Docs: ACME Overhaul #3421
Docs: ACME Overhaul #3421
Conversation
mmatur
added
bot/no-merge
kind/enhancement
|
@dargmuesli Can you please rebase this PR off the 1.6 branch instead of master? Thanks! |
|
Sure, did so. I hope I solved the merge conflicts corretly ;) |
|
@dargmuesli could you rebase instead merge: |
|
Oh, sorry. I just followed GitHub's UI there. I guess I can force-push a rebased version? |
|
I reseted your branch. |
|
Sorry once again, I was just really confused which branch did what... I hope everything's correct now? |
docs/configuration/acme.md
Outdated
|
|
||
| See also [Let's Encrypt examples](/user-guide/examples/#lets-encrypt-support) and [Docker & Let's Encrypt user guide](/user-guide/docker-and-lets-encrypt). | ||
| See [Let's Encrypt examples](/user-guide/examples/#lets-encrypt-support) and [Docker & Let's Encrypt user guide](/user-guide/docker-and-lets-encrypt) too. |
There was a problem hiding this comment.
I personally prefer as well to too
docs/configuration/acme.md
Outdated
| # - Uncomment the line to run on the staging let's encrypt server. | ||
| # - Leave comment to go to prod. | ||
| # Uncomment the line to use Let's Encrypt's staging server, | ||
| # leave comment to go to prod. |
There was a problem hiding this comment.
leave commented to go to prod
docs/configuration/acme.md
Outdated
| # | ||
| # Optional | ||
| # | ||
| # [acme.dnsChallenge] | ||
|
|
||
| # Provider used. | ||
| # DNS management provider used. |
There was a problem hiding this comment.
not sure management is needed here
There was a problem hiding this comment.
Yeah well, it's arguably unnecessary.
docs/configuration/acme.md
Outdated
| # | ||
| # Required | ||
| # | ||
| # provider = "digitalocean" | ||
|
|
||
| # By default, the provider will verify the TXT DNS challenge record before letting ACME verify. | ||
| # If delayBeforeCheck is greater than zero, avoid this & instead just wait so many seconds. | ||
| # If delayBeforeCheck is greater than zero, this is avoided and the given duration in seconds is waited. |
There was a problem hiding this comment.
If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
docs/configuration/acme.md
Outdated
| - a JSON file, | ||
| - a KV store entry. | ||
| By default, the `provider` will verify the TXT DNS challenge record before letting ACME verify. | ||
| If `delayBeforeCheck` is greater than zero, this is avoided and the given duration in seconds is waited. |
docs/configuration/acme.md
Outdated
|
|
||
| !!! note | ||
| It's possible to store up to approximately 100 ACME certificates in Consul. | ||
| It is impossible possible to define a wildcard on a wildcard domain (for example `*.*.local.com`). |
There was a problem hiding this comment.
It is not possible to request a double wildcard certificate for a domain (for example ..local.com)
docs/configuration/acme.md
Outdated
| !!! note | ||
| It's possible to store up to approximately 100 ACME certificates in Consul. | ||
| It is impossible possible to define a wildcard on a wildcard domain (for example `*.*.local.com`). | ||
| Due to ACME limitation it is neither possible to define wildcards in SANs (alternative domains). Thus, the wildcard domain has to be defined as a main domain. |
docs/configuration/acme.md
Outdated
| All DNS providers allow creating ACME wildcard certificates. | ||
| However, many troubles can appear for wildcard domains with SANs. | ||
| !!! note | ||
| When Træfik is launched in a container the storage file's parent directory needs to be mounted to be able to access the backup file on the host. |
There was a problem hiding this comment.
launched in a container, the storage
|
|
||
| For example : if `acme.storage` value is `/etc/traefik/acme/acme.json`, the backup file will be named `/etc/traefik/acme/acme.json.bak`. | ||
| 1. ACME certificates already generated before downtime | ||
| 1. Expired ACME certificates |
There was a problem hiding this comment.
This should be interpreted as 2. by markdown renderers (GitHub does that). This way one can easily add a new list element without the need to increment all following.
docs/configuration/acme.md
Outdated
|
|
||
| !!! note | ||
| When Træfik is launched in a container, do not forget to create a volume of the parent folder to get the backup file on the host. | ||
| Otherwise, the backup file will be permanently deleted when the container is stopped, and Træfik will not be able to generate it again. | ||
| For new (sub)domains which need Let's Encrypt authentification the default Træfik certificate will be used until Træfik is restarted. |
There was a problem hiding this comment.
which need Let's Encrypt certificates generated, the default
traefiker
added
bot/merge-retry-1
status/4-merge-in-progress
and removed
bot/merge-retry-1
labels
~ Corrected several stylistic inadequacies ~ Ordered topics lexicographically ~ Merged the two provider tables into one ~ Fixed some links ~ Removed duplication in multiple occurrences
~ Implements requested changes by @dtomcej
|
Nice, thank you guys! |
What does this PR do?
Motivation
The obvious stylistic inadequacies in the ACME docs article.
More
Additional Notes
Please have a glance over my updated descriptions of methods and problems and check if they are indeed correct.