ACME: Difference between revisions

Newer edit →
VisualWikitext
imported>Onny
Initial page
 
imported>Onny
mNo edit summary
Line 3: Line 3:
== Setup ==
== Setup ==


Following example setup generates certificates using DNS validation.
Following example setup generates certificates using DNS validation. [https://letsencrypt.org/repository/ Let's Encrypt ToS] has to be accepted. Further the contact mail <code>admin+acme@example.com</code> is defined.


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
Line 9: Line 9:
   acceptTerms = true;
   acceptTerms = true;
   defaults.email = "admin+acme@example.com";
   defaults.email = "admin+acme@example.com";
   certs."example.com" = {
   certs."mx1.example.org" = {
    domain = "*.example.com";
     dnsProvider = "inwx";
     dnsProvider = "rfc2136";
     credentialsFile = config.sops.secrets.lego-inwx-credentials.path;
     credentialsFile = "/var/lib/secrets/certs.secret";
     # Suplying password files like this will make your credentials world-readable
     # We don't need to wait for propagation since this is a local DNS server
    # in the Nix store. This is for demonstration purpose only, do not use this in production.
     dnsPropagationCheck = false;
     credentialsFile = "${pkgs.writeText "inwx-creds" ''
      INWX_USERNAME=xxxxxxxxxx
      INWX_PASSWORD=yyyyyyyyyy
    ''}";
   };
   };
};
};
</syntaxhighlight>
</syntaxhighlight>
Certificates are getting generated for the domain <code>mx1.example.org</code> using the DNS provider <code>inwx</code>. See [https://go-acme.github.io/lego/dns upstream documentation] on available providers and their specific configuration for the <code>credentialsFile</code> option.


== See also ==
== See also ==


* NixOS manual on [https://nixos.org/manual/nixos/stable/index.html#module-security-acme SSL/TLS Certificates with ACME]
* NixOS manual on [https://nixos.org/manual/nixos/stable/index.html#module-security-acme SSL/TLS Certificates with ACME]
Retrieved from "https://wiki.nixos.org/wiki/ACME"