Clarification requested if this is the right solution for me

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
Navet365.com
I ran this command:
No command
It produced this output:
No output
My web server is (include version):
Not running any web server i have a Azure environment wich uses a App Service certificate
The operating system my web server runs on is (include version):
Windows server 2019 on my VMs
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
i dont know
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Only using azure
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): No one.

Hi everybody,

I apologize in advance behalf of my beginner aproach here but im trying every source of help i can get, since im a fresh new Azure administrator at a company and have been dealed a project to automate our certificate process , to make it scheduled and automated.

Just a brief description, we have a certificate in azure as stated above CN = navet365.com , and its valid for a year. We then use this certificate on our Windows server 2019 VM machines with Business Central to secure web services etc.

I’ve searched the web for a while and i end up at Lets Encrypt for most of the time, but i’m not sure if this is the way to go for us.

1. We do not want a self signed certificate we want to use the existing one .
2. We want automatical renewal of the existing certificate in the future.
3. We want automation process of implementing the certificate on new Microsoft business central installations.
4. If its possible to move forward with existing certificate, ( not a self signed certificate ) is there anyway of getting rid of all the job of manually configuring the vms that already has the certificate assigned? since we want to automate the deployment process aswell. Any help or direction is appreciated.

I looked at go daddys site, and it said with Lets encrypt the certificate process needs to be updates each 90 days, not really sure what it means aswell.,

Thanks again, and take care everyone.

Regards Danel

Probably your best solution: Posh-ACME
Tag: @rmbolger

Thanks for the quick response, i will look into it asap. Unfortunatley the company we use is not listed in the DNS providers , and it has a renewal process of 90 days aswell here and i dont think thats an option in my case. But thanks for the direction, it will surely make my progress towards a working solution quicker.

All LE certs are good for only 90 days.
If you want something longer, you will have to look elsewhere.
[but LE does have the largest issued base and is trusted by all browser, will pass PCI compliance, etc.]
[If renewals are automated, the cert life is no longer relevant.]

DNS authentication is only one method; There are other ways to authenticate (Like: HTTP).

Thanks again, but does the LE certs share the same functionality as a lets say wildcard bought certificate at godaddy,digicert etc? and i can still cert a custom dns wildcard CN domain? like *.domain.com , although my certificates purpose is not for a website, its for a Microsoft NAV/BC environment with Web services and client softwares but i guess it works aswell if it shares the same properties as a go daddy/digicert purchase.

I understand that the 90 days renewal process does not matter since the automation.

Absolutely.

Yes.

"All certs are created equal."

Hi @navdan

additional: Start with some basics:

Then read something about challenge types:

If you want to use Letsencrypt, there are a lot of clients:

Hi ,

Thanks for the directions, i will read up on them.

Out of curiosity, who is your DNS provider?

Also, aren't native Azure App Service certificates free now?