Added usage of --challenge-alias, possibility of different DNA modes per domain #82
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Environment variables: - LETSENCRYPT_DNS_MODE=<dns_provider_backend> - LETSENCRYPT_DNS_MODE_SETTINGS=export VAR1=value VAR2=... (configuration variables for the DNS provider backend) And don't fiddle with nginx-proxy acme-challenge conf This is to the nginx-proxy container to handle that (this commit expects nginx-proxy from the https-passthrough+acme_challenge branch of pini-gh's fork).
* Configurable LETSENCRYPT_HOST variable name * Configurable nginx-proxy & docker-gen labels Combined with my nginx-proxy fork HTTPS passthrough feature this allow for easy testing configuration setup, very usefull when one has only one server to work with. In swarm mode we can't give names to the containers. We have to use labels then. And these labels have to be configurable if we want to be able to chain several nginx-proxy instances. Also wait for nginx-proxy and docker-gen containers instead of erroring out. This is useful in swarm environment where the 'depends_on' compose option isn't available.
Only the LETSENCRYPT_HOST variable is subject to renaming.
This allow checking both HTTP and HTTPS.
This way standalone certificates can be requested from their container's environment without using /app/letsencrypt_user_data.
… with multiple / different dns modes
…ssibilities due to ambiguity of acme.sh docu regarding combination of --domain-alias with --chalange-alias
hutmitfrosch
changed the title
pini-gh
force-pushed
the
dns-01-challenge
branch
from
3e198d2 to
35438e0
Compare
pini-gh
force-pushed
the
dns-01-challenge
branch
from
35438e0 to
d533920
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since I needed to use acme.sh's --challenge-alias, I forked and wrote it in.
So I wanna participate also here and give my changes back to you, if you are interessted :-)
Allows for something like:
Can be mixed with un-aliased auth - use "no" instead of alias domain at the according place(s) in the challange alias list like:
I even tried implementing --domain-alias, but acme.sh's docu sadly is a little bit ambiguous how to mix this with the other two modes, does not support "no" for that parameter and hence filtering for that placeholder was difficult - so I removed those trials again.
I tested for both modes, single cert per domain and SAN.
For single cert per domain, the bullet points above are regarded by filtering out "no" and also applying only one given mode and / or alias for all created certs (see sources).
I am sorry for having no idea how to implement tests fitting your existing ones, so I have to leave that part to someone else.
Might be good to test the whole thing more intensively, seems to fit my use case / needs, so at some point I stoped looking for other edge-cases.
If I find some other bugs, I can do a new pull request, If you like.