add support for Let's Encrypt DNS-01 challenge (for wildcard domains)

start with support for OVH provider, but in a way for others to be added in the future:

https://doc.traefik.io/traefik/https/acme/#dnschallenge
This commit is contained in:
Michael Williams 2021-06-10 14:53:17 +12:00
parent 8ff2f3a294
commit 2c81622d9a
3 changed files with 17 additions and 0 deletions

View File

@ -8,6 +8,11 @@ LETS_ENCRYPT_EMAIL=certs@example.com
# WARN, INFO etc.
LOG_LEVEL=WARN
## Enable dns challenge (for wildcard domains)
## https://doc.traefik.io/traefik/https/acme/#dnschallenge
#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
## Enable Keycloak
#COMPOSE_FILE="compose.yml:compose.keycloak.yml"
#KEYCLOAK_MIDDLEWARE_ENABLED=1

View File

@ -21,6 +21,14 @@ services:
environment:
- DASHBOARD_ENABLED
- LOG_LEVEL
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") "ovh" }}
- OVH_APPLICATION_KEY
- OVH_APPLICATION_SECRET
- OVH_CONSUMER_KEY
- OVH_ENDPOINT
{{ end }}
{{ end }}
healthcheck:
test: ["CMD", "traefik", "healthcheck"]
interval: 30s

View File

@ -66,3 +66,7 @@ certificatesResolvers:
storage: /etc/letsencrypt/production-acme.json
httpChallenge:
entryPoint: web
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
dnsChallenge:
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
{{ end }}