This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
param(
[string]$LESERVER = 'LE_STAGE',
[string]$DomainName = 'www.abc.tk',
[string]$contact = 'mail_id',
[string]$webappname = 'Apgw',
[string]$resourcegroupname = 'test',
[string]$oldcert = 'test',
[string]$newcert = 'test1'
)
$conn = Get-AutomationConnection -Name AzureRunAsConnection;
$azParams = @{
AZSubscriptionId='sub_id'
AZTenantId='TenantId'
AZAppUsername='AppUsername'
AZCertThumbprint='Thumbprint'
}
# Requesting the Certificate
Set-PAServer $LESERVER
New-PACertificate $DomainName -AcceptTOS -Contact $contact -DnsPlugin Azure -PluginArgs $azParams -Verbose -force -ErrorAction Stop
# Request the Certificate
Set-PAServer $LESERVER
$new_ssl_cert = New-PACertificate $DomainName -AcceptTOS -Contact $contact -DnsPlugin Azure -PluginArgs $azParams -Verbose -force -ErrorAction Stop
# Decoding the Certificate Password
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($new_ssl_cert.PfxPass)
$PfxPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
# Connecting the Azure using the creds of the Managed Identity
Connect-AzAccount -ServicePrincipal -SubscriptionId 'SubscriptionId' -Tenant 'Tenant' -ApplicationId 'ApplicationId' -CertificateThumbprint 'Thumbprint' | Out-Null
# The subscription hosting the DNS Zone of example.de
$subs = 'Microsoft Partner Network'
# Setting the subscription
Select-AzSubscription -Subscription $subs | Out-Null
$appgw = Get-AzApplicationGateway `
-ResourceGroupName $resourcegroupname `
-Name $webappname
set-AzApplicationGatewaySSLCertificate -Name test -ApplicationGateway $appgw -CertificateFile $new_ssl_cert.PfxFile -Password $PfxPassword
Set-AzApplicationGateway -ApplicationGateway $appgw
Get-AzApplicationGateway -Name "Apgw" -ResourceGroupName "test"
===============================================================
I am using above script for automate the SSL renewal for application gateway and using this script acme _challenge also validate and updated on DNS zone after validation all certificate also created but application gateway is not update SSL cert (letsencrypt).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 62%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Hi @ AnkushBahale-5119
Welcome to Microsoft Q & A community Forum!
Are you using Azure App service cert or a third party cert?
Did you get any specific error message?
Hi @ maabdelr-MSFT
I am using Letsencrypt generate certificate for application gateway and getting this -Password $PfxPassword string error
Thanks for reply!
Thanks for your response.
I used this both documents but both are not worked for me .
https://intelequia.com/blog/post/1012/automating-azure-application-gateway-ssl-certificate-renewals-with-let-s-encrypt-and-azure-automation and https://www.linkedin.com/pulse/auto-create-lets-encrypt-ssl-certificate-your-naked-domain-ghaleb
Hi @ AnkushBahale-5119
Let me consult additional resources in my team and will get back to you.
Thanks for your patience and understanding!
Hi @Marwa Abouawad , did you get any response ?