ACME: Difference between revisions
imported>Onny Initial page |
imported>Onny mNo edit summary |
||
Line 3: | Line 3: | ||
== Setup == | == Setup == | ||
Following example setup generates certificates using DNS validation. | Following example setup generates certificates using DNS validation. [https://letsencrypt.org/repository/ Let's Encrypt ToS] has to be accepted. Further the contact mail <code>admin+acme@example.com</code> is defined. | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
Line 9: | Line 9: | ||
acceptTerms = true; | acceptTerms = true; | ||
defaults.email = "admin+acme@example.com"; | defaults.email = "admin+acme@example.com"; | ||
certs."example. | certs."mx1.example.org" = { | ||
dnsProvider = "inwx"; | |||
dnsProvider = " | credentialsFile = config.sops.secrets.lego-inwx-credentials.path; | ||
credentialsFile = | # Suplying password files like this will make your credentials world-readable | ||
# | # in the Nix store. This is for demonstration purpose only, do not use this in production. | ||
credentialsFile = "${pkgs.writeText "inwx-creds" '' | |||
INWX_USERNAME=xxxxxxxxxx | |||
INWX_PASSWORD=yyyyyyyyyy | |||
''}"; | |||
}; | }; | ||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Certificates are getting generated for the domain <code>mx1.example.org</code> using the DNS provider <code>inwx</code>. See [https://go-acme.github.io/lego/dns upstream documentation] on available providers and their specific configuration for the <code>credentialsFile</code> option. | |||
== See also == | == See also == | ||
* NixOS manual on [https://nixos.org/manual/nixos/stable/index.html#module-security-acme SSL/TLS Certificates with ACME] | * NixOS manual on [https://nixos.org/manual/nixos/stable/index.html#module-security-acme SSL/TLS Certificates with ACME] |