mirror of
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion
synced 2024-11-22 16:32:48 +01:00
Docs: Clarify standalone dns01 API configuration structure with example (#1155)
* adding additional documentation detail for standalone DNS-01 verification * added example * Update Standalone-certificates.md * minor mistake * Update Standalone-certificates.md * Update Standalone-certificates.md
This commit is contained in:
parent
044f056bfb
commit
904b5e38b1
@ -51,9 +51,28 @@ LETSENCRYPT_app_HOST=('myapp.yourdomain.tld' 'myapp.yourotherdomain.tld' 'servic
|
||||
LETSENCRYPT_othersite_HOST=('yetanotherdomain.tld')
|
||||
```
|
||||
|
||||
**Example using DNS-01 verification:**
|
||||
|
||||
In this example: `web` and `app` generate a certificate using the global/default configuration. However `othersite` will perform it's certificate verification using a specific DNS-01 API configuration.
|
||||
|
||||
```bash
|
||||
LETSENCRYPT_STANDALONE_CERTS=('web' 'app' 'othersite')
|
||||
LETSENCRYPT_web_HOST=('yourdomain.tld' 'www.yourdomain.tld')
|
||||
LETSENCRYPT_app_HOST=('myapp.yourdomain.tld' 'myapp.yourotherdomain.tld' 'service.yourotherdomain.tld')
|
||||
LETSENCRYPT_othersite_HOST=('yetanotherdomain.tld')
|
||||
|
||||
ACME_othersite_CHALLENGE=DNS-01
|
||||
declare -A ACMESH_othersite_DNS_API_CONFIG=(
|
||||
['DNS_API']='dns_cf'
|
||||
['CF_Token']='<CLOUDFLARE_TOKEN>'
|
||||
['CF_Account_ID']='<CLOUDFLARE_ACCOUNT_ID>'
|
||||
['CF_Zone_ID']='<CLOUDFLARE_ZONE_ID>'
|
||||
)
|
||||
```
|
||||
|
||||
### Optional configuration parameters:
|
||||
|
||||
Those are all single bash variables.
|
||||
Single bash variables:
|
||||
|
||||
`LETSENCRYPT_uniqueidentifier_EMAIL` : must be a valid email and will be used by Let's Encrypt to warn you of impeding certificate expiration (should the automated renewal fail).
|
||||
|
||||
@ -61,6 +80,22 @@ Those are all single bash variables.
|
||||
|
||||
`LETSENCRYPT_uniqueidentifier_TEST` : if set to true, the corresponding certificate will be a test certificates: it won't have the 5 certs/week/domain limits and will be signed by an untrusted intermediate (ie it won't be trusted by browsers).
|
||||
|
||||
DNS-01 related variables:
|
||||
|
||||
`ACME_uniqueidentifier_CHALLENGE`: Defaults to HTTP-01. In order to switch to the DNS-01 ACME challenge set it to `DNS-01`
|
||||
|
||||
`ACMESH_uniqueidentifier_DNS_API_CONFIG`: Defaults to the values of DNS_API_CONFIG. However if you wish to specify a specific DNS-01 verification method on a particular standalone certificate. It must be defined as a bash associative array.
|
||||
|
||||
Example
|
||||
```bash
|
||||
declare -A ACMESH_alt_DNS_API_CONFIG=(
|
||||
['DNS_API']='dns_cf'
|
||||
['CF_Token']='<CLOUDFLARE_TOKEN>'
|
||||
['CF_Account_ID']='<CLOUDFLARE_ACCOUNT_ID>'
|
||||
['CF_Zone_ID']='<CLOUDFLARE_ZONE_ID>'
|
||||
)
|
||||
```
|
||||
|
||||
### Picking up changes to letsencrypt_user_data
|
||||
|
||||
The container does not actively watch the `/app/letsencrypt_user_data` file for changes.
|
||||
|
Loading…
Reference in New Issue
Block a user