[ { "uri": "https://go-acme.github.io/lego/usage/cli/general-instructions/", "title": "General Instructions", "tags": [], "description": "", "content": "These examples assume you have lego installed. You can get a pre-built binary from the releases page.\nThe web server examples require that the lego binary has permission to bind to ports 80 and 443. If your environment does not allow you to bind to these ports, please read Running without root privileges and Port Usage.\nUnless otherwise instructed with the --path command line flag, lego will look for a directory named .lego in the current working directory. If you run cd /dir/a \u0026amp;\u0026amp; lego ... run, lego will create a directory /dir/a/.lego where it will save account registration and certificate files into. If you later try to renew a certificate with cd /dir/b \u0026amp;\u0026amp; lego ... renew, lego will likely produce an error.\n" }, { "uri": "https://go-acme.github.io/lego/installation/", "title": "Installation", "tags": [], "description": "", "content": "Binaries To get the binary just download the latest release for your OS/Arch from the release page and put the binary somewhere convenient. lego does not assume anything about the location you run it from.\nFrom Docker docker run goacme/lego -h From package managers ArchLinux (official):\npacman -S lego ArchLinux (AUR) (official):\nyay -S lego-bin FreeBSD (Ports) (unofficial):\ncd /usr/ports/security/lego \u0026amp;\u0026amp; make install clean Homebrew user can install lego with:\nbrew install lego or\npkg install lego From sources Requirements:\ngo1.17+ environment variable: GO111MODULE=on To install the latest version from sources, just run:\ngo install github.com/go-acme/lego/v4/cmd/lego@latest or\ngit clone git@github.com:go-acme/lego.git cd lego make # tests + doc + build make build # only build " }, { "uri": "https://go-acme.github.io/lego/usage/cli/obtain-a-certificate/", "title": "Obtain a Certificate", "tags": [], "description": "", "content": "This guide explains various ways to obtain a new certificate.\nUsing the built-in web server Open a terminal, and execute the following command (insert your own email address and domain):\nlego --email=\u0026#34;you@example.com\u0026#34; --domains=\u0026#34;example.com\u0026#34; --http run You will find your certificate in the .lego folder of the current working directory:\n$ ls -1 ./.lego/certificates example.com.crt example.com.issuer.crt example.com.json example.com.key [maybe more files for different domains...] where\nexample.com.crt is the server certificate (including the CA certificate), example.com.key is the private key needed for the server certificate, example.com.issuer.crt is the CA certificate, and example.com.json contains some JSON encoded meta information. For each domain, you will have a set of these four files. For wildcard certificates (*.example.com), the filenames will look like _.example.com.crt.\nThe .crt and .key files are PEM-encoded x509 certificates and private keys. If you\u0026rsquo;re looking for a cert.pem and privkey.pem, you can just use example.com.crt and example.com.key.\nUsing a DNS provider If you can\u0026rsquo;t or don\u0026rsquo;t want to start a web server, you need to use a DNS provider. lego comes with support for many providers, and you need to pick the one where your domain\u0026rsquo;s DNS settings are set up. Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.\nFor this example, let\u0026rsquo;s assume you have setup CloudFlare for your domain.\nExecute this command:\nCLOUDFLARE_EMAIL=\u0026#34;you@example.com\u0026#34; \\ CLOUDFLARE_API_KEY=\u0026#34;yourprivatecloudflareapikey\u0026#34; \\ lego --email \u0026#34;you@example.com\u0026#34; --dns cloudflare --domains \u0026#34;example.org\u0026#34; run Using a custom certificate signing request (CSR) The first step in the process of obtaining certificates involves creating a signing request. This CSR bundles various information, including the domain name(s) and a public key. By default, lego will hide this step from you, but if you already have a CSR, you can easily reuse it:\nlego --email=\u0026#34;you@example.com\u0026#34; --http --csr=\u0026#34;/path/to/csr.pem\u0026#34; run lego will infer the domains to be validated based on the contents of the CSR, so make sure the CSR\u0026rsquo;s Common Name and optional SubjectAltNames are set correctly.\nUsing an existing, running web server If you have an existing server running on port 80, the --http option also requires the --http.webroot option. This just writes the http-01 challenge token to the given directory in the folder .well-known/acme-challenge and does not start a server.\nThe given directory should be publicly served as / on the domain(s) for the validation to complete.\nIf the given directory is not publicly served you will have to support rewriting the request to the directory;\nYou could also implement a rewrite to rewrite .well-known/acme-challenge to the given directory .well-known/acme-challenge.\nYou should be able to run an existing webserver on port 80 and have lego write the token file with the HTTP-01 challenge key authorization to \u0026lt;webroot dir\u0026gt;/.well-known/acme-challenge/ by running something like:\nlego --accept-tos --email you@example.com --http --http.webroot /path/to/webroot --domains example.com run Running a script afterward You can easily hook into the certificate-obtaining process by providing the path to a script:\nlego --email=\u0026#34;you@example.com\u0026#34; --domains=\u0026#34;example.com\u0026#34; --http run --run-hook=\u0026#34;./myscript.sh\u0026#34; Some information is provided through environment variables:\nLEGO_ACCOUNT_EMAIL: the email of the account. LEGO_CERT_DOMAIN: the main domain of the certificate. LEGO_CERT_PATH: the path of the certificate. LEGO_CERT_KEY_PATH: the path of the certificate key. Use case A typical use case is distribute the certificate for other services and reload them if necessary. Since PEM-formatted TLS certificates are understood by many programs, it is relatively simple to use certificates for more than a web server.\nThis example script installs the new certificate for a mail server, and reloads it. Beware: this is just a starting point, error checking is omitted for brevity.\n#!/bin/bash # copy certificates to a directory controlled by Postfix postfix_cert_dir=\u0026#34;/etc/postfix/certificates\u0026#34; # our Postfix server only handles mail for @example.com domain if [ \u0026#34;$LEGO_CERT_DOMAIN\u0026#34; = \u0026#34;example.com\u0026#34; ]; then install -u postfix -g postfix -m 0644 \u0026#34;$LEGO_CERT_PATH\u0026#34; \u0026#34;$postfix_cert_dir\u0026#34; install -u postfix -g postfix -m 0640 \u0026#34;$LEGO_CERT_KEY_PATH\u0026#34; \u0026#34;$postfix_cert_dir\u0026#34; systemctl reload postfix@-service fi " }, { "uri": "https://go-acme.github.io/lego/usage/", "title": "Usage", "tags": [], "description": "", "content": " CLI Lego can be use as a CLI.\nLibrary Lego can be use as a Go Library.\n" }, { "uri": "https://go-acme.github.io/lego/dns/", "title": "DNS Providers", "tags": [], "description": "", "content": "Configuration and Credentials Credentials and DNS configuration for DNS providers must be passed through environment variables.\nEnvironment Variables: Value The environment variables can reference a value.\nHere is an example bash command using the Cloudflare DNS provider:\n$ CLOUDFLARE_EMAIL=you@example.com \\ CLOUDFLARE_API_KEY=b9841238feb177a84330febba8a83208921177bffe733 \\ lego --dns cloudflare --domains www.example.com --email you@example.com run Environment Variables: File The environment variables can reference a path to file.\nIn this case the name of environment variable must be suffixed by _FILE.\nThe file must contain only the value.\nHere is an example bash command using the CloudFlare DNS provider:\n$ cat /the/path/to/my/key b9841238feb177a84330febba8a83208921177bffe733 $ cat /the/path/to/my/email you@example.com $ CLOUDFLARE_EMAIL_FILE=/the/path/to/my/email \\ CLOUDFLARE_API_KEY_FILE=/the/path/to/my/key \\ lego --dns cloudflare --domains www.example.com --email you@example.com run DNS Providers Provider name CLI flag name Required lego version Akamai EdgeDNS Website edgedns v3.9.0 Alibaba Cloud DNS Website alidns v1.1.0 all-inkl Website allinkl v4.5.0 Amazon Lightsail Website lightsail v0.5.0 Amazon Route 53 Website route53 v0.3.0 ArvanCloud Website arvancloud v3.8.0 Aurora DNS Website auroradns v0.4.0 Autodns Website autodns v3.2.0 Azure (deprecated) Website azure v0.4.0 AzureDNS Website azuredns v0.1.0 Bindman Website bindman v2.6.0 Bluecat Website bluecat v0.5.0 Brandit Website brandit v4.11.0 Bunny Website bunny v4.11.0 Checkdomain Website checkdomain v3.3.0 Civo Website civo v4.9.0 CloudDNS Website clouddns v3.6.0 Cloudflare Website cloudflare v0.3.0 ClouDNS Website cloudns v2.3.0 CloudXNS Website cloudxns v0.5.0 ConoHa Website conoha v1.2.0 Constellix Website constellix v3.4.0 Derak Cloud Website derak v4.12.0 deSEC.io Website desec v3.7.0 Designate DNSaaS for Openstack Website designate v2.2.0 Digital Ocean Website digitalocean v0.3.0 DNS Made Easy Website dnsmadeeasy v0.4.0 dnsHome.de Website dnshomede v4.10.0 DNSimple Website dnsimple v0.3.0 DNSPod (deprecated) Website dnspod v0.4.0 Domain Offensive (do.de) Website dode v2.4.0 Domeneshop Website domeneshop v4.3.0 DreamHost Website dreamhost v1.1.0 Duck DNS Website duckdns v0.5.0 Dyn Website dyn v0.3.0 Dynu Website dynu v3.5.0 EasyDNS Website easydns v2.6.0 Efficient IP Website efficientip v4.13.0 Epik Website epik v4.5.0 Exoscale Website exoscale v0.4.0 External program Website exec v0.5.0 freemyip.com Website freemyip v4.5.0 G-Core Website gcore v4.5.0 Gandi Website gandi v0.3.0 Gandi Live DNS (v5) Website gandiv5 v0.5.0 Glesys Website glesys v0.5.0 Go Daddy Website godaddy v0.5.0 Google Cloud Website gcloud v0.3.0 Google Domains Website googledomains v4.11.0 Hetzner Website hetzner v3.7.0 Hosting.de Website hostingde v1.1.0 Hosttech Website hosttech v4.5.0 HTTP request Website httpreq v2.0.0 Hurricane Electric DNS Website hurricane v4.3.0 HyperOne Website hyperone v3.9.0 IBM Cloud (SoftLayer) Website ibmcloud v4.5.0 IIJ DNS Platform Service Website iijdpf v4.7.0 Infoblox Website infoblox v4.4.0 Infomaniak Website infomaniak v4.1.0 Internet Initiative Japan Website iij v1.1.0 Internet.bs Website internetbs v4.5.0 INWX Website inwx v2.0.0 Ionos Website ionos v4.2.0 IPv64 Website ipv64 v4.13.0 iwantmyname Website iwantmyname v4.7.0 Joker Website joker v2.6.0 Joohoi\u0026#39;s ACME-DNS Website acme-dns v1.1.0 Liara Website liara v4.10.0 Linode (v4) Website linode v1.1.0 Liquid Web Website liquidweb v3.1.0 Loopia Website loopia v4.2.0 LuaDNS Website luadns v3.7.0 Manual manual v0.3.0 Metaname Website metaname v4.13.0 MyDNS.jp Website mydnsjp v1.2.0 MythicBeasts Website mythicbeasts v0.3.7 Name.com Website namedotcom v0.5.0 Namecheap Website namecheap v0.3.0 Namesilo Website namesilo v2.7.0 NearlyFreeSpeech.NET Website nearlyfreespeech v4.8.0 Netcup Website netcup v1.1.0 Netlify Website netlify v3.7.0 Nicmanager Website nicmanager v4.5.0 NIFCloud Website nifcloud v1.1.0 Njalla Website njalla v4.3.0 Nodion Website nodion v4.11.0 NS1 Website ns1 v0.4.0 Open Telekom Cloud Website otc v0.4.1 Oracle Cloud Website oraclecloud v2.3.0 OVH Website ovh v0.4.0 plesk.com Website plesk v4.11.0 Porkbun Website porkbun v4.4.0 PowerDNS Website pdns v0.4.0 Rackspace Website rackspace v0.4.0 RcodeZero Website rcodezero v4.13 reg.ru Website regru v3.5.0 RFC2136 Website rfc2136 v0.3.0 RimuHosting Website rimuhosting v0.3.5 Sakura Cloud Website sakuracloud v1.1.0 Scaleway Website scaleway v3.4.0 Selectel Website selectel v1.2.0 Servercow Website servercow v3.4.0 Simply.com Website simply v4.4.0 Sonic Website sonic v4.4.0 Stackpath Website stackpath v1.1.0 Tencent Cloud DNS Website tencentcloud v4.6.0 TransIP Website transip v2.0.0 UKFast SafeDNS Website safedns v4.6.0 Ultradns Website ultradns v4.10.0 Variomedia Website variomedia v4.8.0 VegaDNS Website vegadns v1.1.0 Vercel Website vercel v4.7.0 Versio.[nl|eu|uk] Website versio v2.7.0 VinylDNS Website vinyldns v4.4.0 VK Cloud Website vkcloud v4.9.0 Vscale Website vscale v2.0.0 Vultr Website vultr v0.3.1 Websupport Website websupport v4.10.0 WEDOS Website wedos v4.4.0 Yandex Cloud Website yandexcloud v4.9.0 Yandex PDD Website yandex v3.7.0 Zone.ee Website zoneee v2.1.0 Zonomi Website zonomi v3.5.0 " }, { "uri": "https://go-acme.github.io/lego/usage/cli/renew-a-certificate/", "title": "Renew a Certificate", "tags": [], "description": "", "content": "This guide describes how to renew existing certificates.\nCertificates issues by Let\u0026rsquo;s Encrypt are valid for a period of 90 days. To avoid certificate errors, you need to ensure that you renew your certificate before it expires.\nIn order to renew a certificate, follow the general instructions laid out under Obtain a Certificate, and replace lego ... run with lego ... renew. Note that the renew sub-command supports a slightly different set of some command line flags.\nUsing the built-in web server By default, and following best practices, a certificate is only renewed if its expiry date is less than 30 days in the future.\nlego --email=\u0026#34;you@example.com\u0026#34; --domains=\u0026#34;example.com\u0026#34; --http renew If the certificate needs to renewed earlier, you can specify the number of remaining days:\nlego --email=\u0026#34;you@example.com\u0026#34; --domains=\u0026#34;example.com\u0026#34; --http renew --days 45 Using a DNS provider If you can\u0026rsquo;t or don\u0026rsquo;t want to start a web server, you need to use a DNS provider. lego comes with support for many providers, and you need to pick the one where your domain\u0026rsquo;s DNS settings are set up. Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.\nFor this example, let\u0026rsquo;s assume you have setup CloudFlare for your domain.\nExecute this command:\nCLOUDFLARE_EMAIL=\u0026#34;you@example.com\u0026#34; \\ CLOUDFLARE_API_KEY=\u0026#34;yourprivatecloudflareapikey\u0026#34; \\ lego --email \u0026#34;you@example.com\u0026#34; --dns cloudflare --domains \u0026#34;example.org\u0026#34; renew Running a script afterward You can easily hook into the certificate-obtaining process by providing the path to a script. The hook is executed only when the certificates are effectively renewed.\nlego --email=\u0026#34;you@example.com\u0026#34; --domains=\u0026#34;example.com\u0026#34; --http renew --renew-hook=\u0026#34;./myscript.sh\u0026#34; Some information is provided through environment variables:\nLEGO_ACCOUNT_EMAIL: the email of the account. LEGO_CERT_DOMAIN: the main domain of the certificate. LEGO_CERT_PATH: the path of the certificate. LEGO_CERT_KEY_PATH: the path of the certificate key. See Obtain a Certificate → Use case for an example script.\nAutomatic renewal It is tempting to create a cron job (or systemd timer) to automatically renew all you certificates.\nWhen doing so, please note that some cron defaults will cause measurable load on the ACME provider\u0026rsquo;s infrastructure. Notably @daily jobs run at midnight.\nTo both counteract load spikes (caused by all lego users) and reduce subsequent renewal failures, we were asked to implement a small random delay for non-interactive renewals.1 Since v4.8.0, lego will pause for up to 8 minutes to help spread the load.\nYou can help further, by adjusting your crontab entry, like so:\n# avoid: #@daily /usr/bin/lego ... renew #@midnight /usr/bin/lego ... renew #0 0 * * * /usr/bin/lego ... renew # instead, use a randomly chosen time: 35 3 * * * /usr/bin/lego ... renew If you use systemd timers, consider doing something similar, and/or introduce a RandomizedDelaySec:\n[Unit] Description=Renew certificates [Timer] Persistent=true # avoid: #OnCalendar=*-*-* 00:00:00 #OnCalendar=daily # instead, use a randomly chosen time: OnCalendar=*-*-* 3:35 # add extra delay, here up to 1 hour: RandomizedDelaySec=1h [Install] WantedBy=timers.target See Github issue #1656 for an excellent problem description.