I know, it's a catch 22. I'm adding the certificate using code so how can I get its secret name and id.
The reason why I'm doing this is that I'm onboarding 50+ custom domains, and doing that via the portal will take too much time.
My script so far is below, it's paperware at the moment, i.e. not tested:
In 3b (in the comments) I need to find secret name ( $NN
) and secret id ( $XX
) so I can use them in 3c
# zone file = domain name.
for zone in "$zone_dir"/*
do
# 1 Update DNS, point apex and www to the front door
printf "\nUpdating $zone\n"
front_door_id=$(az network front-door show --resource-group $RG --name $AFD --query id -o tsv)
az network dns record-set a update --resource-group $RG --name "@" --zone-name $zone --target-resource $front_door_id
az network dns record-set cname set-record --resource-group $RG --record-set-name "www" --zone-name $zone --cname $afd_host
# 2 Create certificate:
# https://github.com/shibayan/keyvault-acmebot/issues/232
# 3 Add custom domain to Front Door and connect the certificate to the domain (i.e. enable HTTPS)
# 3a is the domain pointing to the front door ?
has_domain=$(az network front-door check-custom-domain --resource-group $RG --name $AFD --host-name $zone --query customDomainValidated)
has_cname=$(az network front-door check-custom-domain --resource-group $RG --name $AFD --host-name "www.${zone}" --query customDomainValidated)
# 3b TODO: Find keyvault id, secret-name,secret id etc
$kv_id=$(az keyvault list --resource-group $RG | jq -r '[.[].id]|join("")')
az keyvault certificate list --vault-name $KV
az keyvault certificate show --id $kv_id
az keyvault certificate get-default-policy
# 3c Enable HTTPS and attach the certificate to the domain.
if [[ "true" == $has_domain ]]
az network front-door frontend-endpoint create --resource-group $RG --front-door-name $AFD --name $zone --host-name $zone
az network front-door frontend-endpoint enable-https --resource-group $RG --front-door-name $AFD --name $zone --vault-id $kv_id -- --certificate-source AzureKeyVault --secret-name $NN --secret-version $XX
fi
if [[ "true" == $has_cname ]]
az network front-door frontend-endpoint create --resource-group $RG --front-door-name $AFD --name "www.${zone}" --host-name "www.${zone}"
az network front-door frontend-endpoint enable-https --resource-group $RG --front-door-name $AFD --name "www.${zone}" --vault-id $kv_id -- --certificate-source AzureKeyVault --secret-name $NN --secret-version $XX
fi
done
ALL_FRONTENDS=$(az network front-door frontend-endpoint list --resource-group $RG --front-door-name $AFD | jq -r '[.[].name]|join(" ")' )
for RULE in $ROUTINGRULES; do
echo "Adding ALL endpoints/domains to $RULE"
az network front-door routing-rule update --resource-group $RG --front-door-name $AFD --name $RULE --frontend-endpoints $ALL_FRONTENDS
done