Closed nullromo closed 3 years ago
Update: after adding a public DNS zone in Azure, I got this:
kkovacs@gitlab:~$ sudo certbot certonly --dns-azure-config ./mycredentials-private.ini -d *.xxxxxx.onmicrosoft.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Obtain certificates using a DNS TXT record (if you are using Azure for DNS).
(dns-azure)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator dns-azure, Installer None
Requesting a certificate for *.xxxxxx.onmicrosoft.com
Performing the following challenges:
dns-01 challenge for xxxxxx.onmicrosoft.com
Waiting 10 seconds for DNS changes to propagate
Waiting for verification...
Challenge failed for domain xxxxxx.onmicrosoft.com
dns-01 challenge for xxxxxx.onmicrosoft.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: xxxxxx.onmicrosoft.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.xxxxxx.onmicrosoft.com - check that a DNS
record exists for this domain
While it is in the 10 second waiting period, I can see the TXT record appear in my public Azure DNS zone. After that, I can see the TXT record get deleted. However, the dns-01
challenge fails.
As it turns out, I had to pay for a registered domain with Azure. More details here. Closing this issue now. Hopefully this will be useful to anyone else encountering the same issues.
Thanks for all this :) will improve the docs a bit with this info to make it clearer
I generated a config file like this:
and I ran
certbot
like this:but I got the error "Azure Error: ParentResourceNotFound."
Perhaps I missed a step in setting up things on the Azure side. I have a virtual network with multiple VMs on it and I can connect to them over SSH/RDP while logged in over the P2S VPN connection via Azure AD authentication.