feat(dns-alias): support dns alias
document https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
This commit is contained in:
parent
dbf0abd5fd
commit
571d0d9f10
26
README.md
26
README.md
|
@ -238,6 +238,13 @@ acme_sh_default_issue_renew_hook: ""
|
||||||
# instead of being created and set for renewal. This will not uninstall acme.sh.
|
# instead of being created and set for renewal. This will not uninstall acme.sh.
|
||||||
acme_sh_default_remove: False
|
acme_sh_default_remove: False
|
||||||
|
|
||||||
|
# acme.sh dns alias document https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
|
||||||
|
# If your DNS provider doesn't support API access,
|
||||||
|
# or if you're concerned about security problems from giving the DNS API access to your main domain,
|
||||||
|
# then you can use DNS alias mode.
|
||||||
|
acme_sh_default_domain_alias: ""
|
||||||
|
acme_sh_default_challenge_aliass: ""
|
||||||
|
|
||||||
# This list contains a list of domains, along with key / value pairs to
|
# This list contains a list of domains, along with key / value pairs to
|
||||||
# configure each set of domains individually.
|
# configure each set of domains individually.
|
||||||
#
|
#
|
||||||
|
@ -279,6 +286,8 @@ acme_sh_domains:
|
||||||
# extra_issue_renew_hook: ""
|
# extra_issue_renew_hook: ""
|
||||||
# # Optionally remove and disable the certificate.
|
# # Optionally remove and disable the certificate.
|
||||||
# remove: True
|
# remove: True
|
||||||
|
# # Optionally domain dns alias.
|
||||||
|
# challenge_alias: alias-2-example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
## Example usage
|
## Example usage
|
||||||
|
@ -314,6 +323,9 @@ acme_sh_default_dns_provider_api_keys:
|
||||||
"CF_Key": "THE_API_SECRET_TOKEN_FROM_THE_CLOUDFLARE_DASHBOARD"
|
"CF_Key": "THE_API_SECRET_TOKEN_FROM_THE_CLOUDFLARE_DASHBOARD"
|
||||||
"CF_Email: "you@example.com"
|
"CF_Email: "you@example.com"
|
||||||
|
|
||||||
|
# An example alias domain for DNS alias mode, document https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
|
||||||
|
acme_sh_default_challenge_aliass: "alias-example.com"
|
||||||
|
|
||||||
# Reloading nginx inside of a Docker container that is named "nginx".
|
# Reloading nginx inside of a Docker container that is named "nginx".
|
||||||
# If you are running nginx in a Docker container then you'll also need to volume
|
# If you are running nginx in a Docker container then you'll also need to volume
|
||||||
# mount in your certificates, but I'm sure you knew that already!
|
# mount in your certificates, but I'm sure you knew that already!
|
||||||
|
@ -346,6 +358,20 @@ acme_sh_domains:
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# 1 certificate file for all of the domains.
|
||||||
|
# use dns and dns alias
|
||||||
|
acme_sh_domains:
|
||||||
|
- domains: ["example.com", "www.example.com"]
|
||||||
|
challenge_alias: alias-example.com
|
||||||
|
|
||||||
|
# Produces this on your server:
|
||||||
|
# /etc/ssl/ansible/example.com.key (the private key)
|
||||||
|
# /etc/ssl/ansible/example.com.pem (the full chain certificate)
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
# 2 certificate files using the same example but the admin certificate will get
|
# 2 certificate files using the same example but the admin certificate will get
|
||||||
# removed and disabled.
|
# removed and disabled.
|
||||||
acme_sh_domains:
|
acme_sh_domains:
|
||||||
|
|
|
@ -43,4 +43,7 @@ acme_sh_default_issue_renew_hook: ""
|
||||||
|
|
||||||
acme_sh_default_remove: False
|
acme_sh_default_remove: False
|
||||||
|
|
||||||
|
acme_sh_default_challenge_alias: ""
|
||||||
|
acme_sh_default_domain_alias: ""
|
||||||
|
|
||||||
acme_sh_domains: []
|
acme_sh_domains: []
|
||||||
|
|
|
@ -139,6 +139,8 @@
|
||||||
./acme.sh --issue -d {{ item.domains | join(" -d ") }}
|
./acme.sh --issue -d {{ item.domains | join(" -d ") }}
|
||||||
--dns {{ item.dns_provider | default(acme_sh_default_dns_provider) }}
|
--dns {{ item.dns_provider | default(acme_sh_default_dns_provider) }}
|
||||||
--dnssleep {{ item.dns_sleep | default(acme_sh_default_dns_sleep) }}
|
--dnssleep {{ item.dns_sleep | default(acme_sh_default_dns_sleep) }}
|
||||||
|
{{ "--domain-alias" if item.domain_alias | default(acme_sh_default_domain_alias|default("")) else ""}}
|
||||||
|
{{ "--challenge-alias " + '"' + item.challenge_alias | default(acme_sh_default_challenge_aliass) + '"' if item.challenge_alias | default(acme_sh_default_challenge_aliass|default("")) else "" }}
|
||||||
{{ "--force" if item.force_issue | default(acme_sh_default_force_issue) else "" }}
|
{{ "--force" if item.force_issue | default(acme_sh_default_force_issue) else "" }}
|
||||||
{{ "--staging" if item.staging | default(acme_sh_default_staging) else "" }}
|
{{ "--staging" if item.staging | default(acme_sh_default_staging) else "" }}
|
||||||
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
|
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
|
||||||
|
|
Loading…
Reference in New Issue