Hi @Marwa Abouawad , did you get any response ?
How to automate renewal of ssl certificate for application gateway azure with automation account ?
Ankush Bahale
1
Reputation point
Powershell
param(
[string]$LESERVER = 'LE_STAGE',
[string]$DomainName = 'www.abc.tk',
[string]$contact = 'mail_id',
[string]$webappname = 'Apgw',
[string]$resourcegroupname = 'test',
[string]$oldcert = 'test',
[string]$newcert = 'test1'
)
$conn = Get-AutomationConnection -Name AzureRunAsConnection;
$azParams = @{
AZSubscriptionId='sub_id'
AZTenantId='TenantId'
AZAppUsername='AppUsername'
AZCertThumbprint='Thumbprint'
}
# Requesting the Certificate
Set-PAServer $LESERVER
New-PACertificate $DomainName -AcceptTOS -Contact $contact -DnsPlugin Azure -PluginArgs $azParams -Verbose -force -ErrorAction Stop
# Request the Certificate
Set-PAServer $LESERVER
$new_ssl_cert = New-PACertificate $DomainName -AcceptTOS -Contact $contact -DnsPlugin Azure -PluginArgs $azParams -Verbose -force -ErrorAction Stop
# Decoding the Certificate Password
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($new_ssl_cert.PfxPass)
$PfxPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
# Connecting the Azure using the creds of the Managed Identity
Connect-AzAccount -ServicePrincipal -SubscriptionId 'SubscriptionId' -Tenant 'Tenant' -ApplicationId 'ApplicationId' -CertificateThumbprint 'Thumbprint' | Out-Null
# The subscription hosting the DNS Zone of example.de
$subs = 'Microsoft Partner Network'
# Setting the subscription
Select-AzSubscription -Subscription $subs | Out-Null
$appgw = Get-AzApplicationGateway `
-ResourceGroupName $resourcegroupname `
-Name $webappname
set-AzApplicationGatewaySSLCertificate -Name test -ApplicationGateway $appgw -CertificateFile $new_ssl_cert.PfxFile -Password $PfxPassword
Set-AzApplicationGateway -ApplicationGateway $appgw
Get-AzApplicationGateway -Name "Apgw" -ResourceGroupName "test"
===============================================================
I am using above script for automate the SSL renewal for application gateway and using this script acme _challenge also validate and updated on DNS zone after validation all certificate also created but application gateway is not update SSL cert (letsencrypt).