Certificate resolvers.

Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00 · 2019-07-19 11:52:04 +02:00 · f75f73f3d2
commit f75f73f3d2
parent e3627e9cba
47 changed files with 1573 additions and 1249 deletions
--- a/docs/content/https/ref-acme.toml
+++ b/docs/content/https/ref-acme.toml
@ -1,123 +1,89 @@
 # Enable ACME (Let's Encrypt): automatic SSL.
-[acme]
+[certificatesResolvers.sample.acme]

-# Email address used for registration.
-#
-# Required
-#
-email = "test@traefik.io"
-
-# File or key used for certificates storage.
-#
-# Required
-#
-storage = "acme.json"
-
-# If true, display debug log messages from the acme client library.
-#
-# Optional
-# Default: false
-#
-# acmeLogging = true
-
-# If true, override certificates in key-value store when using storeconfig.
-#
-# Optional
-# Default: false
-#
-# overrideCertificates = true
-
-# Enable certificate generation on routers host rules.
-#
-# Optional
-# Default: false
-#
-# onHostRule = true
-
-# CA server to use.
-# Uncomment the line to use Let's Encrypt's staging server,
-# leave commented to go to prod.
-#
-# Optional
-# Default: "https://acme-v02.api.letsencrypt.org/directory"
-#
-# caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
-
-# KeyType to use.
-#
-# Optional
-# Default: "RSA4096"
-#
-# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
-#
-# KeyType = "RSA4096"
-
-# Use a TLS-ALPN-01 ACME challenge.
-#
-# Optional (but recommended)
-#
-[acme.tlsChallenge]
-
-# Use a HTTP-01 ACME challenge.
-#
-# Optional
-#
-# [acme.httpChallenge]
-
-  # EntryPoint to use for the HTTP-01 challenges.
+  # Email address used for registration.
  #
  # Required
  #
-  # entryPoint = "web"
+  email = "test@traefik.io"

-# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
-# Note: mandatory for wildcard certificate generation.
-#
-# Optional
-#
-# [acme.dnsChallenge]
-
-  # DNS provider used.
+  # File or key used for certificates storage.
  #
  # Required
  #
-  # provider = "digitalocean"
+  storage = "acme.json"

-  # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
-  # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
-  # Useful if internal networks block external DNS queries.
+  # CA server to use.
+  # Uncomment the line to use Let's Encrypt's staging server,
+  # leave commented to go to prod.
  #
  # Optional
-  # Default: 0
+  # Default: "https://acme-v02.api.letsencrypt.org/directory"
  #
-  # delayBeforeCheck = 0
+  # caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"

-  # Use following DNS servers to resolve the FQDN authority.
+  # KeyType to use.
  #
  # Optional
-  # Default: empty
+  # Default: "RSA4096"
  #
-  # resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
+  # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
+  #
+  # keyType = "RSA4096"

-  # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
+  # Use a TLS-ALPN-01 ACME challenge.
  #
-  # NOT RECOMMENDED:
-  # Increase the risk of reaching Let's Encrypt's rate limits.
+  # Optional (but recommended)
+  #
+  [certificatesResolvers.sample.acme.tlsChallenge]
+
+  # Use a HTTP-01 ACME challenge.
  #
  # Optional
-  # Default: false
  #
-  # disablePropagationCheck = true
+  # [certificatesResolvers.sample.acme.httpChallenge]

-# Domains list.
-# Only domains defined here can generate wildcard certificates.
-# The certificates for these domains are negotiated at traefik startup only.
-#
-# [[acme.domains]]
-#   main = "local1.com"
-#   sans = ["test1.local1.com", "test2.local1.com"]
-# [[acme.domains]]
-#   main = "local2.com"
-# [[acme.domains]]
-#   main = "*.local3.com"
-#   sans = ["local3.com", "test1.test1.local3.com"]
+    # EntryPoint to use for the HTTP-01 challenges.
+    #
+    # Required
+    #
+    # entryPoint = "web"
+
+  # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
+  # Note: mandatory for wildcard certificate generation.
+  #
+  # Optional
+  #
+  # [certificatesResolvers.sample.acme.dnsChallenge]
+
+    # DNS provider used.
+    #
+    # Required
+    #
+    # provider = "digitalocean"
+
+    # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
+    # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
+    # Useful if internal networks block external DNS queries.
+    #
+    # Optional
+    # Default: 0
+    #
+    # delayBeforeCheck = 0
+
+    # Use following DNS servers to resolve the FQDN authority.
+    #
+    # Optional
+    # Default: empty
+    #
+    # resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
+
+    # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
+    #
+    # NOT RECOMMENDED:
+    # Increase the risk of reaching Let's Encrypt's rate limits.
+    #
+    # Optional
+    # Default: false
+    #
+    # disablePropagationCheck = true