-
Notifications
You must be signed in to change notification settings - Fork 824
Home
Nicolas Duchon edited this page Apr 5, 2021
·
20 revisions
acme-companion is a lightweight companion container for nginx-proxy.
It handles the automated creation, renewal and use of SSL certificates for proxied Docker containers through the ACME protocol.
Required read if you use the latest
version : the v2.0.0
release of this project mark the switch of the ACME client used by the Docker image from simp.le to acme.sh. This switch result in some backward incompatible changes, so please read this issue and the updated docs for more details before updating your image. The single most important change is that the container now requires a volume mounted to /etc/acme.sh
in order to persist ACME account keys and SSL certificates. The last tagged version that uses simp_le is v1.13.1
.
- Automated creation/renewal of Let's Encrypt (or other ACME CAs) certificates using acme.sh.
- Let's Encrypt / ACME domain validation through
http-01
challenge only. - Automated update and reload of nginx config on certificate creation/renewal.
- Support creation of Multi-Domain (SAN) Certificates.
- Creation of a Strong Diffie-Hellman Group at startup.
- Work with all versions of docker.
- Your host must be publicly reachable on both port
80
and443
. - Check your firewall rules and do not attempt to block port
80
as that will preventhttp-01
challenges from completing. - For the same reason, you can't use nginx-proxy's
HTTPS_METHOD=nohttp
. - The (sub)domains you want to issue certificates for must correctly resolve to the host.
- Your DNS provider must answer correctly to CAA record requests.
- If your (sub)domains have AAAA records set, the host must be publicly reachable over IPv6 on port
80
and443
.