Skip to content

LetsEncrypt: Support for DNS alias in Azure #1639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hnrkndrssn merged 3 commits into from
Nov 28, 2025
Merged

LetsEncrypt: Support for DNS alias in Azure #1639

hnrkndrssn merged 3 commits into from
Nov 28, 2025

Conversation

@farhanalam
Copy link
Contributor

@farhanalam farhanalam commented Nov 24, 2025

Background

Reference https://poshac.me/docs/v4/Guides/Using-DNS-Challenge-Aliases/

The setup:

  • mydomain.com is highly locked down. Only account type that can be created here is of the admin types (not something I want a service account to use).
  • myotherdomain.com DNS is hosted in Azure, and allows more granular permission control for service accounts.
  • _acme-challenge.mydomain.com is an existing CNAME alias for thealias.myotherdomain.com

Results

Providing the DNS alias parameter as thealias.myotherdomain.com to POSH-Acme's New-PACertificate results in the acme challenge nonce getting written to the TXT record of thealias.myotherdomain.com and the verification of _acme-challenge.mydomain.com succeeds.

Before

--

After

image

Notice the alias for the .net domain is used but the challenge is for the .com one.

Pre-requisites

  • Id should be a GUID that is not 00000000-0000-0000-0000-000000000000
    • NOTE If you are modifying an existing step template, please make sure that you do not modify the Id property (updating the Id will break the Library sync functionality in Octopus).
  • Version should be incremented, otherwise the integration with Octopus won't update the step template correctly
  • Parameter names should not start with $
  • Step template parameter names (the ones declared in the JSON, not the script body) should be prefixed with a namespace so that they are less likely to clash with other user-defined variables in Octopus (see this issue). For example, use an abbreviated name of the step template or the category of the step template).
  • LastModifiedBy field must be present, and (optionally) updated with the correct author
  • The best practices documented here have been applied
  • If a new Category has been created:
    • An image with the name {categoryname}.png must be present under the step-templates/logos folder
    • The switch in the humanize function in gulpfile.babel.js must have a case statement corresponding to it

@github-actions
Copy link

github-actions bot commented Nov 24, 2025

Start Hyponome locally

docker pull ghcr.io/hnrkndrssn/hyponome:main
docker run --rm -p 8000:8080 -it ghcr.io/hnrkndrssn/hyponome:main

Review in Hyponome

hnrkndrssn
hnrkndrssn approved these changes Nov 28, 2025
View reviewed changes
Copy link
Contributor

@hnrkndrssn hnrkndrssn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me 👍 Thanks for your contribution!

@hnrkndrssn hnrkndrssn merged commit 4f2c2b8 into OctopusDeploy:master Nov 28, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hnrkndrssn hnrkndrssn hnrkndrssn approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@farhanalam @hnrkndrssn