We currently don't show content on renewals, but when we do (a large project), we should add an ACME renewal flow for Traefik:
Traefik is a modern reverse-proxy with integrated support for ACME. It's easy to get a certificate from Let's Encrypt andy other ACME compatible CAs like step-ca in Traefik, using the tls-alpn-01 ACME challenge type.
Most importantly, Traefik will need to trust your root CA certificate. Either use the LEGO_CA_CERTIFICATES environment variable to provide the full path to your {{ ca_cert }} when running Traefik, or install your root certificate in your system's trust store.
In your Traefik static configuration, you'll need to add a certificatesResolvers block:
We currently don't show content on renewals, but when we do (a large project), we should add an ACME renewal flow for Traefik:
Traefik is a modern reverse-proxy with integrated support for ACME. It's easy to get a certificate from Let's Encrypt andy other ACME compatible CAs like
step-ca
in Traefik, using thetls-alpn-01
ACME challenge type.Most importantly, Traefik will need to trust your root CA certificate. Either use the
LEGO_CA_CERTIFICATES
environment variable to provide the full path to your{{ ca_cert }}
when running Traefik, or install your root certificate in your system's trust store.In your Traefik static configuration, you'll need to add a
certificatesResolvers
block:Then, when you add routers to your dynamic configuration for HTTPS traffic, you need to set
tls
andtls.certResolver
:cc @tashian