\u0026#160;\u0026#x21a9;\u0026#xfe0e;\n" }, { "uri": "https://go-acme.github.io/lego/usage/cli/options/", "title": "Options", "tags": [], "description": "", "content": "Usage lego help lego help run lego help renew lego help revoke lego help list lego dnshelp NAME: lego - Let\u0026#39;s Encrypt client written in Go USAGE: lego [global options] command [command options] [arguments...] COMMANDS: run Register an account, then create and install a certificate revoke Revoke a certificate renew Renew a certificate dnshelp Shows additional help for the \u0026#39;--dns\u0026#39; global option list Display certificates and accounts information. help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --domains value, -d value [ --domains value, -d value ] Add a domain to the process. Can be specified multiple times. --server value, -s value CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: \u0026#34;https://acme-v02.api.letsencrypt.org/directory\u0026#34;) --accept-tos, -a By setting this flag to true you indicate that you accept the current Let\u0026#39;s Encrypt terms of service. (default: false) --email value, -m value Email used for registration and recovery contact. --csr value, -c value Certificate signing request filename, if an external CSR is to be used. --eab Use External Account Binding for account registration. Requires --kid and --hmac. (default: false) --kid value Key identifier from External CA. Used for External Account Binding. --hmac value MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding. --key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa3072, rsa4096, rsa8192, ec256, ec384. (default: \u0026#34;ec256\u0026#34;) --filename value (deprecated) Filename of the generated certificate. --path value Directory to use for storing the data. (default: \u0026#34;./.lego\u0026#34;) [$LEGO_PATH] --http Use the HTTP-01 challenge to solve challenges. Can be mixed with other types of challenges. (default: false) --http.port value Set the port and interface to use for HTTP-01 based challenges to listen on. Supported: interface:port or :port. (default: \u0026#34;:80\u0026#34;) --http.proxy-header value Validate against this HTTP header when solving HTTP-01 based challenges behind a reverse proxy. (default: \u0026#34;Host\u0026#34;) --http.webroot value Set the webroot folder to use for HTTP-01 based challenges to write directly to the .well-known/acme-challenge file. This disables the built-in server and expects the given directory to be publicly served with access to .well-known/acme-challenge --http.memcached-host value [ --http.memcached-host value ] Set the memcached host(s) to use for HTTP-01 based challenges. Challenges will be written to all specified hosts. --tls Use the TLS-ALPN-01 challenge to solve challenges. Can be mixed with other types of challenges. (default: false) --tls.port value Set the port and interface to use for TLS-ALPN-01 based challenges to listen on. Supported: interface:port or :port. (default: \u0026#34;:443\u0026#34;) --dns value Solve a DNS-01 challenge using the specified provider. Can be mixed with other types of challenges. Run \u0026#39;lego dnshelp\u0026#39; for help on usage. --dns.disable-cp By setting this flag to true, disables the need to await propagation of the TXT record to all authoritative name servers. (default: false) --dns.resolvers value [ --dns.resolvers value ] Set the resolvers to use for performing (recursive) CNAME resolving and apex domain determination. For DNS-01 challenge verification, the authoritative DNS server is queried directly. Supported: host:port. The default is to use the system resolvers, or Google\u0026#39;s DNS resolvers if the system\u0026#39;s cannot be determined. --http-timeout value Set the HTTP timeout value to a specific value in seconds. (default: 0) --dns-timeout value Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name server queries. (default: 10) --pem Generate an additional .pem (base64) file by concatenating the .key and .crt files together. (default: false) --pfx Generate an additional .pfx (PKCS#12) file by concatenating the .key and .crt and issuer .crt files together. (default: false) --pfx.pass value The password used to encrypt the .pfx (PCKS#12) file. (default: \u0026#34;changeit\u0026#34;) --cert.timeout value Set the certificate timeout value to a specific value in seconds. Only used when obtaining certificates. (default: 30) --user-agent value Add to the user-agent sent to the CA to identify an application embedding lego-cli --help, -h show help NAME: lego run - Register an account, then create and install a certificate USAGE: lego run [command options] [arguments...] OPTIONS: --no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate. (default: false) --must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate. Only works if the CSR is generated by lego. (default: false) --not-before value Set the notBefore field in the certificate (RFC3339 format) --not-after value Set the notAfter field in the certificate (RFC3339 format) --preferred-chain value If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. --always-deactivate-authorizations value Force the authorizations to be relinquished even if the certificate request was successful. --run-hook value Define a hook. The hook is executed when the certificates are effectively created. --help, -h show help NAME: lego renew - Renew a certificate USAGE: lego renew [command options] [arguments...] OPTIONS: --days value The number of days left on a certificate to renew it. (default: 0) --ari-enable Use the renewalInfo endpoint (draft-ietf-acme-ari) to check if a certificate should be renewed. (default: false) --ari-hash-name value The string representation of the hash expected by the renewalInfo endpoint (e.g. \u0026#34;SHA-256\u0026#34;). --ari-wait-to-renew-duration value The maximum duration you\u0026#39;re willing to sleep for a renewal time returned by the renewalInfo endpoint. (default: 0s) --reuse-key Used to indicate you want to reuse your current private key for the new certificate. (default: false) --no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate. (default: false) --must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate. Only works if the CSR is generated by lego. (default: false) --not-before value Set the notBefore field in the certificate (RFC3339 format) --not-after value Set the notAfter field in the certificate (RFC3339 format) --preferred-chain value If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. --always-deactivate-authorizations value Force the authorizations to be relinquished even if the certificate request was successful. --renew-hook value Define a hook. The hook is executed only when the certificates are effectively renewed. --no-random-sleep Do not add a random sleep before the renewal. We do not recommend using this flag if you are doing your renewals in an automated way. (default: false) --help, -h show help NAME: lego revoke - Revoke a certificate USAGE: lego revoke [command options] [arguments...] OPTIONS: --keep, -k Keep the certificates after the revocation instead of archiving them. (default: false) --reason value Identifies the reason for the certificate revocation. See https://www.rfc-editor.org/rfc/rfc5280.html#section-5.3.1. Valid values are: 0 (unspecified), 1 (keyCompromise), 2 (cACompromise), 3 (affiliationChanged), 4 (superseded), 5 (cessationOfOperation), 6 (certificateHold), 8 (removeFromCRL), 9 (privilegeWithdrawn), or 10 (aACompromise). (default: 0) --help, -h show help NAME: lego list - Display certificates and accounts information. USAGE: lego list [command options] [arguments...] OPTIONS: --accounts, -a Display accounts. (default: false) --names, -n Display certificate common names only. (default: false) --help, -h show help Credentials for DNS providers must be passed through environment variables. To display the documentation for a specific DNS provider, run: $ lego dnshelp -c code Supported DNS providers: acme-dns, alidns, allinkl, arvancloud, auroradns, autodns, azure, azuredns, bindman, bluecat, brandit, bunny, checkdomain, civo, clouddns, cloudflare, cloudns, cloudxns, conoha, constellix, derak, desec, designate, digitalocean, dnshomede, dnsimple, dnsmadeeasy, dnspod, dode, domeneshop, dreamhost, duckdns, dyn, dynu, easydns, edgedns, efficientip, epik, exec, exoscale, freemyip, gandi, gandiv5, gcloud, gcore, glesys, godaddy, googledomains, hetzner, hostingde, hosttech, httpreq, hurricane, hyperone, ibmcloud, iij, iijdpf, infoblox, infomaniak, internetbs, inwx, ionos, ipv64, iwantmyname, joker, liara, lightsail, linode, liquidweb, loopia, luadns, manual, metaname, mydnsjp, mythicbeasts, namecheap, namedotcom, namesilo, nearlyfreespeech, netcup, netlify, nicmanager, nifcloud, njalla, nodion, ns1, oraclecloud, otc, ovh, pdns, plesk, porkbun, rackspace, rcodezero, regru, rfc2136, rimuhosting, route53, safedns, sakuracloud, scaleway, selectel, servercow, simply, sonic, stackpath, tencentcloud, transip, ultradns, variomedia, vegadns, vercel, versio, vinyldns, vkcloud, vscale, vultr, websupport, wedos, yandex, yandexcloud, zoneee, zonomi More information: https://go-acme.github.io/lego/dns When using the standard --path option, all certificates and account configurations are saved to a folder .lego in the current working directory.\nLet\u0026rsquo;s Encrypt ACME server lego defaults to communicating with the production Let\u0026rsquo;s Encrypt ACME server. If you\u0026rsquo;d like to test something without issuing real certificates, consider using the staging endpoint instead:\nlego --server=https://acme-staging-v02.api.letsencrypt.org/directory … Running without root privileges The CLI does not require root permissions but needs to bind to port 80 and 443 for certain challenges. To run the CLI without sudo, you have four options:\nUse setcap 'cap_net_bind_service=+ep' /path/to/lego (Linux only) Pass the --http.port or/and the --tls.port option and specify a custom port to bind to. In this case you have to forward port 80/443 to these custom ports (see Port Usage). Pass the --http.webroot option and specify the path to your webroot folder. In this case the challenge will be written in a file in .well-known/acme-challenge/ inside your webroot. Pass the --dns option and specify a DNS provider. Port Usage By default lego assumes it is able to bind to ports 80 and 443 to solve challenges. If this is not possible in your environment, you can use the --http.port and --tls.port options to instruct lego to listen on that interface:port for any incoming challenges.\nIf you are using this option, make sure you proxy all of the following traffic to these ports.\nHTTP Port: All plaintext HTTP requests to port 80 which begin with a request path of /.well-known/acme-challenge/ for the HTTP challenge1.\nTLS Port: All TLS handshakes on port 443 for the TLS-ALPN challenge.\nThis traffic redirection is only needed as long as lego solves challenges. As soon as you have received your certificates you can deactivate the forwarding.\nDNS Resolvers and Challenge Verification When using a DNS challenge provider (via --dns \u0026lt;name\u0026gt;), Lego tries to ensure the ACME challenge token is properly setup before instructing the ACME provider to perform the validation.\nThis involves a few DNS queries to different servers:\nDetermining the DNS zone and resolving CNAMEs.\nThe DNS zone for a given domain is determined by the SOA record, which contains the authoritative name server for the domain and all its subdomains. For simple domains like example.com, this is usually example.com itself. For other domains (like fra.eu.cdn.example.com), this can get complicated, as cdn.example.com may be delegated to the CDN provider, which means for cdn.example.com must exist a different SOA record.\nTo find the correct zone, Lego requests the SOA record for each DNS label (starting on the leaf domain, i.e. the left-most DNS label). If there is no SOA record, Lego requests the SOA record of the parent label, then for its parent, etc., until it reaches the apex domain2. Should any DNS label on the way be a CNAME, it is resolved as per usual.\nIn the default configuration, Lego uses the system name servers for this, and falls back to Google\u0026rsquo;s DNS servers, should they be absent.\nVerifying the challenge token.\nThe _acme-challenge.\u0026lt;yourdomain\u0026gt; TXT record must be correctly installed. Lego verifies this by directly querying the authoritative name server for this record (as detected in the previous step).\nStrictly speaking, this verification step is not necessary, but helps to protect your ACME account. Remember that some ACME providers impose a rate limit on certain actions (at the time of writing, Let\u0026rsquo;s Encrypt allows 300 new certificate orders per account per 3 hours).\nThere are also situations, where this verification step doesn\u0026rsquo;t work as expected:\nA \u0026ldquo;split DNS\u0026rdquo; setup gives different answers to clients on the internal network (Lego) vs. on the public internet (Let\u0026rsquo;s Encrypt). With \u0026ldquo;hidden master\u0026rdquo; setups, Lego may be able to directly talk to the primary DNS server, while the _acme-challenge record might not have fully propagate to the (public) secondary servers, yet. The effect is the same: Lego determined the challenge token to be installed correctly, while Let\u0026rsquo;s Encrypt has a different view, and rejects the certificate order.\nIn these cases, you can instruct Lego to use a different DNS resolver, using the --dns.resolvers flag. You should prefer one on the public internet, otherwise you might be susceptible to the same problem.\nYou must ensure that incoming validation requests contains the correct value for the HTTP Host header. If you operate lego behind a non-transparent reverse proxy (such as Apache or NGINX), you might need to alter the header field using --http.proxy-header X-Forwarded-Host.\u0026#160;\u0026#x21a9;\u0026#xfe0e;\nThe apex domain is the domain you have registered with your domain registrar. For gTLDs (.com, .fyi) this is the 2nd level domain, but for ccTLDs, this can either be the 2nd level (.de) or 3rd level domain (.co.uk).\u0026#160;\u0026#x21a9;\u0026#xfe0e;\n" }, { "uri": "https://go-acme.github.io/lego/dns/edgedns/", "title": "Akamai EdgeDNS", "tags": [], "description": "", "content": " Akamai edgedns supersedes FastDNS; implementing a DNS provider for solving the DNS-01 challenge using Akamai EdgeDNS\nCode: edgedns Since: v3.9.0 Here is an example bash command using the Akamai EdgeDNS provider:\nAKAMAI_CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz1234567890ABCDEFG= \\ AKAMAI_CLIENT_TOKEN=akab-mnbvcxzlkjhgfdsapoiuytrewq1234567 \\ AKAMAI_HOST=akab-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.luna.akamaiapis.net \\ AKAMAI_ACCESS_TOKEN=akab-1234567890qwerty-asdfghjklzxcvtnu \\ lego --email you@example.com --dns edgedns --domains my.example.org run Credentials Environment Variable Name Description AKAMAI_ACCESS_TOKEN Access token, managed by the Akamai EdgeGrid client AKAMAI_CLIENT_SECRET Client secret, managed by the Akamai EdgeGrid client AKAMAI_CLIENT_TOKEN Client token, managed by the Akamai EdgeGrid client AKAMAI_EDGERC Path to the .edgerc file, managed by the Akamai EdgeGrid client AKAMAI_EDGERC_SECTION Configuration section, managed by the Akamai EdgeGrid client AKAMAI_HOST API host, managed by the Akamai EdgeGrid client The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description AKAMAI_POLLING_INTERVAL Time between DNS propagation check. Default: 15 seconds AKAMAI_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation. Default: 3 minutes AKAMAI_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAkamai credentials are automatically detected in the following locations and prioritized in the following order:\nSection-specific environment variables (where {SECTION} is specified using AKAMAI_EDGERC_SECTION): AKAMAI_{SECTION}_HOST AKAMAI_{SECTION}_ACCESS_TOKEN AKAMAI_{SECTION}_CLIENT_TOKEN AKAMAI_{SECTION}_CLIENT_SECRET If AKAMAI_EDGERC_SECTION is not defined or is set to default, environment variables: AKAMAI_HOST AKAMAI_ACCESS_TOKEN AKAMAI_CLIENT_TOKEN AKAMAI_CLIENT_SECRET .edgerc file located at AKAMAI_EDGERC defaults to ~/.edgerc, sections can be specified using AKAMAI_EDGERC_SECTION Default environment variables: AKAMAI_HOST AKAMAI_ACCESS_TOKEN AKAMAI_CLIENT_TOKEN AKAMAI_CLIENT_SECRET See also:\nSetting up Akamai credentials .edgerc Format API Client Authentication Config from Env More information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/alidns/", "title": "Alibaba Cloud DNS", "tags": [], "description": "", "content": " Configuration for Alibaba Cloud DNS.\nCode: alidns Since: v1.1.0 Here is an example bash command using the Alibaba Cloud DNS provider:\n# Setup using instance RAM role ALICLOUD_RAM_ROLE=lego \\ lego --email you@example.com --dns alidns --domains my.example.org run # Or, using credentials ALICLOUD_ACCESS_KEY=abcdefghijklmnopqrstuvwx \\ ALICLOUD_SECRET_KEY=your-secret-key \\ ALICLOUD_SECURITY_TOKEN=your-sts-token \\ lego --email you@example.com --dns alidns --domains my.example.org run Credentials Environment Variable Name Description ALICLOUD_ACCESS_KEY Access key ID ALICLOUD_RAM_ROLE Your instance RAM role (https://www.alibabacloud.com/help/doc-detail/54579.htm) ALICLOUD_SECRET_KEY Access Key secret ALICLOUD_SECURITY_TOKEN STS Security Token (optional) The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description ALICLOUD_HTTP_TIMEOUT API request timeout ALICLOUD_POLLING_INTERVAL Time between DNS propagation check ALICLOUD_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation ALICLOUD_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/allinkl/", "title": "all-inkl", "tags": [], "description": "", "content": " Configuration for all-inkl.\nCode: allinkl Since: v4.5.0 Here is an example bash command using the all-inkl provider:\nALL_INKL_LOGIN=xxxxxxxxxxxxxxxxxxxxxxxxxx \\ ALL_INKL_PASSWORD=yyyyyyyyyyyyyyyyyyyyyyyyyy \\ lego --email you@example.com --dns allinkl --domains my.example.org run Credentials Environment Variable Name Description ALL_INKL_LOGIN KAS login ALL_INKL_PASSWORD KAS password The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description ALL_INKL_HTTP_TIMEOUT API request timeout ALL_INKL_POLLING_INTERVAL Time between DNS propagation check ALL_INKL_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/lightsail/", "title": "Amazon Lightsail", "tags": [], "description": "", "content": " Configuration for Amazon Lightsail.\nCode: lightsail Since: v0.5.0 Please contribute by adding a CLI example.\nCredentials Environment Variable Name Description AWS_ACCESS_KEY_ID Managed by the AWS client. Access key ID (AWS_ACCESS_KEY_ID_FILE is not supported, use AWS_SHARED_CREDENTIALS_FILE instead) AWS_SECRET_ACCESS_KEY Managed by the AWS client. Secret access key (AWS_SECRET_ACCESS_KEY_FILE is not supported, use AWS_SHARED_CREDENTIALS_FILE instead) DNS_ZONE Domain name of the DNS zone The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description AWS_SHARED_CREDENTIALS_FILE Managed by the AWS client. Shared credentials file. LIGHTSAIL_POLLING_INTERVAL Time between DNS propagation check LIGHTSAIL_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nDescription AWS Credentials are automatically detected in the following locations and prioritized in the following order:\nEnvironment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, [AWS_SESSION_TOKEN] Shared credentials file (defaults to ~/.aws/credentials, profiles can be specified using AWS_PROFILE) Amazon EC2 IAM role AWS region is not required to set as the Lightsail DNS zone is in global (us-east-1) region.\nPolicy The following AWS IAM policy document describes the minimum permissions required for lego to complete the DNS challenge.\n{ \u0026#34;Version\u0026#34;: \u0026#34;2012-10-17\u0026#34;, \u0026#34;Statement\u0026#34;: [ { \u0026#34;Effect\u0026#34;: \u0026#34;Allow\u0026#34;, \u0026#34;Action\u0026#34;: [ \u0026#34;lightsail:DeleteDomainEntry\u0026#34;, \u0026#34;lightsail:CreateDomainEntry\u0026#34; ], \u0026#34;Resource\u0026#34;: \u0026#34;\u0026lt;Lightsail DNS zone ARN\u0026gt;\u0026#34; } ] } Replace the Resource value with your Lightsail DNS zone ARN. You can retrieve the ARN using aws cli by running aws lightsail get-domains --region us-east-1 (Lightsail web console does not show the ARN, unfortunately). It should be in the format of arn:aws:lightsail:global:\u0026lt;ACCOUNT ID\u0026gt;:Domain/\u0026lt;DOMAIN ID\u0026gt;. You also need to replace the region in the ARN to us-east-1 (instead of global).\nAlternatively, you can also set the Resource to * (wildcard), which allow to access all domain, but this is not recommended.\nMore information Go client " }, { "uri": "https://go-acme.github.io/lego/dns/route53/", "title": "Amazon Route 53", "tags": [], "description": "", "content": " Configuration for Amazon Route 53.