1- # ##
2- #
3- # Issue new SSL certificate from Let's Encrypt
4- #
5- # This script will do following steps:
6- #
7- # 1. Read values from previous Infrastructure Deployment run (Terraform & Bot Deployment)
8- # 2. Terraform execution to spin up container who issues SSL cert and stores in KeyVault
9- # 3. Check if certificate was created
10- # 3. Terraform destroy to clean up resources only need for SSL issuing
11- #
12- # After the script is successfully executed the certificate should be stored in KeyVault
13- #
14- # ##
15- # Parameters
1+ <#
2+ . SYNOPSIS
3+ Issue new SSL certificate from Let's Encrypt
4+
5+ . DESCRIPTION
6+ Issue new SSL certificate from Let's Encrypt
7+
8+ This script will do following steps:
9+
10+ 1. Read values from previous Infrastructure Deployment run (Terraform & Bot Deployment)
11+ 2. If custom domain is set, check if it points to TrafficManager DNS entry
12+ 3. Terraform execution to spin up container who issues SSL cert and stores in KeyVault
13+ 4. Check if certificate was created
14+ 5. Terraform destroy to clean up resources only need for SSL issuing
15+
16+ After the script is successfully executed the certificate should be stored in KeyVault
17+
18+ . EXAMPLE
19+ .\CreateSSL.ps1 -YOUR_CERTIFICATE_EMAIL my@mymail.com -YOUR_DOMAIN bot.mydomain.com -LETS_ENCRYPT_STAGING $False -AUTOAPPROVE $True
20+
21+ . INPUTS
22+ None. You cannot pipe objects.
23+
24+ . OUTPUTS
25+ System.Boolean. Returns $True if executed successfully
26+
27+ #>
1628param (
29+ # Mail to be associated with Let's Encrypt certificate
1730 [Parameter (Mandatory = $true , HelpMessage = " Mail to be associated with Let's Encrypt certificate"
1831 [ValidatePattern (" (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"" (?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*"" )@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])"
1932 [string ] $YOUR_CERTIFICATE_EMAIL ,
2033
34+ # The domain (CN) name for the SSL certificate
2135 [Parameter (HelpMessage = " The domain (CN) name for the SSL certificate"
2236 [string ] $YOUR_DOMAIN ,
2337
38+
39+ # $True -> Use Let's Encrypt staging for script testing (Bot cannot be reached from Bot Framework Service) - Default: $False
2440 [Parameter (HelpMessage = " `$ True -> Use Let's Encrypt staging for script testing (Bot cannot be reached from Bot Framework Service) - Default: `$ False"
2541 [string ] $LETS_ENCRYPT_STAGING = $False ,
2642
43+ # Terraform Automation Flag. $False -> Interactive, Approval $True -> Automatic Approval
2744 [Parameter (HelpMessage = " Terraform Automation Flag. `$ False -> Interactive, Approval `$ True -> Automatic Approval"
2845 [bool ] $AUTOAPPROVE = $False ,
2946
30- [Parameter (HelpMessage = " KeyVault certificate name"
47+ # KeyVault certificate key name
48+ [Parameter (HelpMessage = " KeyVault certificate key name"
3149 [string ] $KEYVAULT_CERT_NAME = " SSLcert" ,
3250
51+ # Maximum wait time for DNS resolve and certificate generation in minutes. Default 15 min
3352 [Parameter (HelpMessage = " Maximum wait time for DNS resolve and certificate generation in minutes. Default 15 min"
3453 [int ] $MAX_WAIT_TIME_MIN = 15
3554)
@@ -57,8 +76,8 @@ $success = $success -and $?
5776$TrafficManager = terraform output - state= " $ ( Get-ScriptPath ) /$iaCFolder /terraform.tfstate" - json trafficManager | ConvertFrom-Json
5877$success = $success -and $?
5978
60- # 2. Apply Terraform for SSLIssuing
61- Write-Host " ## 2. Apply Terraform for SSLIssuing "
79+ # 2. If custom domain is set, check if it points to TrafficManager DNS entry
80+ Write-Host " ## 2. If custom domain is set, check if it points to TrafficManager DNS entry "
6281
6382if ($YOUR_DOMAIN -eq " "
6483{
@@ -73,22 +92,27 @@ elseif ($YOUR_DOMAIN -ne $TrafficManager.fqdn) {
7392 # If a custom domain is set check if CNAME to TrafficManager FQDN is set
7493 # Not working in PowerShellCore: $resolved = Resolve-DnsName -Name $YOUR_DOMAIN -DnsOnly 2> $null
7594 # Changing to nslookup
76- $resolved = nslookup $FQDN 2> $null
95+ $resolved = nslookup $YOUR_DOMAIN 2> $null
7796 while (((($resolved | Select-String $TrafficManager.fqdn ).Length -eq 0 )) -and ($loopcount -le $loopmax ))
7897 {
7998 $loopcount ++
8099 Write-Host " ### WARNING, there is no CNAME entry for domain '$YOUR_DOMAIN ' pointing to '$ ( $TrafficManager.fqdn ) '."
81100 Write-Host " ### Please check your DNS entry, or create the missing CNAME entry. Sleeping for $waitretrysec seconds and try again..."
82101 Start-Sleep - s $waitretrysec
83- # $resolved = Resolve-DnsName -Name $YOUR_DOMAIN -DnsOnly 2> $null
84- $resolved = nslookup $FQDN 2> $null
102+
103+ # Not working in PowerShellCore: $resolved = Resolve-DnsName -Name $YOUR_DOMAIN -DnsOnly 2> $null
104+ # Changing to nslookup
105+ $resolved = nslookup $YOUR_DOMAIN 2> $null
85106 }
86107
87108 # delete dummy endpoint again
88109 az network traffic- manager endpoint delete -- name dummy -- type externalEndpoints -- profile- name $TrafficManager.name -- resource- group $TrafficManager.resource_group > $null
89110 # TrafficManager healthcheck profile will be changed back in SSLActivate Terraform (ActivateSSL.ps1)
90111}
91112
113+ # 3. Apply Terraform for SSLIssuing
114+ Write-Host " ## 3. Apply Terraform for SSLIssuing"
115+
92116# Terraform Init
93117terraform init " $ ( Get-ScriptPath ) /$terraformFolder "
94118# Terraform Apply
@@ -100,8 +124,8 @@ terraform apply -var "keyVault_name=$($KeyVault.name)" -var "keyVault_rg=$($KeyV
100124- var " production=$PRODUCTION " - state= " $ ( Get-ScriptPath ) /$terraformFolder /terraform.tfstate" $ (Get-TerraformAutoApproveFlag $AUTOAPPROVE ) " $ ( Get-ScriptPathTerraformApply ) /$terraformFolder "
101125$success = $success -and $?
102126
103- # 3 . Check for creation of certificate
104- Write-Host " ## 3 . Check for availability of certificate"
127+ # 4 . Check for creation of certificate
128+ Write-Host " ## 4 . Check for availability of certificate"
105129$loopcount = 0
106130az keyvault certificate show -- vault- name $KeyVault.name -- name $KEYVAULT_CERT_NAME > $null 2> $1
107131while ($? -eq $False -and ($loopcount -le $loopmax ))
@@ -114,8 +138,8 @@ while ($? -eq $False -and ($loopcount -le $loopmax))
114138$success = $success -and $?
115139Write-Host " ## Certificate found!"
116140
117- # 4 . Destroy Terraform SSLIssuing
118- Write-Host " ## 4 . Destroy unneccessary infrastructure again"
141+ # 5 . Destroy Terraform SSLIssuing
142+ Write-Host " ## 5 . Destroy unneccessary infrastructure again"
119143
120144# Terraform Init (should not be needed)
121145terraform init " $ ( Get-ScriptPath ) /$terraformFolder "
0 commit comments