Browse Source

add support for Let's Encrypt DNS-01 challenge (for wildcard domains)

start with support for OVH provider, but in a way for others to be added in the future:

https://doc.traefik.io/traefik/https/acme/#dnschallenge
pull/25/head
Michael Williams 2 months ago
parent
commit
2c81622d9a
  1. 5
      .env.sample
  2. 8
      compose.yml
  3. 4
      traefik.yml.tmpl

5
.env.sample

@ -8,6 +8,11 @@ LETS_ENCRYPT_EMAIL=certs@example.com
# WARN, INFO etc.
LOG_LEVEL=WARN
## Enable dns challenge (for wildcard domains)
## https://doc.traefik.io/traefik/https/acme/#dnschallenge
#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
## Enable Keycloak
#COMPOSE_FILE="compose.yml:compose.keycloak.yml"
#KEYCLOAK_MIDDLEWARE_ENABLED=1

8
compose.yml

@ -21,6 +21,14 @@ services:
environment:
- DASHBOARD_ENABLED
- LOG_LEVEL
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") "ovh" }}
- OVH_APPLICATION_KEY
- OVH_APPLICATION_SECRET
- OVH_CONSUMER_KEY
- OVH_ENDPOINT
{{ end }}
{{ end }}
healthcheck:
test: ["CMD", "traefik", "healthcheck"]
interval: 30s

4
traefik.yml.tmpl

@ -66,3 +66,7 @@ certificatesResolvers:
storage: /etc/letsencrypt/production-acme.json
httpChallenge:
entryPoint: web
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
dnsChallenge:
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
{{ end }}
Loading…
Cancel
Save