\nCode: route53 Since: v0.3.0 Here is an example bash command using the Amazon Route 53 provider:\nAWS_ACCESS_KEY_ID=your_key_id \\ AWS_SECRET_ACCESS_KEY=your_secret_access_key \\ AWS_REGION=aws-region \\ AWS_HOSTED_ZONE_ID=your_hosted_zone_id \\ --domains example.com --email your_example@email.com --dns route53 --accept-tos=true run Credentials Environment Variable Name Description AWS_ACCESS_KEY_ID Managed by the AWS client. Access key ID (AWS_ACCESS_KEY_ID_FILE is not supported, use AWS_SHARED_CREDENTIALS_FILE instead) AWS_ASSUME_ROLE_ARN Managed by the AWS Role ARN (AWS_ASSUME_ROLE_ARN_FILE is not supported) AWS_EXTERNAL_ID Managed by STS AssumeRole API operation (AWS_EXTERNAL_ID_FILE is not supported) AWS_HOSTED_ZONE_ID Override the hosted zone ID. AWS_PROFILE Managed by the AWS client (AWS_PROFILE_FILE is not supported) AWS_REGION Managed by the AWS client (AWS_REGION_FILE is not supported) AWS_SDK_LOAD_CONFIG Managed by the AWS client. Retrieve the region from the CLI config file (AWS_SDK_LOAD_CONFIG_FILE is not supported) AWS_SECRET_ACCESS_KEY Managed by the AWS client. Secret access key (AWS_SECRET_ACCESS_KEY_FILE is not supported, use AWS_SHARED_CREDENTIALS_FILE instead) The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description AWS_MAX_RETRIES The number of maximum returns the service will use to make an individual API request AWS_POLLING_INTERVAL Time between DNS propagation check AWS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation AWS_SHARED_CREDENTIALS_FILE Managed by the AWS client. Shared credentials file. AWS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nDescription AWS Credentials are automatically detected in the following locations and prioritized in the following order:\nEnvironment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, [AWS_SESSION_TOKEN] Shared credentials file (defaults to ~/.aws/credentials, profiles can be specified using AWS_PROFILE) Amazon EC2 IAM role The AWS Region is automatically detected in the following locations and prioritized in the following order:\nEnvironment variables: AWS_REGION Shared configuration file if AWS_SDK_LOAD_CONFIG is set (defaults to ~/.aws/config, profiles can be specified using AWS_PROFILE) If AWS_HOSTED_ZONE_ID is not set, Lego tries to determine the correct public hosted zone via the FQDN.\nSee also:\nsessions Setting AWS Credentials Setting AWS Region IAM Policy Examples Broad privileges for testing purposes The following IAM policy document grants access to the required APIs needed by lego to complete the DNS challenge. A word of caution: These permissions grant write access to any DNS record in any hosted zone, so it is recommended to narrow them down as much as possible if you are using this policy in production.\n{ \u0026#34;Version\u0026#34;: \u0026#34;2012-10-17\u0026#34;, \u0026#34;Statement\u0026#34;: [ { \u0026#34;Effect\u0026#34;: \u0026#34;Allow\u0026#34;, \u0026#34;Action\u0026#34;: [ \u0026#34;route53:GetChange\u0026#34;, \u0026#34;route53:ChangeResourceRecordSets\u0026#34;, \u0026#34;route53:ListResourceRecordSets\u0026#34; ], \u0026#34;Resource\u0026#34;: [ \u0026#34;arn:aws:route53:::hostedzone/*\u0026#34;, \u0026#34;arn:aws:route53:::change/*\u0026#34; ] }, { \u0026#34;Effect\u0026#34;: \u0026#34;Allow\u0026#34;, \u0026#34;Action\u0026#34;: \u0026#34;route53:ListHostedZonesByName\u0026#34;, \u0026#34;Resource\u0026#34;: \u0026#34;*\u0026#34; } ] } Least privilege policy for production purposes The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge. Write access is limited to a specified hosted zone\u0026rsquo;s DNS TXT records with a key of _acme-challenge.example.com. Replace Z11111112222222333333 with your hosted zone ID and example.com with your domain name to use this policy.\n{ \u0026#34;Version\u0026#34;: \u0026#34;2012-10-17\u0026#34;, \u0026#34;Statement\u0026#34;: [ { \u0026#34;Effect\u0026#34;: \u0026#34;Allow\u0026#34;, \u0026#34;Action\u0026#34;: \u0026#34;route53:GetChange\u0026#34;, \u0026#34;Resource\u0026#34;: \u0026#34;arn:aws:route53:::change/*\u0026#34; }, { \u0026#34;Effect\u0026#34;: \u0026#34;Allow\u0026#34;, \u0026#34;Action\u0026#34;: \u0026#34;route53:ListHostedZonesByName\u0026#34;, \u0026#34;Resource\u0026#34;: \u0026#34;*\u0026#34; }, { \u0026#34;Effect\u0026#34;: \u0026#34;Allow\u0026#34;, \u0026#34;Action\u0026#34;: [ \u0026#34;route53:ListResourceRecordSets\u0026#34; ], \u0026#34;Resource\u0026#34;: [ \u0026#34;arn:aws:route53:::hostedzone/Z11111112222222333333\u0026#34; ] }, { \u0026#34;Effect\u0026#34;: \u0026#34;Allow\u0026#34;, \u0026#34;Action\u0026#34;: [ \u0026#34;route53:ChangeResourceRecordSets\u0026#34; ], \u0026#34;Resource\u0026#34;: [ \u0026#34;arn:aws:route53:::hostedzone/Z11111112222222333333\u0026#34; ], \u0026#34;Condition\u0026#34;: { \u0026#34;ForAllValues:StringEquals\u0026#34;: { \u0026#34;route53:ChangeResourceRecordSetsNormalizedRecordNames\u0026#34;: [ \u0026#34;_acme-challenge.example.com\u0026#34; ], \u0026#34;route53:ChangeResourceRecordSetsRecordTypes\u0026#34;: [ \u0026#34;TXT\u0026#34; ] } } } ] } More information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/arvancloud/", "title": "ArvanCloud", "tags": [], "description": "", "content": " Configuration for ArvanCloud.\nCode: arvancloud Since: v3.8.0 Here is an example bash command using the ArvanCloud provider:\nARVANCLOUD_API_KEY=\u0026#34;Apikey xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\u0026#34; \\ lego --email you@example.com --dns arvancloud --domains my.example.org run Credentials Environment Variable Name Description ARVANCLOUD_API_KEY API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description ARVANCLOUD_HTTP_TIMEOUT API request timeout ARVANCLOUD_POLLING_INTERVAL Time between DNS propagation check ARVANCLOUD_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation ARVANCLOUD_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/auroradns/", "title": "Aurora DNS", "tags": [], "description": "", "content": " Configuration for Aurora DNS.\nCode: auroradns Since: v0.4.0 Here is an example bash command using the Aurora DNS provider:\nAURORA_API_KEY=xxxxx \\ AURORA_SECRET=yyyyyy \\ lego --email you@example.com --dns auroradns --domains my.example.org run Credentials Environment Variable Name Description AURORA_API_KEY API key or username to used AURORA_SECRET Secret password to be used The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description AURORA_ENDPOINT API endpoint URL AURORA_POLLING_INTERVAL Time between DNS propagation check AURORA_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation AURORA_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/autodns/", "title": "Autodns", "tags": [], "description": "", "content": " Configuration for Autodns.\nCode: autodns Since: v3.2.0 Here is an example bash command using the Autodns provider:\nAUTODNS_API_USER=username \\ AUTODNS_API_PASSWORD=supersecretpassword \\ lego --email you@example.com --dns autodns --domains my.example.org run Credentials Environment Variable Name Description AUTODNS_API_PASSWORD User Password AUTODNS_API_USER Username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description AUTODNS_CONTEXT API context (4 for production, 1 for testing. Defaults to 4) AUTODNS_ENDPOINT API endpoint URL, defaults to https://api.autodns.com/v1/ AUTODNS_HTTP_TIMEOUT API request timeout, defaults to 30 seconds AUTODNS_POLLING_INTERVAL Time between DNS propagation check AUTODNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation AUTODNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/azure/", "title": "Azure (deprecated)", "tags": [], "description": "", "content": " Configuration for Azure (deprecated).\nCode: azure Since: v0.4.0 Please contribute by adding a CLI example.\nCredentials Environment Variable Name Description AZURE_CLIENT_ID Client ID AZURE_CLIENT_SECRET Client secret AZURE_ENVIRONMENT Azure environment, one of: public, usgovernment, german, and china AZURE_RESOURCE_GROUP Resource group AZURE_SUBSCRIPTION_ID Subscription ID AZURE_TENANT_ID Tenant ID instance metadata service If the credentials are not set via the environment, then it will attempt to get a bearer token via the instance metadata service. The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description AZURE_METADATA_ENDPOINT Metadata Service endpoint URL AZURE_POLLING_INTERVAL Time between DNS propagation check AZURE_PRIVATE_ZONE Set to true to use Azure Private DNS Zones and not public AZURE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation AZURE_TTL The TTL of the TXT record used for the DNS challenge AZURE_ZONE_NAME Zone name to use inside Azure DNS service to add the TXT record in The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/azuredns/", "title": "AzureDNS", "tags": [], "description": "", "content": " Configuration for AzureDNS.\nCode: azuredns Since: v0.1.0 Here is an example bash command using the AzureDNS provider:\n### Using client secret AZURE_CLIENT_ID=\u0026lt;your service principal client ID\u0026gt; \\ AZURE_TENANT_ID=\u0026lt;your service principal tenant ID\u0026gt; \\ AZURE_CLIENT_SECRET=\u0026lt;your service principal client secret\u0026gt; \\ lego --domains example.com --email your_example@email.com --dns azuredns run ### Using client certificate AZURE_CLIENT_ID=\u0026lt;your service principal client ID\u0026gt; \\ AZURE_TENANT_ID=\u0026lt;your service principal tenant ID\u0026gt; \\ AZURE_CLIENT_CERTIFICATE_PATH=\u0026lt;your service principal certificate path\u0026gt; \\ lego --domains example.com --email your_example@email.com --dns azuredns run ### Using Azure CLI az login \\ lego --domains example.com --email your_example@email.com --dns azuredns run Credentials Environment Variable Name Description AZURE_CLIENT_ID Client ID AZURE_CLIENT_SECRET Client secret AZURE_RESOURCE_GROUP DNS zone resource group AZURE_SUBSCRIPTION_ID DNS zone subscription ID AZURE_TENANT_ID Tenant ID The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description AZURE_ENVIRONMENT Azure environment, one of: public, usgovernment, and china AZURE_POLLING_INTERVAL Time between DNS propagation check AZURE_PRIVATE_ZONE Set to true to use Azure Private DNS Zones and not public AZURE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation AZURE_TTL The TTL of the TXT record used for the DNS challenge AZURE_ZONE_NAME Zone name to use inside Azure DNS service to add the TXT record in The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nDescription Azure Credentials are automatically detected in the following locations and prioritized in the following order:\nEnvironment variables for client secret: AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET Environment variables for client certificate: AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_CERTIFICATE_PATH Workload identity for resources hosted in Azure environment (see below) Shared credentials file (defaults to ~/.azure), used by Azure CLI Link:\nAzure Authentication Workload identity Azure Managed Identity Azure managed identity service allows linking Azure AD identities to Azure resources. Workloads running inside compute typed resource can inherit from this configuration to get rights on Azure resources.\nWorkload identity for AKS Workload identity allows workloads running Azure Kubernetes Services (AKS) clusters to authenticate as an Azure AD application identity using federated credentials. This must be configured in kubernetes workload deployment in one hand and on the Azure AD application registration in the other hand. \\\nHere is a summary of the steps to follow to use it :\ncreate a ServiceAccount resource, add following annotations to reference the targeted Azure AD application registration : azure.workload.identity/client-id and azure.workload.identity/tenant-id. \\ on the Deployment resource you must reference the previous ServiceAccount and add the following label : azure.workload.identity/use: \u0026quot;true\u0026quot;. create a fedreated credentials of type Kubernetes accessing Azure resources, add the cluster issuer URL and add the namespace and name of your kubernetes service account. Link :\nAzure AD Workload identity More information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/bindman/", "title": "Bindman", "tags": [], "description": "", "content": " Configuration for Bindman.\nCode: bindman Since: v2.6.0 Here is an example bash command using the Bindman provider:\nBINDMAN_MANAGER_ADDRESS=\u0026lt;your bindman manager address\u0026gt; \\ lego --email you@example.com --dns bindman --domains my.example.org run Credentials Environment Variable Name Description BINDMAN_MANAGER_ADDRESS The server URL, should have scheme, hostname, and port (if required) of the Bindman-DNS Manager server The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description BINDMAN_HTTP_TIMEOUT API request timeout BINDMAN_POLLING_INTERVAL Time between DNS propagation check BINDMAN_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/bluecat/", "title": "Bluecat", "tags": [], "description": "", "content": " Configuration for Bluecat.\nCode: bluecat Since: v0.5.0 Here is an example bash command using the Bluecat provider:\nBLUECAT_PASSWORD=mypassword \\ BLUECAT_DNS_VIEW=myview \\ BLUECAT_USER_NAME=myusername \\ BLUECAT_CONFIG_NAME=myconfig \\ BLUECAT_SERVER_URL=https://bam.example.com \\ BLUECAT_TTL=30 \\ lego --email you@example.com --dns bluecat --domains my.example.org run Credentials Environment Variable Name Description BLUECAT_CONFIG_NAME Configuration name BLUECAT_DNS_VIEW External DNS View Name BLUECAT_PASSWORD API password BLUECAT_SERVER_URL The server URL, should have scheme, hostname, and port (if required) of the authoritative Bluecat BAM serve BLUECAT_USER_NAME API username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description BLUECAT_HTTP_TIMEOUT API request timeout BLUECAT_POLLING_INTERVAL Time between DNS propagation check BLUECAT_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation BLUECAT_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/brandit/", "title": "Brandit", "tags": [], "description": "", "content": " Configuration for Brandit.\nCode: brandit Since: v4.11.0 Here is an example bash command using the Brandit provider:\nBRANDIT_API_KEY=xxxxxxxxxxxxxxxxxxxxx \\ BRANDIT_API_USERNAME=yyyyyyyyyyyyyyyyyyyy \\ lego --email myemail@example.com --dns brandit --domains my.example.org run Credentials Environment Variable Name Description BRANDIT_API_KEY The API key BRANDIT_API_USERNAME The API username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description BRANDIT_HTTP_TIMEOUT API request timeout BRANDIT_POLLING_INTERVAL Time between DNS propagation check BRANDIT_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation BRANDIT_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/bunny/", "title": "Bunny", "tags": [], "description": "", "content": " Configuration for Bunny.\nCode: bunny Since: v4.11.0 Here is an example bash command using the Bunny provider:\nBUNNY_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \\ lego --email you@example.com --dns bunny --domains my.example.org run Credentials Environment Variable Name Description BUNNY_API_KEY API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description BUNNY_POLLING_INTERVAL Time between DNS propagation check BUNNY_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation BUNNY_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/checkdomain/", "title": "Checkdomain", "tags": [], "description": "", "content": " Configuration for Checkdomain.\nCode: checkdomain Since: v3.3.0 Here is an example bash command using the Checkdomain provider:\nCHECKDOMAIN_TOKEN=yoursecrettoken \\ lego --email you@example.com --dns checkdomain --domains my.example.org run Credentials Environment Variable Name Description CHECKDOMAIN_TOKEN API token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description CHECKDOMAIN_ENDPOINT API endpoint URL, defaults to https://api.checkdomain.de CHECKDOMAIN_HTTP_TIMEOUT API request timeout, defaults to 30 seconds CHECKDOMAIN_POLLING_INTERVAL Time between DNS propagation check CHECKDOMAIN_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation CHECKDOMAIN_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/civo/", "title": "Civo", "tags": [], "description": "", "content": " Configuration for Civo.\nCode: civo Since: v4.9.0 Here is an example bash command using the Civo provider:\nCIVO_TOKEN=xxxxxx \\ lego --email you@example.com --dns civo --domains my.example.org run Credentials Environment Variable Name Description CIVO_TOKEN Authentication token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description CIVO_POLLING_INTERVAL Time between DNS propagation check CIVO_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation CIVO_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/usage/cli/", "title": "CLI", "tags": [], "description": "", "content": "Lego can be use as a CLI.\nGeneral Instructions Read this first to clarify some assumptions made by the following guides.\nObtain a Certificate This guide explains various ways to obtain a new certificate.\nRenew a Certificate This guide describes how to renew existing certificates.\nOptions This page describes various command line options.\n" }, { "uri": "https://go-acme.github.io/lego/dns/clouddns/", "title": "CloudDNS", "tags": [], "description": "", "content": " Configuration for CloudDNS.\nCode: clouddns Since: v3.6.0 Here is an example bash command using the CloudDNS provider:\nCLOUDDNS_CLIENT_ID=bLsdFAks23429841238feb177a572aX \\ CLOUDDNS_EMAIL=you@example.com \\ CLOUDDNS_PASSWORD=b9841238feb177a84330f \\ lego --email you@example.com --dns clouddns --domains my.example.org run Credentials Environment Variable Name Description CLOUDDNS_CLIENT_ID Client ID CLOUDDNS_EMAIL Account email CLOUDDNS_PASSWORD Account password The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description CLOUDDNS_HTTP_TIMEOUT API request timeout CLOUDDNS_POLLING_INTERVAL Time between DNS propagation check CLOUDDNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation CLOUDDNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/cloudflare/", "title": "Cloudflare", "tags": [], "description": "", "content": " Configuration for Cloudflare.