Skip To Main Content
Trustzone Logo

Certificates

    Solutions

      Join our Newsletter

      Contact Us

      DNS Validation with Azure DNS

      This guide describes how a domain can be set up for DNS validation with an ACME client

      The example in this guide uses Azure DNS as this provider is supported by our preferred ACME client simple-acme.

      The pre-requisite for this guide is a domain name added as DNS zone in Azure. This requires an active Azure subscription and the domain having NS records pointed to Azure nameservers. For more information about Azure DNS please see this Microsofts documentation on this link: What is Azure Public DNS? | Microsoft Learn

      Setting up App Registration

      Simple -acme (or any other ACME client) will need credentials in Azure to manage DNS validation. For this purpose the guide will utilize an Azure app registration to provide these credentials in a secure manner.

      1. To create the app registration log into the Azure Portal and select Microsoft Entra ID

      2. Click on “App registrations”

      3. Then click on “New registration”

      4. Register a new application with a name that identifies the credential. In this this case the credentials is used for our simple-acme client. Note: Redirect URI does not need to be filled.

      5. Save the “Application (client) ID”. This value will be needed when setting up the ACME client.

      6. Save the “Directory (tenant) ID”. This value will also be needed when setting up the ACME client.

      7. Click “Certificates & secrets”

      8. Click on “New client secret”

      9. Add your client secret with a expiration date that fits your organization.

      10. Copy and save the client secret to a secure location.

      Note that you will not be able to retrieve this value when you leave the site and you will then have to create a new one.

      11. The app registration should now be complete and you should have the following values saved in a secure location:

      • Application (client) ID)
      • Directory (tenant) ID
      • Client Secret value

      Setting Permissions on the DNS zone

      12. The next step is giving permission to our created app to be allowed to manage your Azure DNS domain

      13. Go to DNS Zones in your Azure Portal and click on the domain you want to use for ACME validation

      14. Click “Access control (IAM)”

      15. Search for the “DNS Zone Contributor” role

      16. Click on “Select members”

      17. Find your newly registered app and assign it the role

      18. You app should now have the correct permissions and can now be used for DNS validation

      Jon Tittmann

      Vetting/Support Team Lead & OpEx

      Jon has been an integral part of TRUSTZONE for the past six years, during which he has acquired substantial expertise in the cyber security field. As the team leader for our support team, he possesses a profound understanding of the sector, enabling him to resolve even the most complex challenges within the certificate industry effectively.

      Let’s connect

      Submit Your Technical Queries Here for Expert Assistance!

      We will contact you as soon as possible.

      Please enter your details below.