gardar
commented
1 year ago You should be able to do that by setting server_url in the acme account
Open UmanGarbag opened 1 year ago
gardar
commented
1 year ago You should be able to do that by setting server_url in the acme account
UmanGarbag
commented
1 year ago I have already try this option.
Can you share me a concrete example ?
gardar
commented
1 year ago Sure, here's how I used that option to use the staging letsencrypt server:
$ vault secrets enable -path letsencrypt_staging -plugin-name acme plugin
$ vault secrets tune -max-lease-ttl=8760h letsencrypt_staging
$ vault write letsencrypt_staging/accounts/myaccount \
contact=letsencrypt@mydomain.tld \
server_url=https://acme-staging-v02.api.letsencrypt.org/directory \
terms_of_service_agreed=true \
provider=cloudflare \
provider_configuration={CF_ZONE_API_TOKEN=token1,CF_DNS_API_TOKEN=token2,CLOUDFLARE_POLLING_INTERVAL=10} \
ignore_dns_propagation=true \
dns_resolvers=\[1.1.1.1\]
$ vault write letsencrypt_staging/roles/mydomain.tld \
account=myaccount \
allowed_domains=mydomain.tld \
allow_bare_domains=true \
allow_subdomains=trueThanks ! But i don't know if i can use the argument provider "cloudfare" for a internal acme server (not accessible in internet).
UmanGarbag
commented
1 year ago For information i'm using a acme server from smallstepca
gardar
commented
1 year ago In that case you perhaps want to use the http01 challenge rather than dns
https://github.com/remilapeyre/vault-acme/blob/master/website/source/docs/secrets/acme/index.html.md https://github.com/remilapeyre/vault-acme/blob/master/website/source/docs/secrets/acme/sidecar.html.md
UmanGarbag
commented
1 year ago Thanks for the answer, is it possible to have a example ? The documentation about sidecar is incomplete.
Hello,
I'm using a internal acme server, i would like to generate certificate for my vault instance with this plugin. I didn't found how can i do that.
Can someone help me.
Thanks