在 Azure DNS Zone 用 DNS Record 來驗證 Let's Encrypt 的 PowerShell Script

前情提要: 在 Microsoft DNS Server 上用 DNS Record 來驗證 Let's Encrypt 的 PowerShell Script

AzureDNSZoneVerification.ps1

# -Step "create" -Identifier "{Identifier}" -RecordName "{RecordName}" -Token "{Token}"

# -Step "delete" -Identifier "{Identifier}" -RecordName "{RecordName}" -Token "{Token}"

param (

[string]$Step,

[string]$Identifier,

[string]$RecordName,

[string]$Token

);

[string]$AzureResourceGroupName = "Infra_Network"

[string]$ZoneName = "contoso.com"

[int]$TTL = 3600

write-host ('Step: ' + $Step);

write-host ('Identifier: ' + $Identifier);

write-host ('RecordName: ' + $RecordName);

write-host ('Token: ' + $Token);

$RecordName = $RecordName -Replace ("." + $ZoneName),""

Remove-TypeData -TypeName System.Security.AccessControl.ObjectSecurity

Import-Module Microsoft.PowerShell.Security

##### Connect to Azure

$CredentailFileName = ('C:\Command\AzConnect\AzConnect.txt');

write-host ('Load ' + $CredentailFileName)

$AzureEntraTenantId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';

$AzSubscriptionID = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';

##### Connect to Azure

[string[]]$CredentialRead = Get-Content -Path $CredentailFileName;

$UserName = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($CredentialRead[0]));

$Password = $CredentialRead[1] | ConvertTo-SecureString;

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $Password;

$ConnectAzAccount = Connect-AzAccount -ServicePrincipal -Credential $Credential -Tenant $AzureEntraTenantId -Subscription $AzSubscriptionID;

Select-AzSubscription -SubscriptionId $AzSubscriptionID | Out-Null;

##### Connect to Azure

##### Connect to Azure

if ( ($Step.ToLower() -ne 'create') -and ($Step.ToLower() -ne 'delete') ) {

write-host "No Correct Step.";

exit;

};

if ($Step.ToLower() -eq 'create') {

$CheckRecordExists = Get-AzDnsRecordSet -ZoneName $ZoneName -ResourceGroupName $AzureResourceGroupName -Name $RecordName -RecordType TXT -ErrorAction silentlyContinue

if ($CheckRecordExists -ne $Null) {

Remove-AzDnsRecordSet -Name $RecordName -RecordType TXT -ZoneName $ZoneName -ResourceGroupName $AzureResourceGroupName -Confirm:$False

write-host ('Remove-AzDnsRecordSet: ' + $VerificationRecord);

};

New-AzDnsRecordSet -Name $RecordName -RecordType TXT -ZoneName $ZoneName -ResourceGroupName $AzureResourceGroupName -Ttl $TTL -DnsRecords (New-AzDnsRecordConfig -Value $Token)

write-host ('New-AzDnsRecordSet: ' + $VerificationRecord);

} else {

Remove-AzDnsRecordSet -Name $RecordName -RecordType TXT -ZoneName $ZoneName -ResourceGroupName $AzureResourceGroupName -Confirm:$False

write-host ('Remove-AzDnsRecordSet: ' + $VerificationRecord);

};