-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Acme updates -- Allow for External Account Binding #253
Acme updates -- Allow for External Account Binding #253
Conversation
Directions for testing using a ZeroSSL Account. This assumes your server is web accessible from the general internet, and a valid domain resolves. If using AWS, I assume you can use the ec2 address that is automatically provisioned without having a custom domain name.
|
d072ce8
to
4f51e3b
Compare
e4cdcdd
to
9106f8e
Compare
Having difficulty registering a domain with zerossl.com |
Allows for the support of External Account Binding to request SSL Certificates through a provider that supports EAB and ACME. Add's support for specifying the Key Type via the ACME_KEY_TYPE variable. Defaults to RSA4096 (Traefik's Default) Some example providers include InCommon and ZeroSSL
Instead of hiding it in the documentation and in the docker-compose.acme.yml and docker-compose.traefik.yml files, adding it to the sample.env file
Just curious if there is any chance of getting this merged "as-is", since it should be a no-op for those that don't use it? |
Thank you @DonRichards! |
Adds support for External Account Binding with ACME
Allows for the support of External Account Binding to request SSL Certificates through a provider that supports EAB and ACME.
Some example providers include InCommon and ZeroSSL
I also exposed the
TRAEFIK_LOG_LEVEL
in the sample.env instead of hiding it.Possible test plan:
Ensure existing setups still work:
make -B docker-compose.yml
make up
Ensure new SSL Certificate from an ACME provider with an External Account Binding (EAB)works
ACME_SERVER
,ACME_EAB_KID
,ACME_EAB_HMAC
make -B docker-compose.yml
make up
For more info about EAB from Traefik please visit https://doc.traefik.io/traefik/https/acme/#external-account-binding
For some info about EAB and ACME from ZeroSSL please see https://zerossl.com/documentation/acme/ ... I have an Incommon account, so I did not look into ZeroSSL, but assuming it is a similar setup??
Related Tickets
#253 (Merged)
#252
Islandora/documentation#2096