\nCode: cloudflare Since: v0.3.0 Here is an example bash command using the Cloudflare provider:\nCLOUDFLARE_EMAIL=you@example.com \\ CLOUDFLARE_API_KEY=b9841238feb177a84330febba8a83208921177bffe733 \\ lego --email you@example.com --dns cloudflare --domains my.example.org run # or CLOUDFLARE_DNS_API_TOKEN=1234567890abcdefghijklmnopqrstuvwxyz \\ lego --email you@example.com --dns cloudflare --domains my.example.org run Credentials Environment Variable Name Description CF_API_EMAIL Account email CF_API_KEY API key CF_DNS_API_TOKEN API token with DNS:Edit permission (since v3.1.0) CF_ZONE_API_TOKEN API token with Zone:Read permission (since v3.1.0) CLOUDFLARE_API_KEY Alias to CF_API_KEY CLOUDFLARE_DNS_API_TOKEN Alias to CF_DNS_API_TOKEN CLOUDFLARE_EMAIL Alias to CF_API_EMAIL CLOUDFLARE_ZONE_API_TOKEN Alias to CF_ZONE_API_TOKEN The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description CLOUDFLARE_HTTP_TIMEOUT API request timeout CLOUDFLARE_POLLING_INTERVAL Time between DNS propagation check CLOUDFLARE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation CLOUDFLARE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nDescription You may use CF_API_EMAIL and CF_API_KEY to authenticate, or CF_DNS_API_TOKEN, or CF_DNS_API_TOKEN and CF_ZONE_API_TOKEN.\nAPI keys If using API keys (CF_API_EMAIL and CF_API_KEY), the Global API Key needs to be used, not the Origin CA Key.\nPlease be aware, that this in principle allows Lego to read and change everything related to this account.\nAPI tokens With API tokens (CF_DNS_API_TOKEN, and optionally CF_ZONE_API_TOKEN), very specific access can be granted to your resources at Cloudflare. See this Cloudflare announcement for details.\nThe main resources Lego cares for are the DNS entries for your Zones. It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.\nHence, you should create an API token with the following permissions:\nZone / Zone / Read Zone / DNS / Edit You also need to scope the access to all your domains for this to work. Then pass the API token as CF_DNS_API_TOKEN to Lego.\nAlternatively, if you prefer a more strict set of privileges, you can split the access tokens:\nCreate one with Zone / Zone / Read permissions and scope it to all your zones. This is needed to resolve domain names to Zone IDs and can be shared among multiple Lego installations. Pass this API token as CF_ZONE_API_TOKEN to Lego. Create another API token with Zone / DNS / Edit permissions and set the scope to the domains you want to manage with a single Lego installation. Pass this token as CF_DNS_API_TOKEN to Lego. Repeat the previous step for each host you want to run Lego on. This \u0026ldquo;paranoid\u0026rdquo; setup is mainly interesting for users who manage many zones/domains with a single Cloudflare account. It follows the principle of least privilege and limits the possible damage, should one of the hosts become compromised.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/cloudns/", "title": "ClouDNS", "tags": [], "description": "", "content": " Configuration for ClouDNS.\nCode: cloudns Since: v2.3.0 Here is an example bash command using the ClouDNS provider:\nCLOUDNS_AUTH_ID=xxxx \\ CLOUDNS_AUTH_PASSWORD=yyyy \\ lego --email you@example.com --dns cloudns --domains my.example.org run Credentials Environment Variable Name Description CLOUDNS_AUTH_ID The API user ID CLOUDNS_AUTH_PASSWORD The password for API user ID The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description CLOUDNS_HTTP_TIMEOUT API request timeout CLOUDNS_POLLING_INTERVAL Time between DNS propagation check CLOUDNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation CLOUDNS_SUB_AUTH_ID The API sub user ID CLOUDNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/cloudxns/", "title": "CloudXNS", "tags": [], "description": "", "content": " Configuration for CloudXNS.\nCode: cloudxns Since: v0.5.0 Here is an example bash command using the CloudXNS provider:\nCLOUDXNS_API_KEY=xxxx \\ CLOUDXNS_SECRET_KEY=yyyy \\ lego --email you@example.com --dns cloudxns --domains my.example.org run Credentials Environment Variable Name Description CLOUDXNS_API_KEY The API key CLOUDXNS_SECRET_KEY The API secret key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description CLOUDXNS_HTTP_TIMEOUT API request timeout CLOUDXNS_POLLING_INTERVAL Time between DNS propagation check CLOUDXNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation CLOUDXNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/conoha/", "title": "ConoHa", "tags": [], "description": "", "content": " Configuration for ConoHa.\nCode: conoha Since: v1.2.0 Here is an example bash command using the ConoHa provider:\nCONOHA_TENANT_ID=487727e3921d44e3bfe7ebb337bf085e \\ CONOHA_API_USERNAME=xxxx \\ CONOHA_API_PASSWORD=yyyy \\ lego --email you@example.com --dns conoha --domains my.example.org run Credentials Environment Variable Name Description CONOHA_API_PASSWORD The API password CONOHA_API_USERNAME The API username CONOHA_TENANT_ID Tenant ID The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description CONOHA_HTTP_TIMEOUT API request timeout CONOHA_POLLING_INTERVAL Time between DNS propagation check CONOHA_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation CONOHA_REGION The region CONOHA_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/constellix/", "title": "Constellix", "tags": [], "description": "", "content": " Configuration for Constellix.\nCode: constellix Since: v3.4.0 Here is an example bash command using the Constellix provider:\nCONSTELLIX_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \\ CONSTELLIX_SECRET_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \\ lego --email you@example.com --dns constellix --domains my.example.org run Credentials Environment Variable Name Description CONSTELLIX_API_KEY User API key CONSTELLIX_SECRET_KEY User secret key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description CONSTELLIX_HTTP_TIMEOUT API request timeout CONSTELLIX_POLLING_INTERVAL Time between DNS propagation check CONSTELLIX_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation CONSTELLIX_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/derak/", "title": "Derak Cloud", "tags": [], "description": "", "content": " Configuration for Derak Cloud.\nCode: derak Since: v4.12.0 Here is an example bash command using the Derak Cloud provider:\nDERAK_API_KEY=\u0026#34;xxxxxxxxxxxxxxxxxxxxx\u0026#34; \\ lego --email myemail@example.com --dns derak --domains my.example.org run Credentials Environment Variable Name Description DERAK_API_KEY The API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DERAK_HTTP_TIMEOUT API request timeout DERAK_POLLING_INTERVAL Time between DNS propagation check DERAK_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DERAK_TTL The TTL of the TXT record used for the DNS challenge DERAK_WEBSITE_ID Force the zone/website ID The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\n" }, { "uri": "https://go-acme.github.io/lego/dns/desec/", "title": "deSEC.io", "tags": [], "description": "", "content": " Configuration for deSEC.io.\nCode: desec Since: v3.7.0 Here is an example bash command using the deSEC.io provider:\nDESEC_TOKEN=x-xxxxxxxxxxxxxxxxxxxxxxxxxx \\ lego --email you@example.com --dns desec --domains my.example.org run Credentials Environment Variable Name Description DESEC_TOKEN Domain token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DESEC_HTTP_TIMEOUT API request timeout DESEC_POLLING_INTERVAL Time between DNS propagation check DESEC_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DESEC_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/designate/", "title": "Designate DNSaaS for Openstack", "tags": [], "description": "", "content": " Configuration for Designate DNSaaS for Openstack.\nCode: designate Since: v2.2.0 Here is an example bash command using the Designate DNSaaS for Openstack provider:\n# With a `clouds.yaml` OS_CLOUD=my_openstack \\ lego --email you@example.com --dns designate --domains my.example.org run # or OS_AUTH_URL=https://openstack.example.org \\ OS_REGION_NAME=RegionOne \\ OS_PROJECT_ID=23d4522a987d4ab529f722a007c27846 OS_USERNAME=myuser \\ OS_PASSWORD=passw0rd \\ lego --email you@example.com --dns designate --domains my.example.org run # or OS_AUTH_URL=https://openstack.example.org \\ OS_REGION_NAME=RegionOne \\ OS_AUTH_TYPE=v3applicationcredential \\ OS_APPLICATION_CREDENTIAL_ID=imn74uq0or7dyzz20dwo1ytls4me8dry \\ OS_APPLICATION_CREDENTIAL_SECRET=68FuSPSdQqkFQYH5X1OoriEIJOwyLtQ8QSqXZOc9XxFK1A9tzZT6He2PfPw0OMja \\ lego --email you@example.com --dns designate --domains my.example.org run Credentials Environment Variable Name Description OS_APPLICATION_CREDENTIAL_ID Application credential ID OS_APPLICATION_CREDENTIAL_NAME Application credential name OS_APPLICATION_CREDENTIAL_SECRET Application credential secret OS_AUTH_URL Identity endpoint URL OS_PASSWORD Password OS_PROJECT_NAME Project name OS_REGION_NAME Region name OS_USERNAME Username OS_USER_ID User ID The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DESIGNATE_POLLING_INTERVAL Time between DNS propagation check DESIGNATE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DESIGNATE_TTL The TTL of the TXT record used for the DNS challenge OS_PROJECT_ID Project ID OS_TENANT_NAME Tenant name (deprecated see OS_PROJECT_NAME and OS_PROJECT_ID) The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nDescription There are three main ways of authenticating with Designate:\nThe first one is by using the OS_CLOUD environment variable and a clouds.yaml file. The second one is using your username and password, via the OS_USERNAME, OS_PASSWORD and OS_PROJECT_NAME environment variables. The third one is by using an application credential, via the OS_APPLICATION_CREDENTIAL_* and OS_USER_ID environment variables. For the username/password and application methods, the OS_AUTH_URL and OS_REGION_NAME environment variables are required.\nFor more information, you can read about the different methods of authentication with OpenStack in the Keystone\u0026rsquo;s documentation and the gophercloud documentation:\nKeystone username/password Keystone application credentials More information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/digitalocean/", "title": "Digital Ocean", "tags": [], "description": "", "content": " Configuration for Digital Ocean.\nCode: digitalocean Since: v0.3.0 Here is an example bash command using the Digital Ocean provider:\nDO_AUTH_TOKEN=xxxxxx \\ lego --email you@example.com --dns digitalocean --domains my.example.org run Credentials Environment Variable Name Description DO_AUTH_TOKEN Authentication token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DO_API_URL The URL of the API DO_HTTP_TIMEOUT API request timeout DO_POLLING_INTERVAL Time between DNS propagation check DO_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DO_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/dnsmadeeasy/", "title": "DNS Made Easy", "tags": [], "description": "", "content": " Configuration for DNS Made Easy.\nCode: dnsmadeeasy Since: v0.4.0 Here is an example bash command using the DNS Made Easy provider:\nDNSMADEEASY_API_KEY=xxxxxx \\ DNSMADEEASY_API_SECRET=yyyyy \\ lego --email you@example.com --dns dnsmadeeasy --domains my.example.org run Credentials Environment Variable Name Description DNSMADEEASY_API_KEY The API key DNSMADEEASY_API_SECRET The API Secret key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DNSMADEEASY_HTTP_TIMEOUT API request timeout DNSMADEEASY_POLLING_INTERVAL Time between DNS propagation check DNSMADEEASY_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DNSMADEEASY_SANDBOX Activate the sandbox (boolean) DNSMADEEASY_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/dnshomede/", "title": "dnsHome.de", "tags": [], "description": "", "content": " Configuration for dnsHome.de.\nCode: dnshomede Since: v4.10.0 Here is an example bash command using the dnsHome.de provider:\nDNSHOMEDE_CREDENTIALS=sub.example.org:password \\ lego --email you@example.com --dns dnshomede --domains example.org --domains \u0026#39;*.example.org\u0026#39; run DNSHOMEDE_CREDENTIALS=my.example.org:password1,demo.example.org:password2 \\ lego --email you@example.com --dns dnshomede --domains my.example.org --domains demo.example.org Credentials Environment Variable Name Description DNSHOMEDE_CREDENTIALS Comma-separated list of domain:password credential pairs The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\n" }, { "uri": "https://go-acme.github.io/lego/dns/dnsimple/", "title": "DNSimple", "tags": [], "description": "", "content": " Configuration for DNSimple.\nCode: dnsimple Since: v0.3.0 Here is an example bash command using the DNSimple provider:\nDNSIMPLE_OAUTH_TOKEN=1234567890abcdefghijklmnopqrstuvwxyz \\ lego --email you@example.com --dns dnsimple --domains my.example.org run Credentials Environment Variable Name Description DNSIMPLE_OAUTH_TOKEN OAuth token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DNSIMPLE_BASE_URL API endpoint URL DNSIMPLE_POLLING_INTERVAL Time between DNS propagation check DNSIMPLE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DNSIMPLE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nDescription DNSIMPLE_BASE_URL is optional and must be set to production (https://api.dnsimple.com). if DNSIMPLE_BASE_URL is not defined or empty, the production URL is used by default.\nWhile you can manage DNS records in the DNSimple Sandbox environment, DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge.\nTo authenticate you need to provide a valid API token. HTTP Basic Authentication is intentionally not supported.\nAPI tokens You can generate a new API token from your account page. Only Account API tokens are supported, if you try to use an User API token you will receive an error message.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/dnspod/", "title": "DNSPod (deprecated)", "tags": [], "description": "", "content": " Use the Tencent Cloud provider instead.\nCode: dnspod Since: v0.4.0 Here is an example bash command using the DNSPod (deprecated) provider:\nDNSPOD_API_KEY=xxxxxx \\ lego --email you@example.com --dns dnspod --domains my.example.org run Credentials Environment Variable Name Description DNSPOD_API_KEY The user token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DNSPOD_HTTP_TIMEOUT API request timeout DNSPOD_POLLING_INTERVAL Time between DNS propagation check DNSPOD_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DNSPOD_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/dode/", "title": "Domain Offensive (do.de)", "tags": [], "description": "", "content": " Configuration for Domain Offensive (do.de).\nCode: dode Since: v2.4.0 Here is an example bash command using the Domain Offensive (do.de) provider:\nDODE_TOKEN=xxxxxx \\ lego --email you@example.com --dns dode --domains my.example.org run Credentials Environment Variable Name Description DODE_TOKEN API token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DODE_HTTP_TIMEOUT API request timeout DODE_POLLING_INTERVAL Time between DNS propagation check DODE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DODE_SEQUENCE_INTERVAL Time between sequential requests DODE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/domeneshop/", "title": "Domeneshop", "tags": [], "description": "", "content": " Configuration for Domeneshop.\nCode: domeneshop Since: v4.3.0 Here is an example bash command using the Domeneshop provider:\nDOMENESHOP_API_TOKEN=\u0026lt;token\u0026gt; \\ DOMENESHOP_API_SECRET=\u0026lt;secret\u0026gt; \\ lego --email example@example.com --dns domeneshop --domains example.com run Credentials Environment Variable Name Description DOMENESHOP_API_SECRET API secret DOMENESHOP_API_TOKEN API token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DOMENESHOP_HTTP_TIMEOUT API request timeout DOMENESHOP_POLLING_INTERVAL Time between DNS propagation check DOMENESHOP_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAPI credentials Visit the following page for information on how to create API credentials with Domeneshop:\nhttps://api.domeneshop.no/docs/#section/Authentication\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/dreamhost/", "title": "DreamHost", "tags": [], "description": "", "content": " Configuration for DreamHost.\nCode: dreamhost Since: v1.1.0 Here is an example bash command using the DreamHost provider:\nDREAMHOST_API_KEY=\u0026#34;YOURAPIKEY\u0026#34; \\ lego --email you@example.com --dns dreamhost --domains my.example.org run Credentials Environment Variable Name Description DREAMHOST_API_KEY The API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DREAMHOST_HTTP_TIMEOUT API request timeout DREAMHOST_POLLING_INTERVAL Time between DNS propagation check DREAMHOST_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DREAMHOST_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/duckdns/", "title": "Duck DNS", "tags": [], "description": "", "content": " Configuration for Duck DNS.\nCode: duckdns Since: v0.5.0 Here is an example bash command using the Duck DNS provider:\nDUCKDNS_TOKEN=xxxxxx \\ lego --email you@example.com --dns duckdns --domains my.example.org run Credentials Environment Variable Name Description DUCKDNS_TOKEN Account token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DUCKDNS_HTTP_TIMEOUT API request timeout DUCKDNS_POLLING_INTERVAL Time between DNS propagation check DUCKDNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DUCKDNS_SEQUENCE_INTERVAL Time between sequential requests DUCKDNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/dyn/", "title": "Dyn", "tags": [], "description": "", "content": " Configuration for Dyn.\nCode: dyn Since: v0.3.0 Here is an example bash command using the Dyn provider:\nDYN_CUSTOMER_NAME=xxxxxx \\ DYN_USER_NAME=yyyyy \\ DYN_PASSWORD=zzzz \\ lego --email you@example.com --dns dyn --domains my.example.org run Credentials Environment Variable Name Description DYN_CUSTOMER_NAME Customer name DYN_PASSWORD Password DYN_USER_NAME User name The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DYN_HTTP_TIMEOUT API request timeout DYN_POLLING_INTERVAL Time between DNS propagation check DYN_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DYN_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/dynu/", "title": "Dynu", "tags": [], "description": "", "content": " Configuration for Dynu.\nCode: dynu Since: v3.5.0 Here is an example bash command using the Dynu provider:\nDYNU_API_KEY=1234567890abcdefghijklmnopqrstuvwxyz \\ lego --email you@example.com --dns dynu --domains my.example.org run Credentials Environment Variable Name Description DYNU_API_KEY API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DYNU_HTTP_TIMEOUT API request timeout DYNU_POLLING_INTERVAL Time between DNS propagation check DYNU_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation DYNU_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/easydns/", "title": "EasyDNS", "tags": [], "description": "", "content": " Configuration for EasyDNS.