Skip to content
Acmebot v5 — Production Ready

Automated TLS certificates
for Microsoft Azure

Acmebot issues and renews free certificates from Let's Encrypt and other ACME CAs — DNS-01 validation, wildcard support, ARI-aware renewal scheduling, and Azure Key Vault private key storage.

5+Verified ACME CAs
15+DNS provider integrations
9+Azure service integrations

Why teams choose Acmebot

Reduce expiry risk, retire one-off renewal scripts, and keep certificate work inside Azure-native security and monitoring.

Keep private keys in Key Vault

Key Vault generates or reuses the private key, and Acmebot merges the ACME-issued chain back into the same certificate.

Operate certificate fleets

Each managed certificate keeps its own renewal state, next check time, CA-guided timing when available, and fallback behavior.

Replace one-off scripts

Use the dashboard for daily work, the HTTP API for integrations, and the CLI for repeatable automation.

Issue apex, wildcard, and SAN names

Cover zone apex, wildcard, and multi-SAN certificates across multiple DNS zones and providers from one deployment.

Route results to your team

Send operation results to Slack, Microsoft Teams, Logic Apps, Power Automate, or your own webhook endpoint.

Use the CA your policy requires

Start with Let's Encrypt, or use GlobalSign, Google Trust Services, SSL.com, ZeroSSL, or a custom ACME v2 endpoint.

Designed for production rollout

v5 focuses on making adoption safer for existing deployments and easier to operate after the first certificate is issued.

Preserve what already works

Migrate from v4 while keeping existing Key Vault certificates, DNS provider settings, managed identity, and monitoring resources.

Use one operation model

Issue, renew, revoke, and track operations through the same model whether you use the dashboard, HTTP API, CLI, or scheduled renewal.

Keep access and visibility clear

Protect the dashboard with authentication and app roles, scope Azure access with managed identity, and monitor with telemetry and webhooks.

Bring renewed certificates to Azure services

Acmebot owns issuance and renewal; each Azure service consumes the current Key Vault certificate through its supported pattern.

App Service
App ServiceWeb Apps / Functions / Containers
Container Apps
Container AppsIncluding custom DNS suffix
Front Door
Front DoorStandard / Premium
Application Gateway
Application Gatewayv2
API Management
API ManagementCustom domains
Azure Web PubSub
Web PubSubPremium tier
Azure Event Grid Namespaces
Event Grid NamespacesHTTP / MQTT custom domains
SignalR Service
SignalR ServicePremium tier
Virtual Machines
Virtual MachinesCustom certificate deployment

DNS providers

Use the DNS provider you already run, or connect Acmebot to your own DNS automation API.

Azure DNS
Azure Private DNS
Cloudflare
Amazon Route 53
Google Cloud DNS
GoDaddy
Akamai Edge DNS
DNS Made Easy
Gandi LiveDNS
OVH
TransIP DNS
PowerDNS
Custom DNS

Need another provider? The Custom DNS provider can connect Acmebot to your own DNS automation API.

Certificate authorities

Use a verified ACME v2 endpoint, choose a CA with EAB, or point Acmebot at your own ACME directory URL.

Let's EncryptFree

Common default for public certificates. No external account binding credentials are required.

GlobalSignEAB

Commercial CA option for automated certificate issuance through ACME.

Google Trust ServicesEAB

Google public CA endpoint for ACME-issued certificates.

SSL.comEAB

Commercial CA endpoint for 90-day certificates through ACME.

ZeroSSLEAB

ACME CA option for teams that already use ZeroSSL accounts.

Deploy to Azure

Start with the Azure Public template, then connect DNS permissions and dashboard authentication for your environment.

Acmebot v5 GA

Provision the Function App, storage, monitoring resources, application settings, and optional Key Vault for a new Acmebot environment.

  • Scheduled renewals
  • ARI-aware timing
  • Key Vault storage
  • Private network support
  • Azure Monitor telemetry

Also available from the Terraform Registry

From deployment to first certificate

A small amount of Azure setup gives your team an automated certificate path it can keep using.

1

Deploy

Deploy the v5 template and choose the ACME endpoint, managed identity, Key Vault, and monitoring settings.

2

Configure DNS

Grant the selected identity or provider credential permission to create and delete DNS-01 TXT records.

3

Issue Certificates

Use the dashboard to issue a certificate, confirm the Key Vault version, and let scheduled renewals take over.

Sponsors

Thank you to the organizations and individuals who support Acmebot development.

Interested in supporting the project?

Become a Sponsor