{"id":1943,"date":"2022-05-07T12:23:19","date_gmt":"2022-05-07T11:23:19","guid":{"rendered":"https:\/\/www.codingfriends.com\/?p=1943"},"modified":"2022-05-07T12:23:21","modified_gmt":"2022-05-07T11:23:21","slug":"use-azure-application-gateway-with-the-certbot-wild-card-certificate-stored-within-the-azure-key-vault","status":"publish","type":"post","link":"https:\/\/www.codingfriends.com\/index.php\/2022\/05\/07\/use-azure-application-gateway-with-the-certbot-wild-card-certificate-stored-within-the-azure-key-vault\/","title":{"rendered":"Use Azure Application Gateway with the certbot wild card certificate stored within the Azure Key Vault"},"content":{"rendered":"\n<p>A follow on from the <a rel=\"noreferrer noopener\" href=\"https:\/\/www.codingfriends.com\/index.php\/2022\/05\/06\/azure-wildcard-certbot-certificate-with-azure-dns-txt-updates\/\" target=\"_blank\">Azure wildcard certbot certificate with Azure DNS TXT updates<\/a>, this part is to store the wild card SSL certificate that certbot created and place into <a rel=\"noreferrer noopener\" href=\"https:\/\/azure.microsoft.com\/en-gb\/services\/key-vault\/#product-overview\" target=\"_blank\">azure key vault<\/a>.<\/p>\n\n\n\n<p>So in essence the process is to<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Check for new certificates via the certbot renewal process<\/li><li>If there is a new certificate create a <a rel=\"noreferrer noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/PKCS_12\" target=\"_blank\">PFX<\/a><\/li><li>Upload this PFX file into the key store<\/li><\/ol>\n\n\n\n<p>So, to start with lets obtain a new certificate (if there is one!!) , please change your domain name to the domain name that you using, the preferred challenge should be to whatever you have setup to be the default process for this certificate, I am using the azure DNS zone so using the azure <a rel=\"noreferrer noopener\" href=\"https:\/\/certbot-dns-azure.readthedocs.io\/en\/latest\/\" target=\"_blank\">certbot-azure-dns<\/a> certbot plugin<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>certbot\u00a0certonly &#8211;manual -d &#8216;*.&lt;domain name>&#8217; &#8211;preferred-challenges=dns<\/p><\/blockquote>\n\n\n\n<p>The next part is the most important part!, it is creating the PFX file from the new ticket! Please note you have to pass in the whole key chain e.g the chain \/ fullchain files. (change the domain name again to what you are using)<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>openssl pkcs12 -export -out &lt;domain name>.pfx -inkey \/etc\/letsencrypt\/live\/&lt;domain name>\/privkey.pem -in \/etc\/letsencrypt\/live\/&lt;domain name>\/cert.pem\u00a0\u00a0-in \/etc\/letsencrypt\/live\/&lt;domain name>\/cert.pem -in \/etc\/letsencrypt\/live\/&lt;domain name>\/chain.pem -in \/etc\/letsencrypt\/live\/&lt;domain name>\/fullchain.pem<br><\/p><\/blockquote>\n\n\n\n<p>And then the last part is to just upload that certificate into the azure key vault (you have to have enabled the managed identity for key vault of the service you are using)<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>az keyvault certificate import &#8211;vault-name &#8220;&lt;key vault name>&#8221; -n &#8220;&lt;certificate common name in the file store e.g my domin>&#8221; -f &lt;domain name>.pfx<\/p><\/blockquote>\n\n\n\n<p>AND THAT IS IT \ud83d\ude42  &#8212; if you need any more advice on certain areas please say!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A follow on from the Azure wildcard certbot certificate with Azure DNS TXT updates, this part is to store the wild card SSL certificate that certbot created and place into azure key vault. So in essence the process is to Check for new certificates via the certbot renewal process If there is a new certificate &hellip; <a href=\"https:\/\/www.codingfriends.com\/index.php\/2022\/05\/07\/use-azure-application-gateway-with-the-certbot-wild-card-certificate-stored-within-the-azure-key-vault\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Use Azure Application Gateway with the certbot wild card certificate stored within the Azure Key Vault<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[418,422,423],"tags":[],"class_list":["post-1943","post","type-post","status-publish","format-standard","hentry","category-azure","category-certbot","category-devops"],"_links":{"self":[{"href":"https:\/\/www.codingfriends.com\/index.php\/wp-json\/wp\/v2\/posts\/1943","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codingfriends.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codingfriends.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codingfriends.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codingfriends.com\/index.php\/wp-json\/wp\/v2\/comments?post=1943"}],"version-history":[{"count":4,"href":"https:\/\/www.codingfriends.com\/index.php\/wp-json\/wp\/v2\/posts\/1943\/revisions"}],"predecessor-version":[{"id":1954,"href":"https:\/\/www.codingfriends.com\/index.php\/wp-json\/wp\/v2\/posts\/1943\/revisions\/1954"}],"wp:attachment":[{"href":"https:\/\/www.codingfriends.com\/index.php\/wp-json\/wp\/v2\/media?parent=1943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codingfriends.com\/index.php\/wp-json\/wp\/v2\/categories?post=1943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codingfriends.com\/index.php\/wp-json\/wp\/v2\/tags?post=1943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}