\nCode: easydns Since: v2.6.0 Here is an example bash command using the EasyDNS provider:\nEASYDNS_TOKEN=\u0026lt;your token\u0026gt; \\ EASYDNS_KEY=\u0026lt;your key\u0026gt; \\ lego --email you@example.com --dns easydns --domains my.example.org run Credentials Environment Variable Name Description EASYDNS_KEY API Key EASYDNS_TOKEN API Token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description EASYDNS_ENDPOINT The endpoint URL of the API Server EASYDNS_HTTP_TIMEOUT API request timeout EASYDNS_POLLING_INTERVAL Time between DNS propagation check EASYDNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation EASYDNS_SEQUENCE_INTERVAL Time between sequential requests EASYDNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nTo test with the sandbox environment set EASYDNS_ENDPOINT=https://sandbox.rest.easydns.net\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/efficientip/", "title": "Efficient IP", "tags": [], "description": "", "content": " Configuration for Efficient IP.\nCode: efficientip Since: v4.13.0 Here is an example bash command using the Efficient IP provider:\nEFFICIENTIP_USERNAME=\u0026#34;user\u0026#34; \\ EFFICIENTIP_PASSWORD=\u0026#34;secret\u0026#34; \\ EFFICIENTIP_HOSTNAME=\u0026#34;ipam.example.org\u0026#34; \\ EFFICIENTIP_DNS_NAME=\u0026#34;dns.smart\u0026#34; \\ lego --email you@example.com --dns efficientip --domains my.example.org run Credentials Environment Variable Name Description EFFICIENTIP_DNS_NAME DNS name (ex: dns.smart) EFFICIENTIP_HOSTNAME Hostname (ex: foo.example.com) EFFICIENTIP_PASSWORD Password EFFICIENTIP_USERNAME Username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description EFFICIENTIP_HTTP_TIMEOUT API request timeout EFFICIENTIP_POLLING_INTERVAL Time between DNS propagation check EFFICIENTIP_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation EFFICIENTIP_TTL The TTL of the TXT record used for the DNS challenge EFFICIENTIP_VIEW_NAME View name (ex: external) The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\n" }, { "uri": "https://go-acme.github.io/lego/dns/epik/", "title": "Epik", "tags": [], "description": "", "content": " Configuration for Epik.\nCode: epik Since: v4.5.0 Here is an example bash command using the Epik provider:\nEPIK_SIGNATURE=xxxxxxxxxxxxxxxxxxxxxxxxxx \\ lego --email you@example.com --dns epik --domains my.example.org run Credentials Environment Variable Name Description EPIK_SIGNATURE Epik API signature (https://registrar.epik.com/account/api-settings/) The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description EPIK_HTTP_TIMEOUT API request timeout EPIK_POLLING_INTERVAL Time between DNS propagation check EPIK_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation EPIK_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/usage/cli/examples/", "title": "Examples", "tags": [], "description": "", "content": " Heads up! We\u0026rsquo;ve restructured the content a bit.\nYou\u0026rsquo;ll find the content now at one of these pages:\nGuide: How to obtain a certificate Using the built-in web server Using a DNS provider Using a custom certificate signing request (CSR) Using an existing, running web server Running a script afterward Use case Guide: How to renew a certificate Using the built-in web server Using a DNS provider Running a script afterward Automatic renewal Reference: Command line options Usage Let\u0026rsquo;s Encrypt ACME server Running without root privileges Port Usage " }, { "uri": "https://go-acme.github.io/lego/dns/exoscale/", "title": "Exoscale", "tags": [], "description": "", "content": " Configuration for Exoscale.\nCode: exoscale Since: v0.4.0 Here is an example bash command using the Exoscale provider:\nEXOSCALE_API_KEY=abcdefghijklmnopqrstuvwx \\ EXOSCALE_API_SECRET=xxxxxxx \\ lego --email you@example.com --dns exoscale --domains my.example.org run Credentials Environment Variable Name Description EXOSCALE_API_KEY API key EXOSCALE_API_SECRET API secret The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description EXOSCALE_API_ZONE API zone EXOSCALE_ENDPOINT API endpoint URL EXOSCALE_HTTP_TIMEOUT API request timeout EXOSCALE_POLLING_INTERVAL Time between DNS propagation check EXOSCALE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation EXOSCALE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/exec/", "title": "External program", "tags": [], "description": "", "content": " Solving the DNS-01 challenge using an external program.\nCode: exec Since: v0.5.0 Here is an example bash command using the External program provider:\nEXEC_PATH=/the/path/to/myscript.sh \\ lego --email you@example.com --dns exec --domains my.example.org run Base Configuration Environment Variable Name Description EXEC_MODE RAW, none EXEC_PATH The path of the the external program. Additional Configuration Environment Variable Name Description EXEC_POLLING_INTERVAL Time between DNS propagation check. EXEC_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation. EXEC_SEQUENCE_INTERVAL Time between sequential requests. Description The file name of the external program is specified in the environment variable EXEC_PATH.\nWhen it is run by lego, three command-line parameters are passed to it: The action (\u0026ldquo;present\u0026rdquo; or \u0026ldquo;cleanup\u0026rdquo;), the fully-qualified domain name and the value for the record.\nFor example, requesting a certificate for the domain \u0026lsquo;my.example.org\u0026rsquo; can be achieved by calling lego as follows:\nEXEC_PATH=./update-dns.sh \\ lego --email you@example.com \\ --dns exec \\ --domains my.example.org run It will then call the program \u0026lsquo;./update-dns.sh\u0026rsquo; with like this:\n./update-dns.sh \u0026#34;present\u0026#34; \u0026#34;_acme-challenge.my.example.org.\u0026#34; \u0026#34;MsijOYZxqyjGnFGwhjrhfg-Xgbl5r68WPda0J9EgqqI\u0026#34; The program then needs to make sure the record is inserted. When it returns an error via a non-zero exit code, lego aborts.\nWhen the record is to be removed again, the program is called with the first command-line parameter set to cleanup instead of present.\nIf you want to use the raw domain, token, and keyAuth values with your program, you can set EXEC_MODE=RAW:\nEXEC_MODE=RAW \\ EXEC_PATH=./update-dns.sh \\ lego --email you@example.com \\ --dns exec \\ --domains my.example.org run It will then call the program ./update-dns.sh like this:\n./update-dns.sh \u0026#34;present\u0026#34; \u0026#34;my.example.org.\u0026#34; \u0026#34;--\u0026#34; \u0026#34;some-token\u0026#34; \u0026#34;KxAy-J3NwUmg9ZQuM-gP_Mq1nStaYSaP9tYQs5_-YsE.ksT-qywTd8058G-SHHWA3RAN72Pr0yWtPYmmY5UBpQ8\u0026#34; Commands The -- is because the token MAY start with a -, and the called program may try and interpret a - as indicating a flag. In the case of urfave, which is commonly used, you can use the -- delimiter to specify the start of positional arguments, and handle such a string safely.\nPresent Mode Command default myprogram present -- \u0026lt;FQDN\u0026gt; \u0026lt;record\u0026gt; RAW myprogram present -- \u0026lt;domain\u0026gt; \u0026lt;token\u0026gt; \u0026lt;key_auth\u0026gt; Cleanup Mode Command default myprogram cleanup -- \u0026lt;FQDN\u0026gt; \u0026lt;record\u0026gt; RAW myprogram cleanup -- \u0026lt;domain\u0026gt; \u0026lt;token\u0026gt; \u0026lt;key_auth\u0026gt; " }, { "uri": "https://go-acme.github.io/lego/dns/freemyip/", "title": "freemyip.com", "tags": [], "description": "", "content": " Configuration for freemyip.com.\nCode: freemyip Since: v4.5.0 Here is an example bash command using the freemyip.com provider:\nFREEMYIP_TOKEN=xxxxxx \\ lego --email you@example.com --dns freemyip --domains my.example.org run Credentials Environment Variable Name Description FREEMYIP_TOKEN Account token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description FREEMYIP_HTTP_TIMEOUT API request timeout FREEMYIP_POLLING_INTERVAL Time between DNS propagation check FREEMYIP_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation FREEMYIP_SEQUENCE_INTERVAL Time between sequential requests FREEMYIP_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/gcore/", "title": "G-Core", "tags": [], "description": "", "content": " Configuration for G-Core.\nCode: gcore Since: v4.5.0 Here is an example bash command using the G-Core provider:\nGCORE_PERMANENT_API_TOKEN=xxxxx \\ lego --email you@example.com --dns gcore --domains my.example.org run Credentials Environment Variable Name Description GCORE_PERMANENT_API_TOKEN Permanent API token (https://gcore.com/blog/permanent-api-token-explained/) The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description GCORE_HTTP_TIMEOUT API request timeout GCORE_POLLING_INTERVAL Time between DNS propagation check GCORE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation GCORE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/gandi/", "title": "Gandi", "tags": [], "description": "", "content": " Configuration for Gandi.\nCode: gandi Since: v0.3.0 Here is an example bash command using the Gandi provider:\nGANDI_API_KEY=abcdefghijklmnopqrstuvwx \\ lego --email you@example.com --dns gandi --domains my.example.org run Credentials Environment Variable Name Description GANDI_API_KEY API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description GANDI_HTTP_TIMEOUT API request timeout GANDI_POLLING_INTERVAL Time between DNS propagation check GANDI_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation GANDI_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/gandiv5/", "title": "Gandi Live DNS (v5)", "tags": [], "description": "", "content": " Configuration for Gandi Live DNS (v5).\nCode: gandiv5 Since: v0.5.0 Here is an example bash command using the Gandi Live DNS (v5) provider:\nGANDIV5_API_KEY=abcdefghijklmnopqrstuvwx \\ lego --email you@example.com --dns gandiv5 --domains my.example.org run Credentials Environment Variable Name Description GANDIV5_API_KEY API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description GANDIV5_HTTP_TIMEOUT API request timeout GANDIV5_POLLING_INTERVAL Time between DNS propagation check GANDIV5_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation GANDIV5_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/glesys/", "title": "Glesys", "tags": [], "description": "", "content": " Configuration for Glesys.\nCode: glesys Since: v0.5.0 Here is an example bash command using the Glesys provider:\nGLESYS_API_USER=xxxxx \\ GLESYS_API_KEY=yyyyy \\ lego --email you@example.com --dns glesys --domains my.example.org run Credentials Environment Variable Name Description GLESYS_API_KEY API key GLESYS_API_USER API user The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description GLESYS_HTTP_TIMEOUT API request timeout GLESYS_POLLING_INTERVAL Time between DNS propagation check GLESYS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation GLESYS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/godaddy/", "title": "Go Daddy", "tags": [], "description": "", "content": " Configuration for Go Daddy.\nCode: godaddy Since: v0.5.0 Here is an example bash command using the Go Daddy provider:\nGODADDY_API_KEY=xxxxxxxx \\ GODADDY_API_SECRET=yyyyyyyy \\ lego --email you@example.com --dns godaddy --domains my.example.org run Credentials Environment Variable Name Description GODADDY_API_KEY API key GODADDY_API_SECRET API secret The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description GODADDY_HTTP_TIMEOUT API request timeout GODADDY_POLLING_INTERVAL Time between DNS propagation check GODADDY_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation GODADDY_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/gcloud/", "title": "Google Cloud", "tags": [], "description": "", "content": " Configuration for Google Cloud.\nCode: gcloud Since: v0.3.0 Here is an example bash command using the Google Cloud provider:\nGCE_PROJECT=\u0026#34;gc-project-id\u0026#34; GCE_SERVICE_ACCOUNT_FILE=\u0026#34;/path/to/svc/account/file.json\u0026#34; lego \\ --email=\u0026#34;abc@email.com\u0026#34; \\ --domains=\u0026#34;example.com\u0026#34; \\ --dns=\u0026#34;gcloud\u0026#34; \\ --path=\u0026#34;${HOME}/.lego\u0026#34; \\ run Credentials Environment Variable Name Description Application Default Credentials Documentation GCE_PROJECT Project name (by default, the project name is auto-detected by using the metadata service) GCE_SERVICE_ACCOUNT Account GCE_SERVICE_ACCOUNT_FILE Account file path The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description GCE_ALLOW_PRIVATE_ZONE Allows requested domain to be in private DNS zone, works only with a private ACME server (by default: false) GCE_POLLING_INTERVAL Time between DNS propagation check GCE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation GCE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/googledomains/", "title": "Google Domains", "tags": [], "description": "", "content": " Configuration for Google Domains.\nCode: googledomains Since: v4.11.0 Here is an example bash command using the Google Domains provider:\nGOOGLE_DOMAINS_ACCESS_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \\ lego --email you@example.com --dns googledomains --domains my.example.org run Credentials Environment Variable Name Description GOOGLE_DOMAINS_ACCESS_TOKEN Access token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description GOOGLE_DOMAINS_HTTP_TIMEOUT API request timeout GOOGLE_DOMAINS_POLLING_INTERVAL Time between DNS propagation check GOOGLE_DOMAINS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information Go client " }, { "uri": "https://go-acme.github.io/lego/dns/hetzner/", "title": "Hetzner", "tags": [], "description": "", "content": " Configuration for Hetzner.\nCode: hetzner Since: v3.7.0 Here is an example bash command using the Hetzner provider:\nHETZNER_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \\ lego --email you@example.com --dns hetzner --domains my.example.org run Credentials Environment Variable Name Description HETZNER_API_KEY API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description HETZNER_HTTP_TIMEOUT API request timeout HETZNER_POLLING_INTERVAL Time between DNS propagation check HETZNER_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation HETZNER_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/hostingde/", "title": "Hosting.de", "tags": [], "description": "", "content": " Configuration for Hosting.de.\nCode: hostingde Since: v1.1.0 Here is an example bash command using the Hosting.de provider:\nHOSTINGDE_API_KEY=xxxxxxxx \\ lego --email you@example.com --dns hostingde --domains my.example.org run Credentials Environment Variable Name Description HOSTINGDE_API_KEY API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description HOSTINGDE_HTTP_TIMEOUT API request timeout HOSTINGDE_POLLING_INTERVAL Time between DNS propagation check HOSTINGDE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation HOSTINGDE_TTL The TTL of the TXT record used for the DNS challenge HOSTINGDE_ZONE_NAME Zone name in ACE format The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/hosttech/", "title": "Hosttech", "tags": [], "description": "", "content": " Configuration for Hosttech.\nCode: hosttech Since: v4.5.0 Here is an example bash command using the Hosttech provider:\nHOSTTECH_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxx \\ lego --email you@example.com --dns hosttech --domains my.example.org run Credentials Environment Variable Name Description HOSTTECH_API_KEY API login HOSTTECH_PASSWORD API password The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description HOSTTECH_HTTP_TIMEOUT API request timeout HOSTTECH_POLLING_INTERVAL Time between DNS propagation check HOSTTECH_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation HOSTTECH_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/httpreq/", "title": "HTTP request", "tags": [], "description": "", "content": " Configuration for HTTP request.\nCode: httpreq Since: v2.0.0 Here is an example bash command using the HTTP request provider:\nHTTPREQ_ENDPOINT=http://my.server.com:9090 \\ lego --email you@example.com --dns httpreq --domains my.example.org run Credentials Environment Variable Name Description HTTPREQ_ENDPOINT The URL of the server HTTPREQ_MODE RAW, none The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description HTTPREQ_HTTP_TIMEOUT API request timeout HTTPREQ_PASSWORD Basic authentication password HTTPREQ_POLLING_INTERVAL Time between DNS propagation check HTTPREQ_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation HTTPREQ_USERNAME Basic authentication username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nDescription The server must provide:\nPOST /present POST /cleanup The URL of the server must be define by HTTPREQ_ENDPOINT.\nMode There are 2 modes (HTTPREQ_MODE):\ndefault mode: { \u0026#34;fqdn\u0026#34;: \u0026#34;_acme-challenge.domain.\u0026#34;, \u0026#34;value\u0026#34;: \u0026#34;LHDhK3oGRvkiefQnx7OOczTY5Tic_xZ6HcMOc_gmtoM\u0026#34; } RAW { \u0026#34;domain\u0026#34;: \u0026#34;domain\u0026#34;, \u0026#34;token\u0026#34;: \u0026#34;token\u0026#34;, \u0026#34;keyAuth\u0026#34;: \u0026#34;key\u0026#34; } Authentication Basic authentication (optional) can be set with some environment variables:\nHTTPREQ_USERNAME and HTTPREQ_PASSWORD both values must be set, otherwise basic authentication is not defined. " }, { "uri": "https://go-acme.github.io/lego/dns/hurricane/", "title": "Hurricane Electric DNS", "tags": [], "description": "", "content": " Configuration for Hurricane Electric DNS.\nCode: hurricane Since: v4.3.0 Here is an example bash command using the Hurricane Electric DNS provider:\nHURRICANE_TOKENS=example.org:token \\ lego --email you@example.com --dns hurricane --domains example.org --domains \u0026#39;*.example.org\u0026#39; run HURRICANE_TOKENS=my.example.org:token1,demo.example.org:token2 \\ lego --email you@example.com --dns hurricane --domains my.example.org --domains demo.example.org Credentials Environment Variable Name Description HURRICANE_TOKENS TXT record names and tokens The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nBefore using lego to request a certificate for a given domain or wildcard (such as my.example.org or *.my.example.org), create a TXT record named _acme-challenge.my.example.org, and enable dynamic updates on it. Generate a token for each URL with Hurricane Electric\u0026rsquo;s UI, and copy it down. Stick to alphanumeric tokens for greatest reliability.\nTo authenticate with the Hurricane Electric API, add each record name/token pair you want to update to the HURRICANE_TOKENS environment variable, as shown in the examples. Record names (without the _acme-challenge. component) and their tokens are separated with colons, while the credential pairs are concatenated into a comma-separated list, like so:\nHURRICANE_TOKENS=my.example.org:token1,demo.example.org:token2 If you are issuing both a wildcard certificate and a standard certificate for a given subdomain, you should not have repeat entries for that name, as both will use the same credential.