Comments (11)
Thanks, but I have the same issue as @leonardochaia as I have my templates use dns names, and i replace the dots with dashes to find the certificate name, if i will use another certificate name then i will have to change the templates, and do that like @leonardochaia each time i need to add a name to an existing certificate... it would be great if i could replace a certificate in full, with new names
from keyvault-acmebot.
This is an operation not supported by the Acmebot dashboard, but since Acmebot uses the Key Vault Issuance Policy as is, SANs can be added or deleted by modifying the Issuance Policy from Azure Portal.
- Docs: https://learn.microsoft.com/en-us/azure/key-vault/certificates/about-certificates#certificate-policy
from keyvault-acmebot.
After modifying the Issuance Policy and running Renew, a new certificate should be issued with the SANs added. If you have deleted a file, it will be restored as long as soft delete is enabled and you have not purged it.
Hi @shibayan , thank you for your replies. I propose this gets added to the wiki FAQ. Perhaps this issue can then become a feature request to eventually be able to edit the already issues certificates through the UI.
Thank you.
Leo.
from keyvault-acmebot.
Since we did not think there were that many use cases for adding SANs later, we will consider updating certificates in the next major version.
Added to FAQ https://github.com/shibayan/keyvault-acmebot/wiki/Frequently-Asked-Questions#adding-sans-to-an-existing-certificate
from keyvault-acmebot.
Adding a link to the Key Vault certificate is a good idea. I would like to incorporate that. Thanks!
from keyvault-acmebot.
Adding a new domain name to an already existing certificate results in an error. This is because Acmebot creates a certificate resource for Key Vault with the first domain name. Please try this by explicitly entering the name of the certificate from the advanced options when issuing the certificate.
from keyvault-acmebot.
Hi @shibayan , I've just faced this issue.
First off, thanks for this project, I've been using it in production for a good couple of years now without any real issues.
I need to add one more SAN to a cert, so I:
- deleted the Certificate from key vault.
- Tried to generate a new one using the UI, got error
Order includes different number of names than CSR specifies
- Removed the pending certificate as instructed here
- Tried to generate a new one using the UI, got error
Pending certificate not found
Reading this issue, I ended up using the advanced options to change the Certificate resource name.
However, is there a way to keep the original name?
Reason I'm asking is my kubernetes deployment is referencing the Key Vault Certificate by name, so now I need to change my deployment. No biggie, but I do need to do this a couple of times and was wondering if there's a way to keep the certificate name
from keyvault-acmebot.
How should that work? i add a dns name there, but then how is it REALLY added? by doing a renew?
from keyvault-acmebot.
and how to fix if the certificate is already deleted, and there is a broken system?
from keyvault-acmebot.
After modifying the Issuance Policy and running Renew, a new certificate should be issued with the SANs added. If you have deleted a file, it will be restored as long as soft delete is enabled and you have not purged it.
from keyvault-acmebot.
Thank you @shibayan for your time and answers. I think it is acceptable as is, since like you said, use cases for this are slim, and now there's a documented workaround, however, being able to do it from the UI, or perhaps adding a link from the UI to the Azure Portal Key Vault Certificate would be helpful!
I think this can be closed.
Regards,
Leo
from keyvault-acmebot.
Related Issues (20)
- keyUsage nonRepudiation HOT 1
- GetAllCertificates failed 'startIndex' out of range. HOT 1
- RBAC for DNS Zones
- certificate validity HOT 2
- terraform validate produces Errors: Unsupported block HOT 3
- feat: possibility of having multiple keyvault?
- Set Function App Identity Provider as Entra ID in Terraform code HOT 1
- Receives error message from BuyPass Acme API: Required header 'Accept' is not present. HOT 3
- Utilize Managed Identity and remove any access keys from environment variables. HOT 1
- Missing user-agent header in Acme Requests? (BuyPass Acme API) HOT 2
- Add support for automization via CLI HOT 3
- Extra Webhook details
- Authorizations from ACME servers with status=valid results in an error HOT 1
- Current limitations in Entrust section in EAB Wiki page should be removed HOT 3
- Excessive Storage Account Usage HOT 3
- Entrust CA is listed in supported CA list but does not appear in list of ACME endpoints in the deployment template
- Renewal fails if a domain has CAA records, even if they are valid and were working 2 months ago HOT 1
- 502 Server Error - Acmebot not working anymore
- Issue After Switching to V4 .Dot and New Install Repo (Details Below)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keyvault-acmebot.