Acme updates -- Allow for External Account Binding #253
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Apr 25, 2022
|
Directions for testing using a ZeroSSL Account. This assumes your server is web accessible from the general internet, and a valid domain resolves. If using AWS, I assume you can use the ec2 address that is automatically provisioned without having a custom domain name.
|
misilot
force-pushed
the
acme-updates
branch
2 times, most recently
from
d072ce8
to
4f51e3b
Compare
misilot
force-pushed
the
acme-updates
branch
2 times, most recently
from
e4cdcdd
to
9106f8e
Compare
|
Having difficulty registering a domain with zerossl.com |
Allows for the support of External Account Binding to request SSL Certificates through a provider that supports EAB and ACME. Add's support for specifying the Key Type via the ACME_KEY_TYPE variable. Defaults to RSA4096 (Traefik's Default) Some example providers include InCommon and ZeroSSL
Instead of hiding it in the documentation and in the docker-compose.acme.yml and docker-compose.traefik.yml files, adding it to the sample.env file
|
Just curious if there is any chance of getting this merged "as-is", since it should be a no-op for those that don't use it? |
7 tasks
DonRichards
approved these changes
Jan 13, 2023
|
Thank you @DonRichards! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds support for External Account Binding with ACME
Allows for the support of External Account Binding to request SSL Certificates through a provider that supports EAB and ACME.
Some example providers include InCommon and ZeroSSL
I also exposed the
TRAEFIK_LOG_LEVELin the sample.env instead of hiding it.Possible test plan:
Ensure existing setups still work:
make -B docker-compose.ymlmake upEnsure new SSL Certificate from an ACME provider with an External Account Binding (EAB)works
ACME_SERVER,ACME_EAB_KID,ACME_EAB_HMACmake -B docker-compose.ymlmake upFor more info about EAB from Traefik please visit https://doc.traefik.io/traefik/https/acme/#external-account-binding
For some info about EAB and ACME from ZeroSSL please see https://zerossl.com/documentation/acme/ ... I have an Incommon account, so I did not look into ZeroSSL, but assuming it is a similar setup??
Related Tickets
#253 (Merged)
#252
Islandora/documentation#2096