\nHURRICANE_TOKENS=example.org:token More information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/hyperone/", "title": "HyperOne", "tags": [], "description": "", "content": " Configuration for HyperOne.\nCode: hyperone Since: v3.9.0 Here is an example bash command using the HyperOne provider:\nlego --email you@example.com --dns hyperone --domains my.example.org run Additional Configuration Environment Variable Name Description HYPERONE_API_URL Allows to pass custom API Endpoint to be used in the challenge (default https://api.hyperone.com/v2) HYPERONE_LOCATION_ID Specifies location (region) to be used in API calls. (default pl-waw-1) HYPERONE_PASSPORT_LOCATION Allows to pass custom passport file location (default ~/.h1/passport.json) HYPERONE_POLLING_INTERVAL Time between DNS propagation check HYPERONE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation HYPERONE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nDescription Default configuration does not require any additional environment variables, just a passport file in ~/.h1/passport.json location.\nGenerating passport file using H1 CLI To use this application you have to generate passport file for sa:\nh1 iam project sa credential generate --name my-passport --project \u0026lt;project ID\u0026gt; --sa \u0026lt;sa ID\u0026gt; --passport-output-file ~/.h1/passport.json Required permissions The application requires following permissions:\ndns/zone/list dns/zone.recordset/list dns/zone.recordset/create dns/zone.recordset/delete dns/zone.record/create dns/zone.record/list dns/zone.record/delete All required permissions are available via platform role tool.lego.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/ibmcloud/", "title": "IBM Cloud (SoftLayer)", "tags": [], "description": "", "content": " Configuration for IBM Cloud (SoftLayer).\nCode: ibmcloud Since: v4.5.0 Here is an example bash command using the IBM Cloud (SoftLayer) provider:\nSOFTLAYER_USERNAME=xxxxx \\ SOFTLAYER_API_KEY=yyyyy \\ lego --email you@example.com --dns ibmcloud --domains my.example.org run Credentials Environment Variable Name Description SOFTLAYER_API_KEY Classic Infrastructure API key SOFTLAYER_USERNAME User name (IBM Cloud is _) The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description SOFTLAYER_POLLING_INTERVAL Time between DNS propagation check SOFTLAYER_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation SOFTLAYER_TIMEOUT API request timeout SOFTLAYER_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/iijdpf/", "title": "IIJ DNS Platform Service", "tags": [], "description": "", "content": " Configuration for IIJ DNS Platform Service.\nCode: iijdpf Since: v4.7.0 Here is an example bash command using the IIJ DNS Platform Service provider:\nIIJ_DPF_API_TOKEN=xxxxxxxx \\ IIJ_DPF_DPM_SERVICE_CODE=yyyyyy \\ lego --email you@example.com --dns iijdpf --domains my.example.org run Credentials Environment Variable Name Description IIJ_DPF_API_TOKEN API token IIJ_DPF_DPM_SERVICE_CODE IIJ Managed DNS Service\u0026rsquo;s service code The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description IIJ_DPF_API_ENDPOINT API endpoint URL, defaults to https://api.dns-platform.jp/dpf/v1 IIJ_DPF_POLLING_INTERVAL Time between DNS propagation check, defaults to 5 second IIJ_DPF_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation, defaults to 660 second IIJ_DPF_TTL The TTL of the TXT record used for the DNS challenge, default to 300 The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/infoblox/", "title": "Infoblox", "tags": [], "description": "", "content": " Configuration for Infoblox.\nCode: infoblox Since: v4.4.0 Here is an example bash command using the Infoblox provider:\nINFOBLOX_USERNAME=api-user-529 \\ INFOBLOX_PASSWORD=b9841238feb177a84330febba8a83208921177bffe733 \\ INFOBLOX_HOST=infoblox.example.org lego --email you@example.com --dns infoblox --domains my.example.org run Credentials Environment Variable Name Description INFOBLOX_HOST Host URI INFOBLOX_PASSWORD Account Password INFOBLOX_USERNAME Account Username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description INFOBLOX_DNS_VIEW The view for the TXT records, default: External INFOBLOX_HTTP_TIMEOUT HTTP request timeout INFOBLOX_POLLING_INTERVAL Time between DNS propagation check INFOBLOX_PORT The port for the infoblox grid manager, default: 443 INFOBLOX_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation INFOBLOX_SSL_VERIFY Whether or not to verify the TLS certificate, default: true INFOBLOX_TTL The TTL of the TXT record used for the DNS challenge INFOBLOX_WAPI_VERSION The version of WAPI being used, default: 2.11 The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nWhen creating an API\u0026rsquo;s user ensure it has the proper permissions for the view you are working with.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/infomaniak/", "title": "Infomaniak", "tags": [], "description": "", "content": " Configuration for Infomaniak.\nCode: infomaniak Since: v4.1.0 Here is an example bash command using the Infomaniak provider:\nINFOMANIAK_ACCESS_TOKEN=1234567898765432 \\ lego --email you@example.com --dns infomaniak --domains my.example.org run Credentials Environment Variable Name Description INFOMANIAK_ACCESS_TOKEN Access token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description INFOMANIAK_ENDPOINT https://api.infomaniak.com INFOMANIAK_HTTP_TIMEOUT API request timeout INFOMANIAK_POLLING_INTERVAL Time between DNS propagation check INFOMANIAK_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation INFOMANIAK_TTL The TTL of the TXT record used for the DNS challenge in seconds The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAccess token Access token can be created at the url https://manager.infomaniak.com/v3/infomaniak-api. You will need domain scope.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/iij/", "title": "Internet Initiative Japan", "tags": [], "description": "", "content": " Configuration for Internet Initiative Japan.\nCode: iij Since: v1.1.0 Here is an example bash command using the Internet Initiative Japan provider:\nIIJ_API_ACCESS_KEY=xxxxxxxx \\ IIJ_API_SECRET_KEY=yyyyyy \\ IIJ_DO_SERVICE_CODE=zzzzzz \\ lego --email you@example.com --dns iij --domains my.example.org run Credentials Environment Variable Name Description IIJ_API_ACCESS_KEY API access key IIJ_API_SECRET_KEY API secret key IIJ_DO_SERVICE_CODE DO service code The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description IIJ_POLLING_INTERVAL Time between DNS propagation check IIJ_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation IIJ_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/internetbs/", "title": "Internet.bs", "tags": [], "description": "", "content": " Configuration for Internet.bs.\nCode: internetbs Since: v4.5.0 Here is an example bash command using the Internet.bs provider:\nINTERNET_BS_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxx \\ INTERNET_BS_PASSWORD=yyyyyyyyyyyyyyyyyyyyyyyyyy \\ lego --email you@example.com --dns internetbs --domains my.example.org run Credentials Environment Variable Name Description INTERNET_BS_API_KEY API key INTERNET_BS_PASSWORD API password The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description INTERNET_BS_HTTP_TIMEOUT API request timeout INTERNET_BS_POLLING_INTERVAL Time between DNS propagation check INTERNET_BS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation INTERNET_BS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/inwx/", "title": "INWX", "tags": [], "description": "", "content": " Configuration for INWX.\nCode: inwx Since: v2.0.0 Here is an example bash command using the INWX provider:\nINWX_USERNAME=xxxxxxxxxx \\ INWX_PASSWORD=yyyyyyyyyy \\ lego --email you@example.com --dns inwx --domains my.example.org run # 2FA INWX_USERNAME=xxxxxxxxxx \\ INWX_PASSWORD=yyyyyyyyyy \\ INWX_SHARED_SECRET=zzzzzzzzzz \\ lego --email you@example.com --dns inwx --domains my.example.org run Credentials Environment Variable Name Description INWX_PASSWORD Password INWX_USERNAME Username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description INWX_POLLING_INTERVAL Time between DNS propagation check INWX_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation (default 360s) INWX_SANDBOX Activate the sandbox (boolean) INWX_SHARED_SECRET shared secret related to 2FA INWX_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/ionos/", "title": "Ionos", "tags": [], "description": "", "content": " Configuration for Ionos.\nCode: ionos Since: v4.2.0 Here is an example bash command using the Ionos provider:\nIONOS_API_KEY=xxxxxxxx \\ lego --email you@example.com --dns ionos --domains my.example.org run Credentials Environment Variable Name Description IONOS_API_KEY API key \u0026lt;prefix\u0026gt;.\u0026lt;secret\u0026gt; https://developer.hosting.ionos.com/docs/getstarted The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description IONOS_HTTP_TIMEOUT API request timeout IONOS_POLLING_INTERVAL Time between DNS propagation check IONOS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation IONOS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/ipv64/", "title": "IPv64", "tags": [], "description": "", "content": " Configuration for IPv64.\nCode: ipv64 Since: v4.13.0 Here is an example bash command using the IPv64 provider:\nIPV64_API_KEY=xxxxxx \\ lego --email you@example.com --dns ipv64 --domains my.example.org run Credentials Environment Variable Name Description IPV64_API_KEY Account API Key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description IPV64_HTTP_TIMEOUT API request timeout IPV64_POLLING_INTERVAL Time between DNS propagation check IPV64_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation IPV64_SEQUENCE_INTERVAL Time between sequential requests IPV64_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/iwantmyname/", "title": "iwantmyname", "tags": [], "description": "", "content": " Configuration for iwantmyname.\nCode: iwantmyname Since: v4.7.0 Here is an example bash command using the iwantmyname provider:\nIWANTMYNAME_USERNAME=xxxxxxxx \\ IWANTMYNAME_PASSWORD=xxxxxxxx \\ lego --email you@example.com --dns iwantmyname --domains my.example.org run Credentials Environment Variable Name Description IWANTMYNAME_PASSWORD API password IWANTMYNAME_USERNAME API username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description IWANTMYNAME_HTTP_TIMEOUT API request timeout IWANTMYNAME_POLLING_INTERVAL Time between DNS propagation check IWANTMYNAME_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation IWANTMYNAME_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/joker/", "title": "Joker", "tags": [], "description": "", "content": " Configuration for Joker.\nCode: joker Since: v2.6.0 Here is an example bash command using the Joker provider:\n# SVC JOKER_API_MODE=SVC \\ JOKER_USERNAME=\u0026lt;your email\u0026gt; \\ JOKER_PASSWORD=\u0026lt;your password\u0026gt; \\ lego --email you@example.com --dns joker --domains my.example.org run # DMAPI JOKER_API_MODE=DMAPI \\ JOKER_USERNAME=\u0026lt;your email\u0026gt; \\ JOKER_PASSWORD=\u0026lt;your password\u0026gt; \\ lego --email you@example.com --dns joker --domains my.example.org run ## or JOKER_API_MODE=DMAPI \\ JOKER_API_KEY=\u0026lt;your API key\u0026gt; \\ lego --email you@example.com --dns joker --domains my.example.org run Credentials Environment Variable Name Description JOKER_API_KEY API key (only with DMAPI mode) JOKER_API_MODE \u0026lsquo;DMAPI\u0026rsquo; or \u0026lsquo;SVC\u0026rsquo;. DMAPI is for resellers accounts. (Default: DMAPI) JOKER_PASSWORD Joker.com password JOKER_USERNAME Joker.com username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description JOKER_HTTP_TIMEOUT API request timeout JOKER_POLLING_INTERVAL Time between DNS propagation check JOKER_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation JOKER_SEQUENCE_INTERVAL Time between sequential requests (only with \u0026lsquo;SVC\u0026rsquo; mode) JOKER_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nSVC mode In the SVC mode, username and passsword are not your email and account passwords, but those displayed in Joker.com domain dashboard when enabling Dynamic DNS.\nAs per Joker.com documentation:\nplease login at Joker.com, visit \u0026lsquo;My Domains\u0026rsquo;, find the domain you want to add Let\u0026rsquo;s Encrypt certificate for, and chose \u0026ldquo;DNS\u0026rdquo; in the menu\non the top right, you will find the setting for \u0026lsquo;Dynamic DNS\u0026rsquo;. If not already active, please activate it. It will not affect any other already existing DNS records of this domain.\nplease take a note of the credentials which are now shown as \u0026lsquo;Dynamic DNS Authentication\u0026rsquo;, consisting of a \u0026lsquo;username\u0026rsquo; and a \u0026lsquo;password\u0026rsquo;.\nthis is all you have to do here - and only once per domain.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/acme-dns/", "title": "Joohoi's ACME-DNS", "tags": [], "description": "", "content": " Configuration for Joohoi\u0026rsquo;s ACME-DNS.\nCode: acme-dns Since: v1.1.0 Here is an example bash command using the Joohoi\u0026rsquo;s ACME-DNS provider:\nACME_DNS_API_BASE=http://10.0.0.8:4443 \\ ACME_DNS_STORAGE_PATH=/root/.lego-acme-dns-accounts.json \\ lego --email you@example.com --dns acme-dns --domains my.example.org run Credentials Environment Variable Name Description ACME_DNS_API_BASE The ACME-DNS API address ACME_DNS_STORAGE_PATH The ACME-DNS JSON account data file. A per-domain account will be registered/persisted to this file and used for TXT updates. The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/liara/", "title": "Liara", "tags": [], "description": "", "content": " Configuration for Liara.\nCode: liara Since: v4.10.0 Here is an example bash command using the Liara provider:\nLIARA_API_KEY=\u0026#34;xxxxxxxxxxxxxxxxxxxxx\u0026#34; \\ lego --email myemail@example.com --dns liara --domains my.example.org run Credentials Environment Variable Name Description LIARA_API_KEY The API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description LIARA_HTTP_TIMEOUT API request timeout LIARA_POLLING_INTERVAL Time between DNS propagation check LIARA_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation LIARA_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/usage/library/", "title": "Library", "tags": [], "description": "", "content": "Lego can be use as a Go Library.\nGoDoc The GoDoc can be found here: Go Reference.\nUsage A valid, but bare-bones example use of the acme package:\npackage main import ( \u0026#34;crypto\u0026#34; \u0026#34;crypto/ecdsa\u0026#34; \u0026#34;crypto/elliptic\u0026#34; \u0026#34;crypto/rand\u0026#34; \u0026#34;fmt\u0026#34; \u0026#34;log\u0026#34; \u0026#34;github.com/go-acme/lego/v4/certcrypto\u0026#34; \u0026#34;github.com/go-acme/lego/v4/certificate\u0026#34; \u0026#34;github.com/go-acme/lego/v4/challenge/http01\u0026#34; \u0026#34;github.com/go-acme/lego/v4/challenge/tlsalpn01\u0026#34; \u0026#34;github.com/go-acme/lego/v4/lego\u0026#34; \u0026#34;github.com/go-acme/lego/v4/registration\u0026#34; ) // You\u0026#39;ll need a user or account type that implements acme.User type MyUser struct { Email string Registration *registration.Resource key crypto.PrivateKey } func (u *MyUser) GetEmail() string { return u.Email } func (u MyUser) GetRegistration() *registration.Resource { return u.Registration } func (u *MyUser) GetPrivateKey() crypto.PrivateKey { return u.key } func main() { // Create a user. New accounts need an email and private key to start. privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Fatal(err) } myUser := MyUser{ Email: \u0026#34;you@yours.com\u0026#34;, key: privateKey, } config := lego.NewConfig(\u0026amp;myUser) // This CA URL is configured for a local dev instance of Boulder running in Docker in a VM. config.CADirURL = \u0026#34;http://192.168.99.100:4000/directory\u0026#34; config.Certificate.KeyType = certcrypto.RSA2048 // A client facilitates communication with the CA server. client, err := lego.NewClient(config) if err != nil { log.Fatal(err) } // We specify an HTTP port of 5002 and an TLS port of 5001 on all interfaces // because we aren\u0026#39;t running as root and can\u0026#39;t bind a listener to port 80 and 443 // (used later when we attempt to pass challenges). Keep in mind that you still // need to proxy challenge traffic to port 5002 and 5001. err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer(\u0026#34;\u0026#34;, \u0026#34;5002\u0026#34;)) if err != nil { log.Fatal(err) } err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer(\u0026#34;\u0026#34;, \u0026#34;5001\u0026#34;)) if err != nil { log.Fatal(err) } // New users will need to register reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) if err != nil { log.Fatal(err) } myUser.Registration = reg request := certificate.ObtainRequest{ Domains: []string{\u0026#34;mydomain.com\u0026#34;}, Bundle: true, } certificates, err := client.Certificate.Obtain(request) if err != nil { log.Fatal(err) } // Each certificate comes back with the cert bytes, the bytes of the client\u0026#39;s // private key, and a certificate URL. SAVE THESE TO DISK. fmt.Printf(\u0026#34;%#v\\n\u0026#34;, certificates) // ... all done. } " }, { "uri": "https://go-acme.github.io/lego/dns/linode/", "title": "Linode (v4)", "tags": [], "description": "", "content": " Configuration for Linode (v4).\nCode: linode Since: v1.1.0 Here is an example bash command using the Linode (v4) provider:\nLINODE_TOKEN=xxxxx \\ lego --email you@example.com --dns linode --domains my.example.org run Credentials Environment Variable Name Description LINODE_TOKEN API token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description LINODE_HTTP_TIMEOUT API request timeout LINODE_POLLING_INTERVAL Time between DNS propagation check LINODE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation LINODE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/liquidweb/", "title": "Liquid Web", "tags": [], "description": "", "content": " Configuration for Liquid Web.