是否可以用cloudflare的Origin CA Key代替Global CA Key? #1976
Comments
tankren
changed the title
|
Are you sure origin ca key gives you enough privileges to add a DNS entry? |
|
看了一下, Origin CA Key 不行。 它只能生成证书。 |
|
Will try to see if it works or not when got time, thx for the reply, both |
|
看了一下, Origin CA Key 不行。 它只能生成证书。 |
忘了回复了,昨晚试过,确实不行。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
Debug log
this is not a bug report but new function requirement.
currently, acme is useing api key+user email to generate the cert with DNS-cloudflare method. however it's risky to explose the global api key. and officially from cloudflare, they provide Origin CA Key which is use to "generate TLS certificates for any of your websites on Cloudflare which are only trusted by Cloudflare, but not to read or change any other settings. This is to help keep your websites safe. Origin CA Keys often get deployed on public servers, and in case of compromise, none of your other Cloudflare settings would be accessible." so, could you add this feature in the code? you can refer to "https://api.cloudflare.com/" for details.
thanks.
The text was updated successfully, but these errors were encountered: