coop-cloud/traefik
8
2
Fork 18
Code Issues 12 Pull Requests 6 Releases Wiki Activity

feat: disable httpChallenge when DNS challenge is configured #112

Merged
decentral1se merged 2 commits from luisb/traefik:feat/favor-LE-dns-challenge-if-enabled into master 2026-06-19 12:56:54 +00:00
Conversation 3 Commits 2 Files Changed 4 +13 -7
4 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -32,15 +32,16 @@
3. Insert the secret: `abra app secret insert <domain> usersfile v1 -f usersfile
4. Redploy your app: `abra app deploy -f <domain>`
## Configuring wildcard SSL using DNS
## Configuring SSL using DNS
Automatic certificate generation will Just Work™ for most recipes which use a fixed
number of subdomains. For some recipes which need to work across arbitrary
Automatic certificate generation will Just Work™ for most recipes which use a
fixed number of subdomains. If your server can't be reached from the Internet,
or if you're deploying a recipe that needs to work across arbitrary
subdomains, like
[`federatedwiki`](https://git.coopcloud.tech/coop-cloud/federatedwiki/) and
[`go-ssb-room`](https://git.coopcloud.tech/coop-cloud/federatedwiki/), you'll
need to give Traefik access to your DNS provider so that it can carry out
Letsencrypt DNS challenges.
[`go-ssb-room`](https://git.coopcloud.tech/coop-cloud/federatedwiki/) (requiring
the use of wildcard certificates,) you can give Traefik access to your DNS provider
so that it can carry out Letsencrypt DNS challenges.
1. Use Gandi, OVH, DO, Azure, or PorkBun for DNS 🤡 (support for other providers
can be easily added, see

2
abra.sh
View File

@ -1,3 +1,3 @@
export TRAEFIK_YML_VERSION=v30
export TRAEFIK_YML_VERSION=v31
export FILE_PROVIDER_YML_VERSION=v12
export ENTRYPOINT_VERSION=v5

1
release/next Normal file
View File

@ -0,0 +1 @@
letsencrypt: Avoid HTTP-01 challenge if `LETS_ENCRYPT_DNS_CHALLENGE_ENABLED` is set, in order to rely on DNS-01 challenges for servers not exposed to the internet.

4
traefik.yml.tmpl
View File

@ -127,8 +127,10 @@ certificatesResolvers:
email: {{ env "LETS_ENCRYPT_EMAIL" }}
storage: /etc/letsencrypt/staging-acme.json
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
{{- if ne (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
httpChallenge:
entryPoint: web
{{- end }}
{{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
dnsChallenge:
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
@ -140,8 +142,10 @@ certificatesResolvers:
acme:
email: {{ env "LETS_ENCRYPT_EMAIL" }}
storage: /etc/letsencrypt/production-acme.json
{{- if ne (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
httpChallenge:
entryPoint: web
{{- end }}
{{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
dnsChallenge:
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}