-
Notifications
You must be signed in to change notification settings - Fork 824
Container configuration
-
ACME_CA_URI
- Directory URI for the CA ACME API endpoint (defaults tohttps://acme-v02.api.letsencrypt.org/directory
).
If you set this environment variable value to https://acme-staging-v02.api.letsencrypt.org/directory
the container will obtain its certificates from Let's Encrypt test API endpoint that don't have the 5 certs/week/domain limit (but are not trusted by browsers).
For example
$ docker run --detach \
--name nginx-proxy-acme \
--volumes-from nginx-proxy \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--volume certs:/etc/nginx/certs:rw \
--volume acme:/etc/acme.sh \
--env "ACME_CA_URI=https://acme-staging-v02.api.letsencrypt.org/directory" \
nginxproxy/acme-companion
You can also create test certificates per container (see Test certificates)
-
DEBUG
- Set it to1
to enable debugging of the entrypoint script and generation of ACME certificates, which could help you pin point any configuration issues. -
RENEW_PRIVATE_KEYS
- Set it tofalse
to makeacme.sh
reuse previously generated private key for each certificate instead of creating a new one on certificate renewal. Reusing private keys can help if you intend to use HPKP, but please note that HPKP has been deprecated by Google's Chrome and that it is therefore strongly discouraged to use it at all. -
DHPARAM_BITS
- Change the size of the Diffie-Hellman key generated by the container from the default value of 2048 bits. For example--env DHPARAM_BITS=1024
to support some older clients like Java 6 and 7. -
CA_BUNDLE
- This is a test only variable for use with Pebble. It changes the trusted root CA used byacme.sh
, from the default Alpine trust store to the CA bundle file located at the provided path (inside the container). Do not use it in production unless you are running your own ACME CA. -
CERTS_UPDATE_INTERVAL
- 3600 seconds by default, this defines how often the container will check if the certificates require update.