mirror of
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion
synced 2026-05-04 07:00:44 +02:00
Nicolas Duchon
25 lines
1.7 KiB
Markdown
25 lines
1.7 KiB
Markdown
## Zero SSL
|
|
|
|
[Zero SSL](https://zerossl.com/) is an ACME CA that offer some advantages over Let's Encrypt:
|
|
- no staging endpoint and [no rate limiting on the production endpoint](https://zerossl.com/features/acme/).
|
|
- web based [management console](https://zerossl.com/features/console/) to keep track of your SSL certificates.
|
|
|
|
Using Zero SSL through an ACME client, like in this container, allows for unlimited 90 days and multi-domains (SAN) certificates.
|
|
|
|
### Activation
|
|
|
|
The Zero SSL support is activated when the `ACME_CA_URI` environment variable is set to the Zero SSL ACME endpoint (`https://acme.zerossl.com/v2/DV90`).
|
|
|
|
### Account
|
|
|
|
Unlike Let's Encrypt, Zero SSL requires the use of an email bound account. If you already created a Zero SSL account, you can either:
|
|
|
|
- provide pre-generated [EAB credentials](https://tools.ietf.org/html/rfc8555#section-7.3.4) using the `ACME_EAB_KID` and `ACME_EAB_HMAC_KEY` environment variables.
|
|
- provide your ZeroSSL API key using the `ZEROSSL_API_KEY` environment variable.
|
|
|
|
These variables can be set on the proxied containers or directly on the **acme-companion** container.
|
|
|
|
When a new ACME account is registered with EAB credentials, **acme-companion** will also pass `LETSENCRYPT_EMAIL` or `DEFAULT_EMAIL` if one is configured. If both are unset or blank, registration still proceeds without a contact email and a warning is logged, because some ACME CAs require an email for EAB account registration.
|
|
|
|
If you don't have a ZeroSSL account, you can let **acme-companion** create a Zero SSL account with the address provided in the `ACME_EMAIL` or `DEFAULT_EMAIL` environment variable. Note that the address that will be used must be a valid email address that you actually own.
|