# Enable ACME (Let's Encrypt): automatic SSL. # Email address used for registration. # # Required # --certificatesresolvers.myresolver.acme.email=test@example.com # File or key used for certificates storage. # # Required # --certificatesresolvers.myresolver.acme.storage=acme.json # CA server to use. # Uncomment the line to use Let's Encrypt's staging server, # leave commented to go to prod. # # Optional # Default: "https://acme-v02.api.letsencrypt.org/directory" # --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory # The certificates' duration in hours. # It defaults to 2160 (90 days) to follow Let's Encrypt certificates' duration. # # Optional # Default: 2160 # --certificatesresolvers.myresolver.acme.certificatesDuration=2160 # Preferred chain to use. # # If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. # If no match, the default offered chain will be used. # # Optional # Default: "" # --certificatesresolvers.myresolver.acme.preferredchain="ISRG Root X1" # KeyType to use. # # Optional # Default: "RSA4096" # # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192" # --certificatesresolvers.myresolver.acme.keytype=RSA4096 # Use a TLS-ALPN-01 ACME challenge. # # Optional (but recommended) # --certificatesresolvers.myresolver.acme.tlschallenge=true # Use a HTTP-01 ACME challenge. # # Optional # --certificatesresolvers.myresolver.acme.httpchallenge=true # EntryPoint to use for the HTTP-01 challenges. # # Required # --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web # Use a DNS-01 ACME challenge rather than HTTP-01 challenge. # Note: mandatory for wildcard certificate generation. # # Optional # --certificatesresolvers.myresolver.acme.dnschallenge=true # DNS provider used. # # Required # --certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean # By default, the provider will verify the TXT DNS challenge record before letting ACME verify. # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds. # Useful if internal networks block external DNS queries. # # Optional # Default: 0 # --certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0 # Use following DNS servers to resolve the FQDN authority. # # Optional # Default: empty # --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53 # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. # # NOT RECOMMENDED: # Increase the risk of reaching Let's Encrypt's rate limits. # # Optional # Default: false # --certificatesresolvers.myresolver.acme.dnschallenge.disablepropagationcheck=true