Create the record in Azure DNS.
This plugin is offered as a separate download, which can be downloaded from the
releases page on GitHub has to be unpacked into
the main program folder to able to use. Note that after unpacking you will have to
unblock them for the .NET CRL to trust them. You can do that from the Windows File
Explorer by using the right mouse button and then checking the
Unblock box on
the General tab.
This plugin requires to you use the
pluggable version of the main executable.
This assumes you already have your DNS managed in Azure; if not, you’ll need to set that up first. If you are using the Azure DNS option for validation, you’ll need to get certain info from your Azure Tenant, and create a service principal for win-acme to use (you’ll only need to create on of these - it’s basically an account that has authority to create DNS records). There are two ways to authenticate with Azure:
You then need to give this Service Principal access to change DNS entries. In the Azure Portal:
Access Control (IAM)
DNS Zone Contributor
Azure AD user, group, or application
During setup of the validation the program will ask several questions. Here is to answer them with information from the Azure Portal.
DNS Subscription ID: DNS Zones >
DNS Resource Group Name: DNS zones >
Only when authenticating Service Principal Account:
Directory/tenant id: Azure Active Directory > Properties >
Application client id: Azure Active Directory > App registrations > [Service Principal] >
Application client secret: The password that was generated when you created the Service Principal Account.
--validationmode dns-01 --validation azure --azuretenantid x --azureclientid x --azuresecret *** --azuresubscriptionid x --azureresourcegroupname x
--validationmode dns-01 --validation azure --azureusemsi --azuresubscriptionid x --azureresourcegroupname x