20_Configuration.md 3.21 KB
Newer Older
Hahn Axel (hahn)'s avatar
Hahn Axel (hahn) committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# Configuration default file

Copy inc_config.sh.dist to inc_config.sh and make your settings.

## Variables for DNS api access

See https://github.com/acmesh-official/acme.sh/wiki/dnsapi

* set the env vars of your dns provider
* add provider in ACME_Params='--dns [PROVIDER]'

```txt
# -- for infoblox access 
# export Infoblox_Creds='[user]:[Passwort]'
# export Infoblox_Server='infoblox.localhost'
# export ACME_Params='--dns dns_infoblox'
```

Note: you should use single quotes for credentials to prevent unwanted
variable expansion.

## Settings for wrapper cm.sh

| variable           | type   | description                                                | value |
|--------------------|--------|------------------------------------------------------------|-------|
| ACME               | string | location of acme client; relative to cm.sh or as full path | ../acme.sh/acme.sh |
| ACME_params        | string | parameters for acme client: dns, debugging, staging        |  |
| CM_diracme         | string | location of certificate data; relative to cm.sh or as full path | ./certs |
| CM_certmatch       | regex  | matcher to identify domains with dns access; all other domains will use dns alias mode | "\.example\.com" |
| CM_challenge_alias | string | domain for validation with dns alias mode                  | "example.com" |
| CM_user            | string | force a user to execute cm.sh                              | default: none (=any user can run cm.sh) |

## inc_config.sh.dist

```sh
# ======================================================================
#
# add dns credentials and default params here
#
# ======================================================================


# ----------------------------------------------------------------------
# DNS API
# see https://github.com/acmesh-official/acme.sh/wiki/dnsapi
# - set the env vars of your dns provider
# - add provider in ACME_Params='--dns [PROVIDER]'
# ----------------------------------------------------------------------

# -- for infoblox access 
# export Infoblox_Creds='[user]:[Passwort]'
# export Infoblox_Server='infoblox.localhost'
# export ACME_Params='--dns dns_infoblox'


# ----------------------------------------------------------------------
# general settings
# ----------------------------------------------------------------------

# set path to acme.sh
export ACME=../acme.sh/acme.sh

# activate LE staging server for testing ... uncomment it for development
# and testing purposes
# export ACME_Params="$ACME_Params --staging"

# activate debugging in acme.sh commands
# export ACME_Params="$ACME_Params --debug"

# where to write certificate data
# export CM_diracme="./certs"

# check domain names before creating a new certificate
# It is used for faster rejection of a hostname or alias for which you
# have no permission
# export CM_certmatch="\.example\.com"

# if a host is not matching CM_certmatch we will use authentication
# with an alias domain
# export CM_challenge_alias="example.com"

# optional: force a user to execute cm.sh
# this is for a central installation with a software deployment
# like Ansible or puppet; default: none (=any user can run cm.sh)
# export CM_user="ansible"

# ----------------------------------------------------------------------
```