Certificate resolvers.

Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00 · 2019-07-19 11:52:04 +02:00 · f75f73f3d2
commit f75f73f3d2
parent e3627e9cba
47 changed files with 1573 additions and 1249 deletions
--- a/docs/content/https/ref-acme.txt
+++ b/docs/content/https/ref-acme.txt
@ -0,0 +1,89 @@
+# Enable ACME (Let's Encrypt): automatic SSL.
+--certificatesResolvers.sample.acme
+
+# Email address used for registration.
+#
+# Required
+#
+--certificatesResolvers.sample.acme.email="test@traefik.io"
+
+# File or key used for certificates storage.
+#
+# Required
+#
+--certificatesResolvers.sample.acme.storage="acme.json"
+
+# CA server to use.
+# Uncomment the line to use Let's Encrypt's staging server,
+# leave commented to go to prod.
+#
+# Optional
+# Default: "https://acme-v02.api.letsencrypt.org/directory"
+#
+--certificatesResolvers.sample.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
+
+# KeyType to use.
+#
+# Optional
+# Default: "RSA4096"
+#
+# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
+#
+--certificatesResolvers.sample.acme.keyType=RSA4096
+
+# Use a TLS-ALPN-01 ACME challenge.
+#
+# Optional (but recommended)
+#
+--certificatesResolvers.sample.acme.tlsChallenge
+
+# Use a HTTP-01 ACME challenge.
+#
+# Optional
+#
+--certificatesResolvers.sample.acme.httpChallenge
+
+# EntryPoint to use for the HTTP-01 challenges.
+#
+# Required
+#
+--certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
+
+# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
+# Note: mandatory for wildcard certificate generation.
+#
+# Optional
+#
+--certificatesResolvers.sample.acme.dnsChallenge
+
+# DNS provider used.
+#
+# Required
+#
+--certificatesResolvers.sample.acme.dnsChallenge.provider=digitalocean
+
+# By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
+# If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
+# Useful if internal networks block external DNS queries.
+#
+# Optional
+# Default: 0
+#
+--certificatesResolvers.sample.acme.dnsChallenge.delayBeforeCheck=0
+
+# Use following DNS servers to resolve the FQDN authority.
+#
+# Optional
+# Default: empty
+#
+--certificatesResolvers.sample.acme.dnsChallenge.resolvers="1.1.1.1:53,8.8.8.8:53"
+
+# Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
+#
+# NOT RECOMMENDED:
+# Increase the risk of reaching Let's Encrypt's rate limits.
+#
+# Optional
+# Default: false
+#
+--certificatesResolvers.sample.acme.dnsChallenge.disablePropagationCheck=true