autorenew certificates without manual intervention

AzureUser-9588 106 Reputation points

Is there a way in Azure to autorenew the SSL certificates used in AppGateway, API Management without any user intervention?
Say I have certificates configured across my AppGateways and APIManagement resources, every time they expire I don't want to have any kind of manual intervention to get them renewed. Is there a way to achieve this? Configure certificates and forget about its renewals? Any workarounds at least?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,230 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
665 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pramod Valavala 14,891 Reputation points Microsoft Employee

    @AzureUser-9588 The first step would be to use KeyVault to store certificates which consuming services poll for updates. Then you would need a way to update the certificates in advance to ensure the latest are picked up by the downstream services.

    KeyVault supports renewal of certificates as well for partnered CAs. For others, you could build a workflow to trigger on certificate expiry KeyVault Events and update certificates well in advance.

    If you are using Let's Encrypt for your certificates, you could use a solution like keyvault-acmebot to handle things for you.

    1 person found this answer helpful.