I think there are a few limitations with this:<p>1. It assumes you're operating on a single instance cloud service. If you're operating with many instances, you could end up sending the challenge information to one instance and another could serve the request to obtain the challenge. A distributed storage (redis cache, sql db, etc.) is where the challenge should be stored.<p>2. All of the steps to obtain a certificate and have it used by the cloud service should be automated. You shouldn't have to update thumbprints or re-deploy your site.