Certificate resolvers.

Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-07-19 11:52:04 +02:00 · 2019-07-19 11:52:04 +02:00 · f75f73f3d2
commit f75f73f3d2
parent e3627e9cba
47 changed files with 1573 additions and 1249 deletions
--- a/docs/content/https/ref-acme.yaml
+++ b/docs/content/https/ref-acme.yaml
@ -1,127 +1,93 @@
-# Enable ACME (Let's Encrypt): automatic SSL.
-acme:
+certificatesResolvers:
+  sample:
+    # Enable ACME (Let's Encrypt): automatic SSL.
+    acme:

-  # Email address used for registration.
-  #
-  # Required
-  #
-  email: "test@traefik.io"
+      # Email address used for registration.
+      #
+      # Required
+      #
+      email: "test@traefik.io"

-  # File or key used for certificates storage.
-  #
-  # Required
-  #
-  storage: "acme.json"
+      # File or key used for certificates storage.
+      #
+      # Required
+      #
+      storage: "acme.json"

-  # If true, display debug log messages from the acme client library.
-  #
-  # Optional
-  # Default: false
-  #
-  # acmeLogging: true
+      # CA server to use.
+      # Uncomment the line to use Let's Encrypt's staging server,
+      # leave commented to go to prod.
+      #
+      # Optional
+      # Default: "https://acme-v02.api.letsencrypt.org/directory"
+      #
+      # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"

-  # If true, override certificates in key-value store when using storeconfig.
-  #
-  # Optional
-  # Default: false
-  #
-  # overrideCertificates: true
+      # KeyType to use.
+      #
+      # Optional
+      # Default: "RSA4096"
+      #
+      # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
+      #
+      # keyType: RSA4096

-  # Enable certificate generation on routers host rules.
-  #
-  # Optional
-  # Default: false
-  #
-  # onHostRule: true
+      # Use a TLS-ALPN-01 ACME challenge.
+      #
+      # Optional (but recommended)
+      #
+      tlsChallenge:

-  # CA server to use.
-  # Uncomment the line to use Let's Encrypt's staging server,
-  # leave commented to go to prod.
-  #
-  # Optional
-  # Default: "https://acme-v02.api.letsencrypt.org/directory"
-  #
-  # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      # Use a HTTP-01 ACME challenge.
+      #
+      # Optional
+      #
+      # httpChallenge:

-  # KeyType to use.
-  #
-  # Optional
-  # Default: "RSA4096"
-  #
-  # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
-  #
-  # KeyType: RSA4096
+        # EntryPoint to use for the HTTP-01 challenges.
+        #
+        # Required
+        #
+        # entryPoint: web

-  # Use a TLS-ALPN-01 ACME challenge.
-  #
-  # Optional (but recommended)
-  #
-  tlsChallenge:
+      # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
+      # Note: mandatory for wildcard certificate generation.
+      #
+      # Optional
+      #
+      # dnsChallenge:

-  # Use a HTTP-01 ACME challenge.
-  #
-  # Optional
-  #
-  # httpChallenge:
+        # DNS provider used.
+        #
+        # Required
+        #
+        # provider: digitalocean

-    # EntryPoint to use for the HTTP-01 challenges.
-    #
-    # Required
-    #
-    # entryPoint: web
+        # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
+        # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
+        # Useful if internal networks block external DNS queries.
+        #
+        # Optional
+        # Default: 0
+        #
+        # delayBeforeCheck: 0

-  # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
-  # Note: mandatory for wildcard certificate generation.
-  #
-  # Optional
-  #
-  # dnsChallenge:
+        # Use following DNS servers to resolve the FQDN authority.
+        #
+        # Optional
+        # Default: empty
+        #
+        # resolvers
+        # - "1.1.1.1:53"
+        # - "8.8.8.8:53"

-    # DNS provider used.
-    #
-    # Required
-    #
-    # provider: digitalocean
-
-    # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
-    # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
-    # Useful if internal networks block external DNS queries.
-    #
-    # Optional
-    # Default: 0
-    #
-    # delayBeforeCheck: 0
-
-    # Use following DNS servers to resolve the FQDN authority.
-    #
-    # Optional
-    # Default: empty
-    #
-    # resolvers
-    # - "1.1.1.1:53"
-    # - "8.8.8.8:53"
-
-    # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
-    #
-    # NOT RECOMMENDED:
-    # Increase the risk of reaching Let's Encrypt's rate limits.
-    #
-    # Optional
-    # Default: false
-    #
-    # disablePropagationCheck: true
-
-  # Domains list.
-  # Only domains defined here can generate wildcard certificates.
-  # The certificates for these domains are negotiated at traefik startup only.
-  #
-  # domains:
-  # - main: "local1.com"
-  #   sans:
-  #   - "test1.local1.com"
-  #   - "test2.local1.com"
-  # - main: "local2.com"
-  # - main: "*.local3.com"
-  #   sans:
-  #   - "local3.com"
-  #   - "test1.test1.local3.com"
+        # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
+        #
+        # NOT RECOMMENDED:
+        # Increase the risk of reaching Let's Encrypt's rate limits.
+        #
+        # Optional
+        # Default: false
+        #
+        # disablePropagationCheck: true