\nCode: liquidweb Since: v3.1.0 Here is an example bash command using the Liquid Web provider:\nLIQUID_WEB_USERNAME=someuser \\ LIQUID_WEB_PASSWORD=somepass \\ LIQUID_WEB_ZONE=tacoman.com.net \\ lego --email you@example.com --dns liquidweb --domains my.example.org run Credentials Environment Variable Name Description LIQUID_WEB_PASSWORD Storm API Password LIQUID_WEB_USERNAME Storm API Username LIQUID_WEB_ZONE DNS Zone The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description LIQUID_WEB_HTTP_TIMEOUT Maximum waiting time for the DNS records to be created (not verified) LIQUID_WEB_POLLING_INTERVAL Time between DNS propagation check LIQUID_WEB_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation LIQUID_WEB_TTL The TTL of the TXT record used for the DNS challenge LIQUID_WEB_URL Storm API endpoint The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/loopia/", "title": "Loopia", "tags": [], "description": "", "content": " Configuration for Loopia.\nCode: loopia Since: v4.2.0 Here is an example bash command using the Loopia provider:\nLOOPIA_API_USER=xxxxxxxx \\ LOOPIA_API_PASSWORD=yyyyyyyy \\ lego --email my@email.com --dns loopia --domains my.domain.com run Credentials Environment Variable Name Description LOOPIA_API_PASSWORD API password LOOPIA_API_USER API username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description LOOPIA_API_URL API endpoint. Ex: https://api.loopia.se/RPCSERV or https://api.loopia.rs/RPCSERV LOOPIA_HTTP_TIMEOUT API request timeout LOOPIA_POLLING_INTERVAL Time between DNS propagation check LOOPIA_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation LOOPIA_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAPI user You can generate a new API user from your account page.\nIt needs to have the following permissions:\naddZoneRecord getZoneRecords removeZoneRecord removeSubdomain More information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/luadns/", "title": "LuaDNS", "tags": [], "description": "", "content": " Configuration for LuaDNS.\nCode: luadns Since: v3.7.0 Here is an example bash command using the LuaDNS provider:\nLUADNS_API_USERNAME=youremail \\ LUADNS_API_TOKEN=xxxxxxxx \\ lego --email you@example.com --dns luadns --domains my.example.org run Credentials Environment Variable Name Description LUADNS_API_TOKEN API token LUADNS_API_USERNAME Username (your email) The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description LUADNS_HTTP_TIMEOUT API request timeout LUADNS_POLLING_INTERVAL Time between DNS propagation check LUADNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation LUADNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/manual/", "title": "Manual", "tags": [], "description": "", "content": "Solving the DNS-01 challenge using CLI prompt.\nExample To start using the CLI prompt \u0026ldquo;provider\u0026rdquo;, start lego with --dns manual:\n$ lego --email \u0026#34;you@example.com\u0026#34; --domains=\u0026#34;example.com\u0026#34; --dns \u0026#34;manual\u0026#34; run What follows are a few log print outs, interspersed with some prompts, asking for you to do perform some actions:\nNo key found for account you@example.com. Generating a P256 key. Saved key to ./.lego/accounts/acme-v02.api.letsencrypt.org/you@example.com/keys/you@example.com.key Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf Do you accept the TOS? Y/n If you accept the linked Terms of Service, hit Enter.\n[INFO] acme: Registering account for you@example.com !!!! HEADS UP !!!! Your account credentials have been saved in your Let\u0026#39;s Encrypt configuration directory at \u0026#34;./.lego/accounts\u0026#34;. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained from Let\u0026#39;s Encrypt so making regular backups of this folder is ideal. [INFO] [example.com] acme: Obtaining bundled SAN certificate [INFO] [example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2345678901 [INFO] [example.com] acme: Could not find solver for: tls-alpn-01 [INFO] [example.com] acme: Could not find solver for: http-01 [INFO] [example.com] acme: use dns-01 solver [INFO] [example.com] acme: Preparing to solve DNS-01 lego: Please create the following TXT record in your example.com. zone: _acme-challenge.example.com. 120 IN TXT \u0026#34;hX0dPkG6Gfs9hUvBAchQclkyyoEKbShbpvJ9mY5q2JQ\u0026#34; lego: Press \u0026#39;Enter\u0026#39; when you are done Do as instructed, and create the TXT records, and hit Enter.\n[INFO] [example.com] acme: Trying to solve DNS-01 [INFO] [example.com] acme: Checking DNS record propagation using [192.168.8.1:53] [INFO] Wait for propagation [timeout: 1m0s, interval: 2s] [INFO] [example.com] acme: Waiting for DNS record propagation. [INFO] [example.com] The server validated our request [INFO] [example.com] acme: Cleaning DNS-01 challenge lego: You can now remove this TXT record from your example.com. zone: _acme-challenge.example.com. 120 IN TXT \u0026#34;hX0dPkG6Gfs9hUvBAchQclkyyoEKbShbpvJ9mY5q2JQ\u0026#34; [INFO] [example.com] acme: Validations succeeded; requesting certificates [INFO] [example.com] Server responded with a certificate. As mentioned, you can now remove the TXT record again.\n" }, { "uri": "https://go-acme.github.io/lego/dns/metaname/", "title": "Metaname", "tags": [], "description": "", "content": " Configuration for Metaname.\nCode: metaname Since: v4.13.0 Here is an example bash command using the Metaname provider:\nMETANAME_ACCOUNT_REFERENCE=xxxx \\ METANAME_API_KEY=yyyyyyy \\ lego --email you@example.com --dns metaname --domains my.example.org run Credentials Environment Variable Name Description METANAME_ACCOUNT_REFERENCE The four-digit reference of a Metaname account METANAME_API_KEY API Key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description METANAME_POLLING_INTERVAL Time between DNS propagation check METANAME_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation METANAME_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/mydnsjp/", "title": "MyDNS.jp", "tags": [], "description": "", "content": " Configuration for MyDNS.jp.\nCode: mydnsjp Since: v1.2.0 Here is an example bash command using the MyDNS.jp provider:\nMYDNSJP_MASTER_ID=xxxxx \\ MYDNSJP_PASSWORD=xxxxx \\ lego --email you@example.com --dns mydnsjp --domains my.example.org run Credentials Environment Variable Name Description MYDNSJP_MASTER_ID Master ID MYDNSJP_PASSWORD Password The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description MYDNSJP_HTTP_TIMEOUT API request timeout MYDNSJP_POLLING_INTERVAL Time between DNS propagation check MYDNSJP_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation MYDNSJP_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/mythicbeasts/", "title": "MythicBeasts", "tags": [], "description": "", "content": " Configuration for MythicBeasts.\nCode: mythicbeasts Since: v0.3.7 Here is an example bash command using the MythicBeasts provider:\nMYTHICBEASTS_USERNAME=myuser \\ MYTHICBEASTS_PASSWORD=mypass \\ lego --email you@example.com --dns mythicbeasts --domains my.example.org run Credentials Environment Variable Name Description MYTHICBEASTS_PASSWORD Password MYTHICBEASTS_USERNAME User name The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description MYTHICBEASTS_API_ENDPOINT The endpoint for the API (must implement v2) MYTHICBEASTS_AUTH_API_ENDPOINT The endpoint for Mythic Beasts\u0026rsquo; Authentication MYTHICBEASTS_HTTP_TIMEOUT API request timeout MYTHICBEASTS_POLLING_INTERVAL Time between DNS propagation check MYTHICBEASTS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation MYTHICBEASTS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nIf you are using specific API keys, then the username is the API ID for your API key, and the password is the API secret.\nYour API key name is not needed to operate lego.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/namedotcom/", "title": "Name.com", "tags": [], "description": "", "content": " Configuration for Name.com.\nCode: namedotcom Since: v0.5.0 Here is an example bash command using the Name.com provider:\nNAMECOM_USERNAME=foo.bar \\ NAMECOM_API_TOKEN=a379a6f6eeafb9a55e378c118034e2751e682fab \\ lego --email you@example.com --dns namedotcom --domains my.example.org run Credentials Environment Variable Name Description NAMECOM_API_TOKEN API token NAMECOM_USERNAME Username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NAMECOM_HTTP_TIMEOUT API request timeout NAMECOM_POLLING_INTERVAL Time between DNS propagation check NAMECOM_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation NAMECOM_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/namecheap/", "title": "Namecheap", "tags": [], "description": "", "content": " Configuration for Namecheap.\nTo enable API access on the Namecheap production environment, some opaque requirements must be met. More information in the section Enabling API Access of the Namecheap documentation. (2020-08: Account balance of $50+, 20+ domains in your account, or purchases totaling $50+ within the last 2 years.)\nCode: namecheap Since: v0.3.0 Here is an example bash command using the Namecheap provider:\nNAMECHEAP_API_USER=user \\ NAMECHEAP_API_KEY=key \\ lego --email you@example.com --dns namecheap --domains my.example.org run Credentials Environment Variable Name Description NAMECHEAP_API_KEY API key NAMECHEAP_API_USER API user The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NAMECHEAP_HTTP_TIMEOUT API request timeout NAMECHEAP_POLLING_INTERVAL Time between DNS propagation check NAMECHEAP_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation NAMECHEAP_SANDBOX Activate the sandbox (boolean) NAMECHEAP_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/namesilo/", "title": "Namesilo", "tags": [], "description": "", "content": " Configuration for Namesilo.\nCode: namesilo Since: v2.7.0 Here is an example bash command using the Namesilo provider:\nNAMESILO_API_KEY=b9841238feb177a84330febba8a83208921177bffe733 \\ lego --email you@example.com --dns namesilo --domains my.example.org run Credentials Environment Variable Name Description NAMESILO_API_KEY Client ID The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NAMESILO_POLLING_INTERVAL Time between DNS propagation check NAMESILO_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation, it is better to set larger than 15m NAMESILO_TTL The TTL of the TXT record used for the DNS challenge, should be in [3600, 2592000] The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/nearlyfreespeech/", "title": "NearlyFreeSpeech.NET", "tags": [], "description": "", "content": " Configuration for NearlyFreeSpeech.NET.\nCode: nearlyfreespeech Since: v4.8.0 Here is an example bash command using the NearlyFreeSpeech.NET provider:\nNEARLYFREESPEECH_API_KEY=xxxxxx \\ NEARLYFREESPEECH_LOGIN=xxxx \\ lego --email you@example.com --dns nearlyfreespeech --domains my.example.org run Credentials Environment Variable Name Description NEARLYFREESPEECH_API_KEY API Key for API requests NEARLYFREESPEECH_LOGIN Username for API requests The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NEARLYFREESPEECH_HTTP_TIMEOUT API request timeout NEARLYFREESPEECH_POLLING_INTERVAL Time between DNS propagation check NEARLYFREESPEECH_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation NEARLYFREESPEECH_SEQUENCE_INTERVAL Time between sequential requests NEARLYFREESPEECH_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/netcup/", "title": "Netcup", "tags": [], "description": "", "content": " Configuration for Netcup.\nCode: netcup Since: v1.1.0 Here is an example bash command using the Netcup provider:\nNETCUP_CUSTOMER_NUMBER=xxxx \\ NETCUP_API_KEY=yyyy \\ NETCUP_API_PASSWORD=zzzz \\ lego --email you@example.com --dns netcup --domains my.example.org run Credentials Environment Variable Name Description NETCUP_API_KEY API key NETCUP_API_PASSWORD API password NETCUP_CUSTOMER_NUMBER Customer number The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NETCUP_HTTP_TIMEOUT API request timeout NETCUP_POLLING_INTERVAL Time between DNS propagation check NETCUP_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation NETCUP_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/netlify/", "title": "Netlify", "tags": [], "description": "", "content": " Configuration for Netlify.\nCode: netlify Since: v3.7.0 Here is an example bash command using the Netlify provider:\nNETLIFY_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \\ lego --email you@example.com --dns netlify --domains my.example.org run Credentials Environment Variable Name Description NETLIFY_TOKEN Token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NETLIFY_HTTP_TIMEOUT API request timeout NETLIFY_POLLING_INTERVAL Time between DNS propagation check NETLIFY_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation NETLIFY_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/nicmanager/", "title": "Nicmanager", "tags": [], "description": "", "content": " Configuration for Nicmanager.\nCode: nicmanager Since: v4.5.0 Here is an example bash command using the Nicmanager provider:\n## Login using email NICMANAGER_API_EMAIL = \u0026#34;you@example.com\u0026#34; \\ NICMANAGER_API_PASSWORD = \u0026#34;password\u0026#34; \\ # Optionally, if your account has TOTP enabled, set the secret here NICMANAGER_API_OTP = \u0026#34;long-secret\u0026#34; \\ lego --email you@example.com --dns nicmanager --domains my.example.org run ## Login using account name + username NICMANAGER_API_LOGIN = \u0026#34;myaccount\u0026#34; \\ NICMANAGER_API_USERNAME = \u0026#34;myuser\u0026#34; \\ NICMANAGER_API_PASSWORD = \u0026#34;password\u0026#34; \\ # Optionally, if your account has TOTP enabled, set the secret here NICMANAGER_API_OTP = \u0026#34;long-secret\u0026#34; \\ lego --email you@example.com --dns nicmanager --domains my.example.org run Credentials Environment Variable Name Description NICMANAGER_API_EMAIL Email-based login NICMANAGER_API_LOGIN Login, used for Username-based login NICMANAGER_API_PASSWORD Password, always required NICMANAGER_API_USERNAME Username, used for Username-based login The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NICMANAGER_API_MODE mode: \u0026lsquo;anycast\u0026rsquo; or \u0026lsquo;zone\u0026rsquo; (default: \u0026lsquo;anycast\u0026rsquo;) NICMANAGER_API_OTP TOTP Secret (optional) NICMANAGER_HTTP_TIMEOUT API request timeout NICMANAGER_POLLING_INTERVAL Time between DNS propagation check NICMANAGER_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation NICMANAGER_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nDescription You can login using your account name + username or using your email address. Optionally if TOTP is configured for your account, set NICMANAGER_API_OTP.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/nifcloud/", "title": "NIFCloud", "tags": [], "description": "", "content": " Configuration for NIFCloud.\nCode: nifcloud Since: v1.1.0 Here is an example bash command using the NIFCloud provider:\nNIFCLOUD_ACCESS_KEY_ID=xxxx \\ NIFCLOUD_SECRET_ACCESS_KEY=yyyy \\ lego --email you@example.com --dns nifcloud --domains my.example.org run Credentials Environment Variable Name Description NIFCLOUD_ACCESS_KEY_ID Access key NIFCLOUD_SECRET_ACCESS_KEY Secret access key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NIFCLOUD_HTTP_TIMEOUT API request timeout NIFCLOUD_POLLING_INTERVAL Time between DNS propagation check NIFCLOUD_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation NIFCLOUD_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/njalla/", "title": "Njalla", "tags": [], "description": "", "content": " Configuration for Njalla.\nCode: njalla Since: v4.3.0 Here is an example bash command using the Njalla provider:\nNJALLA_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxx \\ lego --email you@example.com --dns njalla --domains my.example.org run Credentials Environment Variable Name Description NJALLA_TOKEN API token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NJALLA_HTTP_TIMEOUT API request timeout NJALLA_POLLING_INTERVAL Time between DNS propagation check NJALLA_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation NJALLA_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/nodion/", "title": "Nodion", "tags": [], "description": "", "content": " Configuration for Nodion.\nCode: nodion Since: v4.11.0 Here is an example bash command using the Nodion provider:\nNODION_API_TOKEN=\u0026#34;xxxxxxxxxxxxxxxxxxxxx\u0026#34; \\ lego --email myemail@example.com --dns nodion --domains my.example.org run Credentials Environment Variable Name Description NODION_API_TOKEN The API token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NODION_HTTP_TIMEOUT API request timeout NODION_POLLING_INTERVAL Time between DNS propagation check NODION_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation NODION_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/ns1/", "title": "NS1", "tags": [], "description": "", "content": " Configuration for NS1.\nCode: ns1 Since: v0.4.0 Here is an example bash command using the NS1 provider:\nNS1_API_KEY=xxxx \\ lego --email you@example.com --dns ns1 --domains my.example.org run Credentials Environment Variable Name Description NS1_API_KEY API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description NS1_HTTP_TIMEOUT API request timeout NS1_POLLING_INTERVAL Time between DNS propagation check NS1_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation NS1_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/otc/", "title": "Open Telekom Cloud", "tags": [], "description": "", "content": " Configuration for Open Telekom Cloud.\nCode: otc Since: v0.4.1 Please contribute by adding a CLI example.\nCredentials Environment Variable Name Description OTC_DOMAIN_NAME Domain name OTC_IDENTITY_ENDPOINT Identity endpoint URL OTC_PASSWORD Password OTC_PROJECT_NAME Project name OTC_USER_NAME User name The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description OTC_HTTP_TIMEOUT API request timeout OTC_POLLING_INTERVAL Time between DNS propagation check OTC_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation OTC_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/oraclecloud/", "title": "Oracle Cloud", "tags": [], "description": "", "content": " Configuration for Oracle Cloud.\nCode: oraclecloud Since: v2.3.0 Here is an example bash command using the Oracle Cloud provider:\nOCI_PRIVKEY_FILE=\u0026#34;~/.oci/oci_api_key.pem\u0026#34; \\ OCI_PRIVKEY_PASS=\u0026#34;secret\u0026#34; \\ OCI_TENANCY_OCID=\u0026#34;ocid1.tenancy.oc1..secret\u0026#34; \\ OCI_USER_OCID=\u0026#34;ocid1.user.oc1..secret\u0026#34; \\ OCI_PUBKEY_FINGERPRINT=\u0026#34;00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00\u0026#34; \\ OCI_REGION=\u0026#34;us-phoenix-1\u0026#34; \\ OCI_COMPARTMENT_OCID=\u0026#34;ocid1.tenancy.oc1..secret\u0026#34; \\ lego --email you@example.com --dns oraclecloud --domains my.example.org run Credentials Environment Variable Name Description OCI_COMPARTMENT_OCID Compartment OCID OCI_PRIVKEY_FILE Private key file OCI_PRIVKEY_PASS Private key password OCI_PUBKEY_FINGERPRINT Public key fingerprint OCI_REGION Region OCI_TENANCY_OCID Tenancy OCID OCI_USER_OCID User OCID The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description OCI_POLLING_INTERVAL Time between DNS propagation check OCI_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation OCI_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/ovh/", "title": "OVH", "tags": [], "description": "", "content": " Configuration for OVH.