diff --git a/README.md b/README.md index c857b4d..e92fe84 100644 --- a/README.md +++ b/README.md @@ -78,11 +78,12 @@ Once the certificate is installed, you can use the `certs:*` built-in commands t ## Configuration `dokku-letsencrypt` uses the [Dokku environment variable manager](http://dokku.viewdocs.io/dokku/configuration-management/) for all configuration. The important environment variables are: -Variable | Default | Description ---------------------------------|-------------|------------------------------------------------------------------------- -`DOKKU_LETSENCRYPT_EMAIL` | (none) | **REQUIRED:** E-mail address to use for registering with Let's Encrypt. -`DOKKU_LETSENCRYPT_GRACEPERIOD` | 30 days | Time in seconds left on a certificate before it should get renewed -`DOKKU_LETSENCRYPT_SERVER` | default | Which ACME server to use. Can be 'default', 'staging' or a URL +Variable | Default | Description +--------------------------------|-----------------------|--------------------------------------------------------------------------------- +`DOKKU_LETSENCRYPT_EMAIL` | (none) | **REQUIRED:** E-mail address to use for registering with Let's Encrypt. +`DOKKU_LETSENCRYPT_GRACEPERIOD` | 30 days | Time in seconds left on a certificate before it should get renewed +`DOKKU_LETSENCRYPT_SERVER` | default | Which ACME server to use. Can be 'default', 'staging' or a URL +`DOKKU_LETSENCRYPT_TOS_HASH` | (simp\_le-controlled) | Set the SHA256 hash of the let's encrypt terms of service version you agree to. You can set a setting using `dokku config:set --no-restart SETTING_NAME=setting_value`. When looking for a setting, the plugin will first look if it was defined for the current app and fall back to settings defined by `--global`. diff --git a/functions b/functions index 25c1962..df8b793 100755 --- a/functions +++ b/functions @@ -141,6 +141,13 @@ letsencrypt_configure_and_get_dir() { server="https://acme-staging.api.letsencrypt.org/directory" fi + # get the selected terms of service (TOS) hash + local tos_hash=${DOKKU_LETSENCRYPT_TOS_HASH} + local tos_hash_arg='' + if [ ! -z "$tos_hash" ]; then + tos_hash_arg="--tos_sha256 $tos_hash " + fi + # construct domain arguments local domains="$(get_app_domains "$app")" local domain_args='' @@ -149,7 +156,7 @@ letsencrypt_configure_and_get_dir() { domain_args="$domain_args -d $domain" done - local config="--server $server --email $DOKKU_LETSENCRYPT_EMAIL $domain_args" + local config="--server $server --email $DOKKU_LETSENCRYPT_EMAIL ${tos_hash_arg}${domain_args}" local config_hash=$(echo "$config" | sha1sum | awk '{print $1}') local config_dir="$le_root/certs/$config_hash"; mkdir -p "$config_dir"