started to address the following requirements:
- Use the Azure Key Vault to store SSL/TLS certificates securely
- Centralize management of a large number of certificates using a single Key Vault
- Easy to deploy and configure solution
- Highly reliable implementation
- Ease of Monitoring (Application Insights, Webhook)
Key Vault Acmebot allows for secure and centralized management of ACME certificates.
- All Azure App Services (Web Apps / Functions / Containers, regardless of OS)
- Azure CDN and Front Door
- Azure Application Gateway v2
- Issuing certificates for Wildcard and Zone Apex
- Issuing certificates with SANs (subject alternative names) (one certificate for multiple domains)
- Automated certificate renewal
- ACME v2 compliants Certification Authorities
- Let's Encrypt
- Buypass Go SSL
- ZeroSSL (Requires EAB Credentials)
You will need the following:
- Azure Subscription (required to deploy this solution)
- Azure Key Vault (existing one or new Key Vault can be created at deployment time)
- DNS provider (required to host your public DNS zone)
- Email address (required to register with ACME)
| Azure (Public) | Azure China | Azure Government |
|---|---|---|
Learn more at https://github.com/shibayan/keyvault-acmebot/wiki/Getting-Started
Thank you for supporting our development. Are you interested in special support? Become a Sponsor
- ACMESharp Core by @ebekker
- Durable Functions by @cgillum and contributors
- DnsClient.NET by @MichaCo
This project is licensed under the Apache License 2.0