docker-letsencrypt-nginx-pr.../docs/Container-configuration.md

## Optional container environment variables for custom configuration.

* `ACME_CA_URI` - Directory URI for the CA ACME API endpoint (defaults to ``https://acme-v02.api.letsencrypt.org/directory``).

If you set this environment variable value to `https://acme-staging-v02.api.letsencrypt.org/directory` the container will obtain its certificates from Let's Encrypt test API endpoint that don't have the [5 certs/week/domain limit](https://letsencrypt.org/docs/rate-limits/) (but are not trusted by browsers).

For example

```bash
$ docker run --detach \
    --name nginx-proxy-letsencrypt \
    --volumes-from nginx-proxy \
    --volume /path/to/certs:/etc/nginx/certs:rw \
    --volume /var/run/docker.sock:/var/run/docker.sock:ro \
    --env "ACME_CA_URI=https://acme-staging-v02.api.letsencrypt.org/directory" \
    jrcs/letsencrypt-nginx-proxy-companion
```
You can also create test certificates per container (see [Test certificates](./Let's-Encrypt-and-ACME.md#test-certificates))

* `DEBUG` - Set it to `1` to enable debugging of the entrypoint script and generation of LetsEncrypt certificates, which could help you pin point any configuration issues.

* `RENEW_PRIVATE_KEYS` - Set it to `false` to make `acme.sh` reuse previously generated private key for each certificate instead of creating a new one on certificate renewal. Reusing private keys can help if you intend to use [HPKP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning), but please note that HPKP has been deprecated by Google's Chrome and that it is therefore strongly discouraged to use it at all.

* `DHPARAM_BITS` - Change the size of the Diffie-Hellman key generated by the container from the default value of 2048 bits. For example `--env DHPARAM_BITS=1024` to support some older clients like Java 6 and 7.

* `CA_BUNDLE` - This is a test only variable [for use with Pebble](https://github.com/letsencrypt/pebble#avoiding-client-https-errors). It changes the trusted root CA used by `acme.sh`, from the default Alpine trust store to the CA bundle file located at the provided path (inside the container). Do **not** use it in production unless you are running your own ACME CA.

* `CERTS_UPDATE_INTERVAL` - 1 hour by default, this defines how often the container will check if the certificates require update.
[skip ci] Documentation rework (#493) 2019-01-11 18:58:49 +01:00			`## Optional container environment variables for custom configuration.`

[skip-ci] Update doc to reflect ACME v2 changes (#594) 2019-10-18 00:02:55 +02:00			* `ACME_CA_URI` - Directory URI for the CA ACME API endpoint (defaults to ``https://acme-v02.api.letsencrypt.org/directory``).
[skip ci] Documentation rework (#493) 2019-01-11 18:58:49 +01:00
[skip-ci] Update doc to reflect ACME v2 changes (#594) 2019-10-18 00:02:55 +02:00			If you set this environment variable value to `https://acme-staging-v02.api.letsencrypt.org/directory` the container will obtain its certificates from Let's Encrypt test API endpoint that don't have the [5 certs/week/domain limit](https://letsencrypt.org/docs/rate-limits/) (but are not trusted by browsers).
[skip ci] Documentation rework (#493) 2019-01-11 18:58:49 +01:00
			`For example`

			```bash
			`$ docker run --detach \`
			`--name nginx-proxy-letsencrypt \`
			`--volumes-from nginx-proxy \`
			`--volume /path/to/certs:/etc/nginx/certs:rw \`
			`--volume /var/run/docker.sock:/var/run/docker.sock:ro \`
[skip-ci] Update doc to reflect ACME v2 changes (#594) 2019-10-18 00:02:55 +02:00			`--env "ACME_CA_URI=https://acme-staging-v02.api.letsencrypt.org/directory" \`
[skip ci] Documentation rework (#493) 2019-01-11 18:58:49 +01:00			`jrcs/letsencrypt-nginx-proxy-companion`
			```
			`You can also create test certificates per container (see [Test certificates](./Let's-Encrypt-and-ACME.md#test-certificates))`

Update doc 2019-01-08 20:27:07 +01:00			* `DEBUG` - Set it to `1` to enable debugging of the entrypoint script and generation of LetsEncrypt certificates, which could help you pin point any configuration issues.
[skip ci] Documentation rework (#493) 2019-01-11 18:58:49 +01:00
Update docs and comments 2020-10-13 21:04:05 +02:00			* `RENEW_PRIVATE_KEYS` - Set it to `false` to make `acme.sh` reuse previously generated private key for each certificate instead of creating a new one on certificate renewal. Reusing private keys can help if you intend to use [HPKP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning), but please note that HPKP has been deprecated by Google's Chrome and that it is therefore strongly discouraged to use it at all.
[skip ci] Documentation rework (#493) 2019-01-11 18:58:49 +01:00
			* `DHPARAM_BITS` - Change the size of the Diffie-Hellman key generated by the container from the default value of 2048 bits. For example `--env DHPARAM_BITS=1024` to support some older clients like Java 6 and 7.
Add CA_BUNDLE environment variable Allows acme.sh to use an alternative trusted root CA 2020-03-22 10:25:42 +01:00
Renaming and adding documentation 2020-12-29 14:09:03 +01:00			* `CA_BUNDLE` - This is a test only variable [for use with Pebble](https://github.com/letsencrypt/pebble#avoiding-client-https-errors). It changes the trusted root CA used by `acme.sh`, from the default Alpine trust store to the CA bundle file located at the provided path (inside the container). Do not use it in production unless you are running your own ACME CA.

			* `CERTS_UPDATE_INTERVAL` - 1 hour by default, this defines how often the container will check if the certificates require update.