Nicolas Duchon
1.7 KiB
Zero SSL
Zero SSL is an ACME CA that offer some advantages over Let's Encrypt:
- no staging endpoint and no rate limiting on the production endpoint.
- web based management console to keep track of your SSL certificates.
Using Zero SSL through an ACME client, like in this container, allows for unlimited 90 days and multi-domains (SAN) certificates.
Activation
The Zero SSL support is activated when the ACME_CA_URI environment variable is set to the Zero SSL ACME endpoint (https://acme.zerossl.com/v2/DV90).
Account
Unlike Let's Encrypt, Zero SSL requires the use of an email bound account. If you already created a Zero SSL account, you can either:
- provide pre-generated EAB credentials using the
ACME_EAB_KIDandACME_EAB_HMAC_KEYenvironment variables. - provide your ZeroSSL API key using the
ZEROSSL_API_KEYenvironment variable.
These variables can be set on the proxied containers or directly on the acme-companion container.
When a new ACME account is registered with EAB credentials, acme-companion will also pass LETSENCRYPT_EMAIL or DEFAULT_EMAIL if one is configured. If both are unset or blank, registration still proceeds without a contact email and a warning is logged, because some ACME CAs require an email for EAB account registration.
If you don't have a ZeroSSL account, you can let acme-companion create a Zero SSL account with the address provided in the ACME_EMAIL or DEFAULT_EMAIL environment variable. Note that the address that will be used must be a valid email address that you actually own.