mirror/docker-letsencrypt-nginx-proxy-companion
1
0
Fork 0
mirror of https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion synced 2024-11-22 20:42:04 +01:00
Code Issues Releases Activity

Docs: Clarify standalone dns01 API configuration structure with example (#1155)

Browse Source 
* adding additional documentation detail for standalone DNS-01 verification

* added example

* Update Standalone-certificates.md

* minor mistake

* Update Standalone-certificates.md

* Update Standalone-certificates.md
This commit is contained in:
stuartbirrell 2024-09-27 14:32:36 +01:00 committed by GitHub
parent 044f056bfb
commit 904b5e38b1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
docs/Standalone-certificates.md
View File

@ -51,9 +51,28 @@ LETSENCRYPT_app_HOST=('myapp.yourdomain.tld' 'myapp.yourotherdomain.tld' 'servic
LETSENCRYPT_othersite_HOST=('yetanotherdomain.tld')
```
**Example using DNS-01 verification:**
In this example: `web` and `app` generate a certificate using the global/default configuration. However `othersite` will perform it's certificate verification using a specific DNS-01 API configuration.
```bash
LETSENCRYPT_STANDALONE_CERTS=('web' 'app' 'othersite')
LETSENCRYPT_web_HOST=('yourdomain.tld' 'www.yourdomain.tld')
LETSENCRYPT_app_HOST=('myapp.yourdomain.tld' 'myapp.yourotherdomain.tld' 'service.yourotherdomain.tld')
LETSENCRYPT_othersite_HOST=('yetanotherdomain.tld')
ACME_othersite_CHALLENGE=DNS-01
declare -A ACMESH_othersite_DNS_API_CONFIG=(
['DNS_API']='dns_cf'
['CF_Token']='<CLOUDFLARE_TOKEN>'
['CF_Account_ID']='<CLOUDFLARE_ACCOUNT_ID>'
['CF_Zone_ID']='<CLOUDFLARE_ZONE_ID>'
)
```
### Optional configuration parameters:
Those are all single bash variables.
Single bash variables:
`LETSENCRYPT_uniqueidentifier_EMAIL` : must be a valid email and will be used by Let's Encrypt to warn you of impeding certificate expiration (should the automated renewal fail).
@ -61,6 +80,22 @@ Those are all single bash variables.
`LETSENCRYPT_uniqueidentifier_TEST` : if set to true, the corresponding certificate will be a test certificates: it won't have the 5 certs/week/domain limits and will be signed by an untrusted intermediate (ie it won't be trusted by browsers).
DNS-01 related variables:
`ACME_uniqueidentifier_CHALLENGE`: Defaults to HTTP-01. In order to switch to the DNS-01 ACME challenge set it to `DNS-01`
`ACMESH_uniqueidentifier_DNS_API_CONFIG`: Defaults to the values of DNS_API_CONFIG. However if you wish to specify a specific DNS-01 verification method on a particular standalone certificate. It must be defined as a bash associative array.
Example
```bash
declare -A ACMESH_alt_DNS_API_CONFIG=(
['DNS_API']='dns_cf'
['CF_Token']='<CLOUDFLARE_TOKEN>'
['CF_Account_ID']='<CLOUDFLARE_ACCOUNT_ID>'
['CF_Zone_ID']='<CLOUDFLARE_ZONE_ID>'
)
```
### Picking up changes to letsencrypt_user_data
The container does not actively watch the `/app/letsencrypt_user_data` file for changes.