ACMEIssuer manages certificates using the ACME protocol (RFC 8555).
| 43 | |
| 44 | // ACMEIssuer manages certificates using the ACME protocol (RFC 8555). |
| 45 | type ACMEIssuer struct { |
| 46 | // The URL to the CA's ACME directory endpoint. Default: |
| 47 | // https://acme-v02.api.letsencrypt.org/directory |
| 48 | CA string `json:"ca,omitempty"` |
| 49 | |
| 50 | // The URL to the test CA's ACME directory endpoint. |
| 51 | // This endpoint is only used during retries if there |
| 52 | // is a failure using the primary CA. Default: |
| 53 | // https://acme-staging-v02.api.letsencrypt.org/directory |
| 54 | TestCA string `json:"test_ca,omitempty"` |
| 55 | |
| 56 | // Your email address, so the CA can contact you if necessary. |
| 57 | // Not required, but strongly recommended to provide one so |
| 58 | // you can be reached if there is a problem. Your email is |
| 59 | // not sent to any Caddy mothership or used for any purpose |
| 60 | // other than ACME transactions. |
| 61 | Email string `json:"email,omitempty"` |
| 62 | |
| 63 | // Optionally select an ACME profile to use for certificate |
| 64 | // orders. Must be a profile name offered by the ACME server, |
| 65 | // which are listed at its directory endpoint. |
| 66 | // |
| 67 | // EXPERIMENTAL: Subject to change. |
| 68 | // See https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/ |
| 69 | Profile string `json:"profile,omitempty"` |
| 70 | |
| 71 | // If you have an existing account with the ACME server, put |
| 72 | // the private key here in PEM format. The ACME client will |
| 73 | // look up your account information with this key first before |
| 74 | // trying to create a new one. You can use placeholders here, |
| 75 | // for example if you have it in an environment variable. |
| 76 | AccountKey string `json:"account_key,omitempty"` |
| 77 | |
| 78 | // If using an ACME CA that requires an external account |
| 79 | // binding, specify the CA-provided credentials here. |
| 80 | ExternalAccount *acme.EAB `json:"external_account,omitempty"` |
| 81 | |
| 82 | // Time to wait before timing out an ACME operation. |
| 83 | // Default: 0 (no timeout) |
| 84 | ACMETimeout caddy.Duration `json:"acme_timeout,omitempty"` |
| 85 | |
| 86 | // Configures the various ACME challenge types. |
| 87 | Challenges *ChallengesConfig `json:"challenges,omitempty"` |
| 88 | |
| 89 | // An array of files of CA certificates to accept when connecting to the |
| 90 | // ACME CA. Generally, you should only use this if the ACME CA endpoint |
| 91 | // is internal or for development/testing purposes. |
| 92 | TrustedRootsPEMFiles []string `json:"trusted_roots_pem_files,omitempty"` |
| 93 | |
| 94 | // Preferences for selecting alternate certificate chains, if offered |
| 95 | // by the CA. By default, the first offered chain will be selected. |
| 96 | // If configured, the chains may be sorted and the first matching chain |
| 97 | // will be selected. |
| 98 | PreferredChains *ChainPreference `json:"preferred_chains,omitempty"` |
| 99 | |
| 100 | // The validity period to ask the CA to issue a certificate for. |
| 101 | // Default: 0 (CA chooses lifetime). |
| 102 | // This value is used to compute the "notAfter" field of the ACME order; |
nothing calls this directly
no outgoing calls
no test coverage detected