For this to work you need a Application registration, within that AppReg you need a certificate based authentication.
Go ahead and generate a certificate for this specific part.
Once created, you need to add the certificate to both Azure AppReg, and place it besides the scripts you will be provided from this guide.
Grant the AppReg access to manage the DNS for the desired domain.
There is guides for all of these things within the POSH_Acme website.
For the script to install to the VB365 controller server(Api / Rest desicated server is not supported due to lack of powershell module to communicate with the Veeam REST API configuration tool.
The scripts in this are:
RunThisToInstall.ps1
InitialSSL.ps1
RenewSSL.ps1
SSLRenewTask.ps1
InstallScript.ps1
You can view the code, and see what each script is doing.
Run this to install - will set execution policy, run installscript.
installscript will create a folder for the scripts and then copy them.
it will install the certificate used to authenticate against Azure DNS. Remember to change the certificate name as it's named in files.
Collect required info and run initialssl and install the task to renew certificates.
Initialscript will setup the required modules for this to work.
In this script you need to change the values accordingly to your azure tenant:
$pArgs = @{
AZSubscriptionId = 'ID GOES HERE'
AZTenantId = 'ID GOES HERE'
AZAppUsername = 'APPREG ID GOES HERE'
AZCertThumbprint = 'CERTIFICATE THUMBPRINT GOES HERE'
}
Next is will try to generate the certificate by starting post-acme and use the collected info to do so.
If successfull it will tell VB365 controller to import the new certificate.
RenewSSL need changes as well. here we also need to edit the same variables as in initialscript.
besides that we do not need any other changes. it will run the renewal as set in the task, and add it to the VB365 controller.
Do note that the script can be adjusted to fit Veeam backup and replication, then you need to modify the import command, and if using gateways then needs to be added to the second domain part when installing(Enter the subdomain (leave blank if none)) and here is inportamt to remember if these are used, all of the domains needs to be added to the next and last domain prompt(Enter the all domain (e.g., vb365controller.domain.com))
SSL4VB365.zip