3.5 KiB
title | date | draft | slug | dnsprovider | ||||||
---|---|---|---|---|---|---|---|---|---|---|
OVH | 2019-03-03T16:39:46+01:00 | false | ovh |
|
Configuration for OVH.
- Code:
ovh
- Since: v0.4.0
Here is an example bash command using the OVH provider:
# Application Key authentication:
OVH_APPLICATION_KEY=1234567898765432 \
OVH_APPLICATION_SECRET=b9841238feb177a84330febba8a832089 \
OVH_CONSUMER_KEY=256vfsd347245sdfg \
OVH_ENDPOINT=ovh-eu \
lego --email you@example.com --dns ovh --domains my.example.org run
# Or Access Token:
OVH_ACCESS_TOKEN=xxx \
OVH_ENDPOINT=ovh-eu \
lego --email you@example.com --dns ovh --domains my.example.org run
# Or OAuth2:
OVH_CLIENT_ID=yyy \
OVH_CLIENT_SECRET=xxx \
OVH_ENDPOINT=ovh-eu \
lego --email you@example.com --dns ovh --domains my.example.org run
Credentials
Environment Variable Name | Description |
---|---|
OVH_ACCESS_TOKEN |
Access token |
OVH_APPLICATION_KEY |
Application key (Application Key authentication) |
OVH_APPLICATION_SECRET |
Application secret (Application Key authentication) |
OVH_CLIENT_ID |
Client ID (OAuth2) |
OVH_CLIENT_SECRET |
Client secret (OAuth2) |
OVH_CONSUMER_KEY |
Consumer key (Application Key authentication) |
OVH_ENDPOINT |
Endpoint URL (ovh-eu or ovh-ca) |
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
More information [here]({{% ref "dns#configuration-and-credentials" %}}).
Additional Configuration
Environment Variable Name | Description |
---|---|
OVH_HTTP_TIMEOUT |
API request timeout |
OVH_POLLING_INTERVAL |
Time between DNS propagation check |
OVH_PROPAGATION_TIMEOUT |
Maximum waiting time for DNS propagation |
OVH_TTL |
The TTL of the TXT record used for the DNS challenge |
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
More information [here]({{% ref "dns#configuration-and-credentials" %}}).
Application Key and Secret
Application key and secret can be created by following the OVH guide.
When requesting the consumer key, the following configuration can be used to define access rights:
{
"accessRules": [
{
"method": "POST",
"path": "/domain/zone/*"
},
{
"method": "DELETE",
"path": "/domain/zone/*"
}
]
}
OAuth2 Client Credentials
Another method for authentication is by using OAuth2 client credentials.
An IAM policy and service account can be created by following the OVH guide.
Following IAM policies need to be authorized for the affected domain:
- dnsZone:apiovh:record/create
- dnsZone:apiovh:record/delete
- dnsZone:apiovh:refresh
Important Note
Both authentication methods cannot be used at the same time.