traefik/docs/content/https/ref-acme.txt
2020-02-17 11:04:04 +01:00

88 lines
2.2 KiB
Text

# Enable ACME (Let's Encrypt): automatic SSL.
# Email address used for registration.
#
# Required
#
--certificatesResolvers.myresolver.acme.email=test@traefik.io
# File or key used for certificates storage.
#
# Required
#
--certificatesResolvers.myresolver.acme.storage=acme.json
# CA server to use.
# Uncomment the line to use Let's Encrypt's staging server,
# leave commented to go to prod.
#
# Optional
# Default: "https://acme-v02.api.letsencrypt.org/directory"
#
--certificatesResolvers.myresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
# KeyType to use.
#
# Optional
# Default: "RSA4096"
#
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
#
--certificatesResolvers.myresolver.acme.keyType=RSA4096
# Use a TLS-ALPN-01 ACME challenge.
#
# Optional (but recommended)
#
--certificatesResolvers.myresolver.acme.tlsChallenge=true
# Use a HTTP-01 ACME challenge.
#
# Optional
#
--certificatesResolvers.myresolver.acme.httpChallenge=true
# EntryPoint to use for the HTTP-01 challenges.
#
# Required
#
--certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
# Note: mandatory for wildcard certificate generation.
#
# Optional
#
--certificatesResolvers.myresolver.acme.dnsChallenge=true
# DNS provider used.
#
# Required
#
--certificatesResolvers.myresolver.acme.dnsChallenge.provider=digitalocean
# By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
# If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
# Useful if internal networks block external DNS queries.
#
# Optional
# Default: 0
#
--certificatesResolvers.myresolver.acme.dnsChallenge.delayBeforeCheck=0
# Use following DNS servers to resolve the FQDN authority.
#
# Optional
# Default: empty
#
--certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
# Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
#
# NOT RECOMMENDED:
# Increase the risk of reaching Let's Encrypt's rate limits.
#
# Optional
# Default: false
#
--certificatesResolvers.myresolver.acme.dnsChallenge.disablePropagationCheck=true