Handler is an ACME server handler.
| 49 | |
| 50 | // Handler is an ACME server handler. |
| 51 | type Handler struct { |
| 52 | // The ID of the CA to use for signing. This refers to |
| 53 | // the ID given to the CA in the `pki` app. If omitted, |
| 54 | // the default ID is "local". |
| 55 | CA string `json:"ca,omitempty"` |
| 56 | |
| 57 | // The lifetime for issued certificates |
| 58 | Lifetime caddy.Duration `json:"lifetime,omitempty"` |
| 59 | |
| 60 | // The hostname or IP address by which ACME clients |
| 61 | // will access the server. This is used to populate |
| 62 | // the ACME directory endpoint. If not set, the Host |
| 63 | // header of the request will be used. |
| 64 | // COMPATIBILITY NOTE / TODO: This property may go away in the |
| 65 | // future. Do not rely on this property long-term; check release notes. |
| 66 | Host string `json:"host,omitempty"` |
| 67 | |
| 68 | // The path prefix under which to serve all ACME |
| 69 | // endpoints. All other requests will not be served |
| 70 | // by this handler and will be passed through to |
| 71 | // the next one. Default: "/acme/". |
| 72 | // COMPATIBILITY NOTE / TODO: This property may go away in the |
| 73 | // future, as it is currently only required due to |
| 74 | // limitations in the underlying library. Do not rely |
| 75 | // on this property long-term; check release notes. |
| 76 | PathPrefix string `json:"path_prefix,omitempty"` |
| 77 | |
| 78 | // If true, the CA's root will be the issuer instead of |
| 79 | // the intermediate. This is NOT recommended and should |
| 80 | // only be used when devices/clients do not properly |
| 81 | // validate certificate chains. EXPERIMENTAL: Might be |
| 82 | // changed or removed in the future. |
| 83 | SignWithRoot bool `json:"sign_with_root,omitempty"` |
| 84 | |
| 85 | // The addresses of DNS resolvers to use when looking up |
| 86 | // the TXT records for solving DNS challenges. |
| 87 | // It accepts [network addresses](/docs/conventions#network-addresses) |
| 88 | // with port range of only 1. If the host is an IP address, |
| 89 | // it will be dialed directly to resolve the upstream server. |
| 90 | // If the host is not an IP address, the addresses are resolved |
| 91 | // using the [name resolution convention](https://golang.org/pkg/net/#hdr-Name_Resolution) |
| 92 | // of the Go standard library. If the array contains more |
| 93 | // than 1 resolver address, one is chosen at random. |
| 94 | Resolvers []string `json:"resolvers,omitempty"` |
| 95 | |
| 96 | // Specify the set of enabled ACME challenges. An empty or absent value |
| 97 | // means all challenges are enabled. Accepted values are: |
| 98 | // "http-01", "dns-01", "tls-alpn-01" |
| 99 | Challenges ACMEChallenges `json:"challenges,omitempty" ` |
| 100 | |
| 101 | // The policy to use for issuing certificates |
| 102 | Policy *Policy `json:"policy,omitempty"` |
| 103 | |
| 104 | logger *zap.Logger |
| 105 | resolvers []caddy.NetworkAddress |
| 106 | ctx caddy.Context |
| 107 | |
| 108 | acmeDB acme.DB |
nothing calls this directly
no outgoing calls
no test coverage detected