feat(dns-alias): support dns alias
document https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
This commit is contained in:
parent
dbf0abd5fd
commit
571d0d9f10
26
README.md
26
README.md
|
@ -238,6 +238,13 @@ acme_sh_default_issue_renew_hook: ""
|
|||
# instead of being created and set for renewal. This will not uninstall acme.sh.
|
||||
acme_sh_default_remove: False
|
||||
|
||||
# acme.sh dns alias document https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
|
||||
# If your DNS provider doesn't support API access,
|
||||
# or if you're concerned about security problems from giving the DNS API access to your main domain,
|
||||
# then you can use DNS alias mode.
|
||||
acme_sh_default_domain_alias: ""
|
||||
acme_sh_default_challenge_aliass: ""
|
||||
|
||||
# This list contains a list of domains, along with key / value pairs to
|
||||
# configure each set of domains individually.
|
||||
#
|
||||
|
@ -279,6 +286,8 @@ acme_sh_domains:
|
|||
# extra_issue_renew_hook: ""
|
||||
# # Optionally remove and disable the certificate.
|
||||
# remove: True
|
||||
# # Optionally domain dns alias.
|
||||
# challenge_alias: alias-2-example.com
|
||||
```
|
||||
|
||||
## Example usage
|
||||
|
@ -314,6 +323,9 @@ acme_sh_default_dns_provider_api_keys:
|
|||
"CF_Key": "THE_API_SECRET_TOKEN_FROM_THE_CLOUDFLARE_DASHBOARD"
|
||||
"CF_Email: "you@example.com"
|
||||
|
||||
# An example alias domain for DNS alias mode, document https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
|
||||
acme_sh_default_challenge_aliass: "alias-example.com"
|
||||
|
||||
# Reloading nginx inside of a Docker container that is named "nginx".
|
||||
# If you are running nginx in a Docker container then you'll also need to volume
|
||||
# mount in your certificates, but I'm sure you knew that already!
|
||||
|
@ -346,6 +358,20 @@ acme_sh_domains:
|
|||
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
# 1 certificate file for all of the domains.
|
||||
# use dns and dns alias
|
||||
acme_sh_domains:
|
||||
- domains: ["example.com", "www.example.com"]
|
||||
challenge_alias: alias-example.com
|
||||
|
||||
# Produces this on your server:
|
||||
# /etc/ssl/ansible/example.com.key (the private key)
|
||||
# /etc/ssl/ansible/example.com.pem (the full chain certificate)
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
# 2 certificate files using the same example but the admin certificate will get
|
||||
# removed and disabled.
|
||||
acme_sh_domains:
|
||||
|
|
|
@ -43,4 +43,7 @@ acme_sh_default_issue_renew_hook: ""
|
|||
|
||||
acme_sh_default_remove: False
|
||||
|
||||
acme_sh_default_challenge_alias: ""
|
||||
acme_sh_default_domain_alias: ""
|
||||
|
||||
acme_sh_domains: []
|
||||
|
|
|
@ -139,6 +139,8 @@
|
|||
./acme.sh --issue -d {{ item.domains | join(" -d ") }}
|
||||
--dns {{ item.dns_provider | default(acme_sh_default_dns_provider) }}
|
||||
--dnssleep {{ item.dns_sleep | default(acme_sh_default_dns_sleep) }}
|
||||
{{ "--domain-alias" if item.domain_alias | default(acme_sh_default_domain_alias|default("")) else ""}}
|
||||
{{ "--challenge-alias " + '"' + item.challenge_alias | default(acme_sh_default_challenge_aliass) + '"' if item.challenge_alias | default(acme_sh_default_challenge_aliass|default("")) else "" }}
|
||||
{{ "--force" if item.force_issue | default(acme_sh_default_force_issue) else "" }}
|
||||
{{ "--staging" if item.staging | default(acme_sh_default_staging) else "" }}
|
||||
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
|
||||
|
|
Loading…
Reference in New Issue