Skip to content

Getting Started

Jump to bottom
Tatsuro Shibamura edited this page Jan 5, 2023 · 1 revision

1. Deploy Acmebot

Azure (Public) Azure China Azure Government

2. Add application settings

Update the following configuration settings of the Function App:

  • Acmebot:Webhook
    • Webhook destination URL (optional, Slack and Microsoft Teams are recommended)

There are also additional settings that will be automatically created by App Service Acmebot:

  • Acmebot:Endpoint
    • The ACME endpoint used to issue certificates
  • Acmebot:Contacts
    • The email address (required) used in ACME account registration

3. Enable App Service Authentication

You must enable Authentication on the Function App that is deployed as part of this application.

In the Azure Portal, open the Function blade then select the Authentication menu and enable App Service authentication. Click on the Add identity provider button to display the screen for adding a new identity provider. If you select Microsoft as your Identity provider, the required settings will be automatically filled in for you. The default settings are fine.

Add an Identity provider

Make sure that the App Service Authentication setting is set to Require authentication. The permissions can basically be left at the default settings.

App Service Authentication settings

If you are using Sovereign Cloud, you may not be able to select Express. Enable authentication from the advanced settings with reference to the following document.

https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad#-configure-with-advanced-settings

Finally, you can save your previous settings to enable App Service authentication.

4. Add access control (IAM) to the target resource group

Open the Access control (IAM) of the target resource group and assign the roles Website Contributor and Web Plan Contributor to the deployed application.

Assign a role

IAM settings

Remarks

If the App Service Plan associated with the App Service exists in a separate resource group, you should assign a Website Contributor to the resource group where the App Service exists, and a Web Plan Contributor to the resource group where the App Service Plan exists.

5. Access to function app

Access https://YOUR-FUNCTIONS.azurewebsites.net/add-certificate with a browser and authenticate with Azure Active Directory and the Web UI will be displayed. Select the target App Service and domain from that screen and run it, and after a few tens of seconds, the certificate will be issued.

Add certificate

If the Access control (IAM) setting is not correct, nothing will be shown in the drop-down list.

Clone this wiki locally