Add multiple domains from the command-line #230
Comments
|
Command line implementation may be difficult due to authentication issues. For starters, what do you think about adding something like an advanced mode to the web UI that would allow you to add all the domains you need at once? The idea I was thinking of was to implement it as a Custom Provider in Azure Resource Manager, which when integrated with ARM would be available from tools like Azure CLI (although Custom Provider is in preview). |
|
A way of adding multiple domains via a textarea, one domain per line, would help a lot :) And if you create a custom provider, I could do something like: az resource invoke-action --action {actionName} \
--ids /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.CustomProviders/resourceProviders/{resourceProviderName} \
--request-body \
'{
"domainNames": [ "mydomain1.tld","mydomain2.tld","mydomain3.tld"]
}' |
|
I'm going to add an advanced mode (which can be specified in the text area) to the Web UI as soon as possible. (That will be addressed in this issue) The implementation as a Custom Provider will be available not only from Azure CLI, but also from ARM Template and Terraform, which is obviously useful. I'm worried about the roadmap for Custom Provider itself, but it's worth implementing. I will create another issue for it. |
|
@soderlind Note that in Let's Encrypt the maximum number of domains that can be specified in a SANs certificate is 100. You should also be aware of the rate limit. |
|
@shibayan Thank you very much! Updating keyvault-acmebot is just installing it on top of existing installation? |
|
@soderlind Acmebot will be updated automatically, and you will need to restart it in Azure Portal. That's all. |
|
@shibayan, bulk adding domains gives me(tried with just a few): opengovernment.teststeder.regjeringen.no points to our front door. Call stack: |
|
@soderlind I have checked and it is not resolving correctly, so it may not be registering to Azure DNS. It looks like a glitch in Acmebot, so I'll check it out. |
|
Might be my bad. Azure DNS is in another subscription. www is in a child zone, but all my testsites (NN.teststeder.regjeringen.no) are not, and they are CNAMEd to our testing front door. |
|
Do you have an Azure DNS with the same name? It is possible that the Azure DNS that exists for the subscription ID configured in Acmebot is not actually being used. |
|
Tested with Azure DNS in same subscriptions as your Key Vault Acmebot, and everything works fine. |
|
When I use bulk add, do you create one SAN certificate per bulk job (ref max domains = 100 pr SAN certs.) ? In a previous tool we did (PHP based), we grouped the domains and spread the over multiple SAN certs, with max 5 domains per cert. It made updating certs faster (ref #235) |
|
Yes, the specified domain list will be set to SANs for a single certificate. I've been looking into performance, but it seems to take a long time to verify Let's Encrypt ownership in the first place, so it seemed difficult to improve. |
|
Resolved? |
|
Yes, using azure dns in same subscription is ok by me. |
|
@shibayan Tried to use Orchestrator function 'IssueCertificate' failed: The activity function 'FinalizeOrder' failed: "Value cannot be null. (Parameter 'value')". See the function execution logs for additional details.
|
|
@shibayan Saw that I can add multiple domains using |
|
Check the Web UI as it may not be able to keep up with API specification changes. |
Is your feature request related to a problem? Please describe.
I need to add multiple domains (50+)
Describe the solution you'd like
I would like to add the domains using
az cli, eg:az keyvault-acmebot --resource-group $RG --domain-name mydomain.tld ..etcDescribe alternatives you've considered
Add one by one using the web UI.
The text was updated successfully, but these errors were encountered: