mirrors/acme-dns
1
0
Fork 0
mirror of https://github.com/joohoi/acme-dns.git synced 2024-12-22 21:53:52 +07:00
Code Issues Packages Projects Releases Wiki Activity

README: Add warning/advice about HTTPS API. (#169)

Browse Source 
This commit updates the README to add a brief description of the `tls`
configuration options. In particular using `tls = "letsencrypt"` is
recommended and a warning is added about using `tls = "cert"` and
allowing the certificate to expire.
This commit is contained in:
Daniel McCarney 2019-06-12 08:42:23 -04:00 committed by Joona Hoikkala
parent c13035a344
commit e1f1d6af34
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
README.md
View File

@ -302,6 +302,25 @@ logtype = "stdout"
logformat = "text" logformat = "text"
``` ```
## HTTPS API
The RESTful acme-dns API can be exposed over HTTPS in two ways:
1. Using `tls = "letsencrypt"` and letting acme-dns issue its own certificate
automatically with Let's Encrypt.
1. Using `tls = "cert"` and providing your own HTTPS certificate chain and
private key with `tls_cert_fullchain` and `tls_cert_privkey`.
Where possible the first option is recommended. This is the easiest and safest
way to have acme-dns expose its API over HTTPS.
**Warning**: If you choose to use `tls = "cert"` you must take care that the
certificate *does not expire*! If it does and the ACME client you use to issue the
certificate depends on the ACME DNS API to update TXT records you will be stuck
in a position where the API certificate has expired but it can't be renewed
because the ACME client will refuse to connect to the ACME DNS API it needs to
use for the renewal.
## Clients ## Clients
- acme.sh: [https://github.com/Neilpang/acme.sh](https://github.com/Neilpang/acme.sh) - acme.sh: [https://github.com/Neilpang/acme.sh](https://github.com/Neilpang/acme.sh)