From 3b9480b3f9bf39a39a00205a02fe1888cb2fcc2a Mon Sep 17 00:00:00 2001 From: Thomas Misilo Date: Thu, 21 Apr 2022 16:54:54 -0500 Subject: [PATCH] Add support for External Account Binding with ACME Allows for the support of External Account Binding to request SSL Certificates through a provider that supports EAB and ACME. Some example providers include InCommon and ZeroSSL --- docker-compose.acme.yml | 3 +++ sample.env | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/docker-compose.acme.yml b/docker-compose.acme.yml index de43d6d706..5a1a59a7ad 100644 --- a/docker-compose.acme.yml +++ b/docker-compose.acme.yml @@ -28,6 +28,9 @@ services: - --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL-your-email@example.com} - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json - --certificatesResolvers.myresolver.acme.caServer=${ACME_SERVER-https://acme-v02.api.letsencrypt.org/directory} + - --certificatesresolvers.myresolver.acme.certificatesduration=${ACME_CERT_DURATION-2160} + - --certificatesresolvers.myresolver.acme.eab.kid=${ACME_EAB_KID-} + - --certificatesresolvers.myresolver.acme.eab.hmacencoded=${ACME_EAB_HMAC-} volumes: - ./acme:/acme:rw cantaloupe: diff --git a/sample.env b/sample.env index f447fbf0aa..52267a9e29 100644 --- a/sample.env +++ b/sample.env @@ -41,6 +41,13 @@ USE_ACME=false # Specify email to tie SSL Certificate to with ACME provider ACME_EMAIL=your-email@example.com +# ACME Defaults for Let's Encrypt Service +# ACME_SERVER=https://acme-v02.api.letsencrypt.org/directory +# Default duration for the certificate is 90 days or 2,160 hours for Let's Encrypt +# ACME_CERT_DURATION=2160 +# ACME_EAB_KID= +# ACME_EAB_HMAC= + # Includes `watchtower` as a service. INCLUDE_WATCHTOWER_SERVICE=false