MCPcopy
hub / github.com/caddyserver/caddy / ACMEIssuer

Struct ACMEIssuer

modules/caddytls/acmeissuer.go:45–118  ·  view source on GitHub ↗

ACMEIssuer manages certificates using the ACME protocol (RFC 8555).

Source from the content-addressed store, hash-verified

43
44// ACMEIssuer manages certificates using the ACME protocol (RFC 8555).
45type ACMEIssuer struct {
46 // The URL to the CA's ACME directory endpoint. Default:
47 // https://acme-v02.api.letsencrypt.org/directory
48 CA string `json:"ca,omitempty"`
49
50 // The URL to the test CA's ACME directory endpoint.
51 // This endpoint is only used during retries if there
52 // is a failure using the primary CA. Default:
53 // https://acme-staging-v02.api.letsencrypt.org/directory
54 TestCA string `json:"test_ca,omitempty"`
55
56 // Your email address, so the CA can contact you if necessary.
57 // Not required, but strongly recommended to provide one so
58 // you can be reached if there is a problem. Your email is
59 // not sent to any Caddy mothership or used for any purpose
60 // other than ACME transactions.
61 Email string `json:"email,omitempty"`
62
63 // Optionally select an ACME profile to use for certificate
64 // orders. Must be a profile name offered by the ACME server,
65 // which are listed at its directory endpoint.
66 //
67 // EXPERIMENTAL: Subject to change.
68 // See https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/
69 Profile string `json:"profile,omitempty"`
70
71 // If you have an existing account with the ACME server, put
72 // the private key here in PEM format. The ACME client will
73 // look up your account information with this key first before
74 // trying to create a new one. You can use placeholders here,
75 // for example if you have it in an environment variable.
76 AccountKey string `json:"account_key,omitempty"`
77
78 // If using an ACME CA that requires an external account
79 // binding, specify the CA-provided credentials here.
80 ExternalAccount *acme.EAB `json:"external_account,omitempty"`
81
82 // Time to wait before timing out an ACME operation.
83 // Default: 0 (no timeout)
84 ACMETimeout caddy.Duration `json:"acme_timeout,omitempty"`
85
86 // Configures the various ACME challenge types.
87 Challenges *ChallengesConfig `json:"challenges,omitempty"`
88
89 // An array of files of CA certificates to accept when connecting to the
90 // ACME CA. Generally, you should only use this if the ACME CA endpoint
91 // is internal or for development/testing purposes.
92 TrustedRootsPEMFiles []string `json:"trusted_roots_pem_files,omitempty"`
93
94 // Preferences for selecting alternate certificate chains, if offered
95 // by the CA. By default, the first offered chain will be selected.
96 // If configured, the chains may be sorted and the first matching chain
97 // will be selected.
98 PreferredChains *ChainPreference `json:"preferred_chains,omitempty"`
99
100 // The validity period to ask the CA to issue a certificate for.
101 // Default: 0 (CA chooses lifetime).
102 // This value is used to compute the "notAfter" field of the ACME order;

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected