Closed mdhowle closed 2 years ago
This PR is a stop-gap to fix this use case. Ideally, supplying the domain, subscription ID, resource group, and the DNS zone name would be a more succinct way of specifying the parameters.
For example:
domain name : subscription id : resource group : dns zone
dns_azure_zone1 = example.com:a1b2c3-d34db33f-...-f00b4r:dns1:acme.example.com
dns_azure_zone2 = example.net:a1b2c3-d34db33f-...-f00b4r:dns2 # optional zone, when omitted, example.net is used
would generate the resource IDs to write the TXT records:
/subscriptions/a1b2c3-d34db33f-...-f00b4r/resourceGroups/dns1/providers/Microsoft.Network/dnszones/acme.example.com
/subscriptions/a1b2c3-d34db33f-...-f00b4r/resourceGroups/dns2/providers/Microsoft.Network/dnszones/example.net
It would be possible to check which format a user had by counting the colons. Both implementations, if you so choose to go this route, can exist side-by-side.
Moved branches but couldn't modify this PR to use new branch. See #18
We have a subdomain, acme.example.com, in Azure DNS that handles the DNS validation. The DNS zone for example.com is hosted outside of Azure DNS. It has a CNAME that points to acme.example.com:
_acme-challenge.foo.example.com => _acme-challenge.foo.acme.example.com
that will be followed by the ACME server to validate (DNS aliasing).The current implementation of certbot-dns-azure does not take this setup into account. Registering foo.example.com with the following configuration will result in certbot-dns-azure writing to a non-existent Azure DNS zone for example.com
dns_azure_zone1 = example.com:/subscriptions/<subid>/resourceGroups/<rgname>
Also, adjusting the domain name prefix to
acme.example.com:/subscriptions/...
leads to an error in the plugin:Domain foo.example.com does not have a valid domain to resource group id mapping
. This makes sense because foo.example.com does not end with acme.example.com. Removing this check would probably fix it in my case, but could cause issues with others' configuration.With this PR, one can supply the full resource ID with the DNS zone in the configuration file as displayed in Azure DNS.![image](https://user-images.githubusercontent.com/1482847/170172682-8d7923de-0c06-47b2-b719-169ff7fa9ec8.png)
dns_azure_zone1 = example.com:/subscriptions/<subid>/resourceGroups/<rgname>/providers/Microsoft.Network/dnszones/acme.example.com
The code will then attempt to index the DNS zone from resource ID. In this instance, acme.example.com will be returned. Otherwise, if a resource ID without the dnszone is not supplied, it will return example.com as defined in the domain prefix and continue to work as before as currently documented.