ACME SSL/TLS certificate automation for Microsoft Azure, built around DNS-01 validation and Azure Key Vault
(App Service / Container Apps / Application Gateway / Front Door / others)
Acmebot helps Azure platform and operations teams automate ACME certificate issuance and renewal without building a dedicated certificate pipeline. It uses DNS-01 validation, stores private keys and issued certificates in Azure Key Vault, and exposes a dashboard and HTTP API for day-to-day operations.
Acmebot is designed for teams that need to:
- Store SSL/TLS certificates securely in Azure Key Vault
- Centralize certificates for multiple Azure services and domains
- Automate issuance and renewal with predictable operational behavior
- Monitor certificate operations through Application Insights and webhooks
- Keep DNS provider credentials and Azure access scoped to the resources Acmebot manages
- Issue certificates for zone apex names, wildcards, and SANs (multiple domains)
- Dedicated dashboard for certificate management
- Automated certificate renewal
- Support for ACME v2 compliant Certification Authorities
- Let's Encrypt
- GlobalSign (Requires EAB Credentials)
- Google Trust Services (Requires EAB Credentials)
- SSL.com (Requires EAB Credentials)
- ZeroSSL (Requires EAB Credentials)
- Certificates can be used with many Azure services
- Azure App Service (Web Apps / Functions / Containers)
- Azure Container Apps (Include custom DNS suffix)
- Front Door (Standard / Premium)
- Application Gateway v2
- API Management
- SignalR Service (Premium)
- Virtual Machine
Acmebot v5 is generally available. Deploy the latest release with a single click. The template provisions the required Function App (Flex Consumption), Storage, Application Insights, Log Analytics, and optionally a new Key Vault.
The v5 deployment template supports the Azure public cloud only because Flex Consumption is not available in Azure China or Azure Government.
For detailed setup instructions and DNS provider configuration, see the Getting Started guide.
Thank you for your support of our development. Interested in supporting the project? Become a Sponsor
- Durable Functions by @cgillum and contributors
- DnsClient.NET by @MichaCo
Commercial support for Acmebot v5 is now available from Polymind Inc.
Commercial support is optional and intended for organizations running Acmebot in production. It can cover deployment planning, v4-to-v5 migration, Azure and DNS provider configuration, troubleshooting, and operational guidance.
Acmebot remains fully open source and free to use under the Apache License 2.0. Community questions and bug reports continue to be handled through GitHub Discussions and Issues.
To discuss commercial support, visit the Polymind Acmebot support page or see the Support guide.
This project is licensed under the Apache License 2.0