I have created an App Registration in Azure portal that requires a Client Secret and a Certificate. I have the Client Secret portion working but I'm unsure what type of Cert I need. In order to get a Certificate I need to demonstrate control over the domain but this isn't a website.
Any help would be greatly appreciated.
From here FAQ - Let's Encrypt
Does Let’s Encrypt issue certificates for anything other than SSL/TLS for websites?
Let’s Encrypt certificates are standard Domain Validation certificates, so you can use them for any server that uses a domain name, like web servers, mail servers, FTP servers, and many more.
Email encryption and code signing require a different type of certificate that Let’s Encrypt does not issue.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
It sounds like you have the option of using a client secret OR a certificate, so you may not need one if you can't figure out how to get this working.
The certificate sounds like it can be a self-signed certificate for this use-case, and is used for signing JWTs. That's not something you can use Let's Encrypt for, and you're probably not going to get much help here. You'll probably get more help somewhere like Azure's community support forum.
Yes, as @mcpherrinm suggests it's optional whether you use the client secret method or a client certificate. With client certificates you also need to upload the current public client cert to Azure because they presumably match on cert thumbprint.
Client secrets seems easiest to me but like certificates it will expire so you need to externally track which client secrets you are using and when they expire, otherwise whatever app uses it will suddenly stop working (much like an expired certificate would).