\nCode: ovh Since: v0.4.0 Here is an example bash command using the OVH provider:\nOVH_APPLICATION_KEY=1234567898765432 \\ OVH_APPLICATION_SECRET=b9841238feb177a84330febba8a832089 \\ OVH_CONSUMER_KEY=256vfsd347245sdfg \\ OVH_ENDPOINT=ovh-eu \\ lego --email you@example.com --dns ovh --domains my.example.org run Credentials Environment Variable Name Description OVH_APPLICATION_KEY Application key OVH_APPLICATION_SECRET Application secret OVH_CONSUMER_KEY Consumer key OVH_ENDPOINT Endpoint URL (ovh-eu or ovh-ca) The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description OVH_HTTP_TIMEOUT API request timeout OVH_POLLING_INTERVAL Time between DNS propagation check OVH_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation OVH_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nApplication Key and Secret Application key and secret can be created by following the OVH guide.\nWhen requesting the consumer key, the following configuration can be use to define access rights:\n{ \u0026#34;accessRules\u0026#34;: [ { \u0026#34;method\u0026#34;: \u0026#34;POST\u0026#34;, \u0026#34;path\u0026#34;: \u0026#34;/domain/zone/*\u0026#34; }, { \u0026#34;method\u0026#34;: \u0026#34;DELETE\u0026#34;, \u0026#34;path\u0026#34;: \u0026#34;/domain/zone/*\u0026#34; } ] } More information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/plesk/", "title": "plesk.com", "tags": [], "description": "", "content": " Configuration for plesk.com.\nCode: plesk Since: v4.11.0 Here is an example bash command using the plesk.com provider:\nPLESK_SERVER_BASE_URL=\u0026#34;https://plesk.myserver.com:8443\u0026#34; \\ PLESK_USERNAME=xxxxxx \\ PLESK_PASSWORD=yyyyyy \\ lego --email you@example.com --dns plesk --domains my.example.org run Credentials Environment Variable Name Description PLESK_PASSWORD API password PLESK_SERVER_BASE_URL Base URL of the server (ex: https://plesk.myserver.com:8443) PLESK_USERNAME API username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description PLESK_HTTP_TIMEOUT API request timeout PLESK_POLLING_INTERVAL Time between DNS propagation check PLESK_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation PLESK_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/porkbun/", "title": "Porkbun", "tags": [], "description": "", "content": " Configuration for Porkbun.\nCode: porkbun Since: v4.4.0 Here is an example bash command using the Porkbun provider:\nPORKBUN_SECRET_API_KEY=xxxxxx \\ PORKBUN_API_KEY=yyyyyy \\ lego --email you@example.com --dns porkbun --domains my.example.org run Credentials Environment Variable Name Description PORKBUN_API_KEY API key PORKBUN_SECRET_API_KEY secret API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description PORKBUN_HTTP_TIMEOUT API request timeout PORKBUN_POLLING_INTERVAL Time between DNS propagation check PORKBUN_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation PORKBUN_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/pdns/", "title": "PowerDNS", "tags": [], "description": "", "content": " Configuration for PowerDNS.\nCode: pdns Since: v0.4.0 Here is an example bash command using the PowerDNS provider:\nPDNS_API_URL=http://pdns-server:80/ \\ PDNS_API_KEY=xxxx \\ lego --email you@example.com --dns pdns --domains my.example.org run Credentials Environment Variable Name Description PDNS_API_KEY API key PDNS_API_URL API URL The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description PDNS_HTTP_TIMEOUT API request timeout PDNS_POLLING_INTERVAL Time between DNS propagation check PDNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation PDNS_SERVER_NAME Name of the server in the URL, \u0026rsquo;localhost\u0026rsquo; by default PDNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nInformation Tested and confirmed to work with PowerDNS authoritative server 3.4.8 and 4.0.1. Refer to PowerDNS documentation instructions on how to enable the built-in API interface.\nPowerDNS Notes:\nPowerDNS API does not currently support SSL, therefore you should take care to ensure that traffic between lego and the PowerDNS API is over a trusted network, VPN etc. In order to have the SOA serial automatically increment each time the _acme-challenge record is added/modified via the API, set SOA-EDIT-API to INCEPTION-INCREMENT for the zone in the domainmetadata table More information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/rackspace/", "title": "Rackspace", "tags": [], "description": "", "content": " Configuration for Rackspace.\nCode: rackspace Since: v0.4.0 Here is an example bash command using the Rackspace provider:\nRACKSPACE_USER=xxxx \\ RACKSPACE_API_KEY=yyyy \\ lego --email you@example.com --dns rackspace --domains my.example.org run Credentials Environment Variable Name Description RACKSPACE_API_KEY API key RACKSPACE_USER API user The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description RACKSPACE_HTTP_TIMEOUT API request timeout RACKSPACE_POLLING_INTERVAL Time between DNS propagation check RACKSPACE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation RACKSPACE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/rcodezero/", "title": "RcodeZero", "tags": [], "description": "", "content": " Configuration for RcodeZero.\nCode: rcodezero Since: v4.13 Here is an example bash command using the RcodeZero provider:\nRCODEZERO_API_TOKEN=\u0026lt;mytoken\u0026gt; \\ lego --email you@example.com --dns rcodezero --domains my.example.org run Credentials Environment Variable Name Description RCODEZERO_API_TOKEN API token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description RCODEZERO_HTTP_TIMEOUT API request timeout RCODEZERO_POLLING_INTERVAL Time between DNS propagation check RCODEZERO_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation RCODEZERO_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nDescription Generate your API Token via https://my.rcodezero.at with the ACME permissions. This are special tokens with limited access for ACME requests only.\nRcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/regru/", "title": "reg.ru", "tags": [], "description": "", "content": " Configuration for reg.ru.\nCode: regru Since: v3.5.0 Here is an example bash command using the reg.ru provider:\nREGRU_USERNAME=xxxxxx \\ REGRU_PASSWORD=yyyyyy \\ lego --email you@example.com --dns regru --domains my.example.org run Credentials Environment Variable Name Description REGRU_PASSWORD API password REGRU_USERNAME API username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description REGRU_HTTP_TIMEOUT API request timeout REGRU_POLLING_INTERVAL Time between DNS propagation check REGRU_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation REGRU_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/rfc2136/", "title": "RFC2136", "tags": [], "description": "", "content": " Configuration for RFC2136.\nCode: rfc2136 Since: v0.3.0 Here is an example bash command using the RFC2136 provider:\nRFC2136_NAMESERVER=127.0.0.1 \\ RFC2136_TSIG_KEY=lego \\ RFC2136_TSIG_ALGORITHM=hmac-sha256. \\ RFC2136_TSIG_SECRET=YWJjZGVmZGdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU= \\ lego --email you@example.com --dns rfc2136 --domains my.example.org run ## --- keyname=lego; keyfile=lego.key; tsig-keygen $keyname \u0026gt; $keyfile RFC2136_NAMESERVER=127.0.0.1 \\ RFC2136_TSIG_KEY=\u0026#34;$keyname\u0026#34; \\ RFC2136_TSIG_ALGORITHM=\u0026#34;$( awk -F\u0026#39;[ \u0026#34;;]\u0026#39; \u0026#39;/algorithm/ { print $2 }\u0026#39; $keyfile ).\u0026#34; \\ RFC2136_TSIG_SECRET=\u0026#34;$( awk -F\u0026#39;[ \u0026#34;;]\u0026#39; \u0026#39;/secret/ { print $3 }\u0026#39; $keyfile )\u0026#34; \\ lego --email you@example.com --dns rfc2136 --domains my.example.org run Credentials Environment Variable Name Description RFC2136_NAMESERVER Network address in the form \u0026ldquo;host\u0026rdquo; or \u0026ldquo;host:port\u0026rdquo; RFC2136_TSIG_ALGORITHM TSIG algorithm. See miekg/dns#tsig.go for supported values. To disable TSIG authentication, leave the RFC2136_TSIG* variables unset. RFC2136_TSIG_KEY Name of the secret key as defined in DNS server configuration. To disable TSIG authentication, leave the RFC2136_TSIG* variables unset. RFC2136_TSIG_SECRET Secret key payload. To disable TSIG authentication, leave the RFC2136_TSIG* variables unset. The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description RFC2136_DNS_TIMEOUT API request timeout RFC2136_POLLING_INTERVAL Time between DNS propagation check RFC2136_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation RFC2136_SEQUENCE_INTERVAL Time between sequential requests RFC2136_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/rimuhosting/", "title": "RimuHosting", "tags": [], "description": "", "content": " Configuration for RimuHosting.\nCode: rimuhosting Since: v0.3.5 Here is an example bash command using the RimuHosting provider:\nRIMUHOSTING_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \\ lego --email you@example.com --dns rimuhosting --domains my.example.org run Credentials Environment Variable Name Description RIMUHOSTING_API_KEY User API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description RIMUHOSTING_HTTP_TIMEOUT API request timeout RIMUHOSTING_POLLING_INTERVAL Time between DNS propagation check RIMUHOSTING_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation RIMUHOSTING_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/sakuracloud/", "title": "Sakura Cloud", "tags": [], "description": "", "content": " Configuration for Sakura Cloud.\nCode: sakuracloud Since: v1.1.0 Here is an example bash command using the Sakura Cloud provider:\nSAKURACLOUD_ACCESS_TOKEN=xxxxx \\ SAKURACLOUD_ACCESS_TOKEN_SECRET=yyyyy \\ lego --email you@example.com --dns sakuracloud --domains my.example.org run Credentials Environment Variable Name Description SAKURACLOUD_ACCESS_TOKEN Access token SAKURACLOUD_ACCESS_TOKEN_SECRET Access token secret The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description SAKURACLOUD_HTTP_TIMEOUT API request timeout SAKURACLOUD_POLLING_INTERVAL Time between DNS propagation check SAKURACLOUD_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation SAKURACLOUD_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/scaleway/", "title": "Scaleway", "tags": [], "description": "", "content": " Configuration for Scaleway.\nCode: scaleway Since: v3.4.0 Here is an example bash command using the Scaleway provider:\nSCALEWAY_API_TOKEN=xxxxxxx-xxxxx-xxxx-xxx-xxxxxx \\ lego --email you@example.com --dns scaleway --domains my.example.org run Credentials Environment Variable Name Description SCALEWAY_API_TOKEN API token SCALEWAY_PROJECT_ID Project to use (optional) The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description SCALEWAY_POLLING_INTERVAL Time between DNS propagation check SCALEWAY_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation SCALEWAY_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/selectel/", "title": "Selectel", "tags": [], "description": "", "content": " Configuration for Selectel.\nCode: selectel Since: v1.2.0 Here is an example bash command using the Selectel provider:\nSELECTEL_API_TOKEN=xxxxx \\ lego --email you@example.com --dns selectel --domains my.example.org run Credentials Environment Variable Name Description SELECTEL_API_TOKEN API token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description SELECTEL_BASE_URL API endpoint URL SELECTEL_HTTP_TIMEOUT API request timeout SELECTEL_POLLING_INTERVAL Time between DNS propagation check SELECTEL_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation SELECTEL_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/servercow/", "title": "Servercow", "tags": [], "description": "", "content": " Configuration for Servercow.\nCode: servercow Since: v3.4.0 Here is an example bash command using the Servercow provider:\nSERVERCOW_USERNAME=xxxxxxxx \\ SERVERCOW_PASSWORD=xxxxxxxx \\ lego --email you@example.com --dns servercow --domains my.example.org run Credentials Environment Variable Name Description SERVERCOW_PASSWORD API password SERVERCOW_USERNAME API username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description SERVERCOW_HTTP_TIMEOUT API request timeout SERVERCOW_POLLING_INTERVAL Time between DNS propagation check SERVERCOW_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation SERVERCOW_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/simply/", "title": "Simply.com", "tags": [], "description": "", "content": " Configuration for Simply.com.\nCode: simply Since: v4.4.0 Here is an example bash command using the Simply.com provider:\nSIMPLY_ACCOUNT_NAME=xxxxxx \\ SIMPLY_API_KEY=yyyyyy \\ lego --email you@example.com --dns simply --domains my.example.org run Credentials Environment Variable Name Description SIMPLY_ACCOUNT_NAME Account name SIMPLY_API_KEY API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description SIMPLY_HTTP_TIMEOUT API request timeout SIMPLY_POLLING_INTERVAL Time between DNS propagation check SIMPLY_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation SIMPLY_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/sonic/", "title": "Sonic", "tags": [], "description": "", "content": " Configuration for Sonic.\nCode: sonic Since: v4.4.0 Here is an example bash command using the Sonic provider:\nSONIC_USER_ID=12345 \\ SONIC_API_KEY=4d6fbf2f9ab0fa11697470918d37625851fc0c51 \\ lego --email you@example.com --dns sonic --domains my.example.org run Credentials Environment Variable Name Description SONIC_API_KEY API Key SONIC_USER_ID User ID The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description SONIC_HTTP_TIMEOUT API request timeout SONIC_POLLING_INTERVAL Time between DNS propagation check SONIC_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation SONIC_SEQUENCE_INTERVAL Time between sequential requests SONIC_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAPI keys The API keys must be generated by calling the dyndns/api_key endpoint.\nExample:\n$ curl -X POST -H \u0026#34;Content-Type: application/json\u0026#34; --data \u0026#39;{\u0026#34;username\u0026#34;:\u0026#34;notarealuser\u0026#34;,\u0026#34;password\u0026#34;:\u0026#34;notarealpassword\u0026#34;,\u0026#34;hostname\u0026#34;:\u0026#34;example.com\u0026#34;}\u0026#39; https://public-api.sonic.net/dyndns/api_key {\u0026#34;userid\u0026#34;:\u0026#34;12345\u0026#34;,\u0026#34;apikey\u0026#34;:\u0026#34;4d6fbf2f9ab0fa11697470918d37625851fc0c51\u0026#34;,\u0026#34;result\u0026#34;:200,\u0026#34;message\u0026#34;:\u0026#34;OK\u0026#34;} See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional details.\nThis userid and apikey combo allow modifications to any DNS entries connected to the managed domain (hostname).\nHostname should be the toplevel domain managed e.g example.com not www.example.com.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/stackpath/", "title": "Stackpath", "tags": [], "description": "", "content": " Configuration for Stackpath.\nCode: stackpath Since: v1.1.0 Here is an example bash command using the Stackpath provider:\nSTACKPATH_CLIENT_ID=xxxxx \\ STACKPATH_CLIENT_SECRET=yyyyy \\ STACKPATH_STACK_ID=zzzzz \\ lego --email you@example.com --dns stackpath --domains my.example.org run Credentials Environment Variable Name Description STACKPATH_CLIENT_ID Client ID STACKPATH_CLIENT_SECRET Client secret STACKPATH_STACK_ID Stack ID The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description STACKPATH_POLLING_INTERVAL Time between DNS propagation check STACKPATH_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation STACKPATH_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/tencentcloud/", "title": "Tencent Cloud DNS", "tags": [], "description": "", "content": " Configuration for Tencent Cloud DNS.\nCode: tencentcloud Since: v4.6.0 Here is an example bash command using the Tencent Cloud DNS provider:\nTENCENTCLOUD_SECRET_ID=abcdefghijklmnopqrstuvwx \\ TENCENTCLOUD_SECRET_KEY=your-secret-key \\ lego --email you@example.com --dns tencentcloud --domains my.example.org run Credentials Environment Variable Name Description TENCENTCLOUD_SECRET_ID Access key ID TENCENTCLOUD_SECRET_KEY Access Key secret The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description TENCENTCLOUD_HTTP_TIMEOUT API request timeout TENCENTCLOUD_POLLING_INTERVAL Time between DNS propagation check TENCENTCLOUD_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation TENCENTCLOUD_REGION Region TENCENTCLOUD_SESSION_TOKEN Access Key token TENCENTCLOUD_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/transip/", "title": "TransIP", "tags": [], "description": "", "content": " Configuration for TransIP.\nCode: transip Since: v2.0.0 Here is an example bash command using the TransIP provider:\nTRANSIP_ACCOUNT_NAME = \u0026#34;Account name\u0026#34; \\ TRANSIP_PRIVATE_KEY_PATH = \u0026#34;transip.key\u0026#34; \\ lego --email you@example.com --dns transip --domains my.example.org run Credentials Environment Variable Name Description TRANSIP_ACCOUNT_NAME Account name TRANSIP_PRIVATE_KEY_PATH Private key path The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description TRANSIP_POLLING_INTERVAL Time between DNS propagation check TRANSIP_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation TRANSIP_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/safedns/", "title": "UKFast SafeDNS", "tags": [], "description": "", "content": " Configuration for UKFast SafeDNS.\nCode: safedns Since: v4.6.0 Here is an example bash command using the UKFast SafeDNS provider:\nSAFEDNS_AUTH_TOKEN=xxxxxx \\ lego --email you@example.com --dns safedns --domains my.example.org run Credentials Environment Variable Name Description SAFEDNS_AUTH_TOKEN Authentication token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description SAFEDNS_HTTP_TIMEOUT API request timeout SAFEDNS_POLLING_INTERVAL Time between DNS propagation check SAFEDNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation SAFEDNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/ultradns/", "title": "Ultradns", "tags": [], "description": "", "content": " Configuration for Ultradns.\nCode: ultradns Since: v4.10.0 Here is an example bash command using the Ultradns provider:\nULTRADNS_USERNAME=username \\ ULTRADNS_PASSWORD=password \\ lego --email you@example.com --dns ultradns --domains my.example.org run Credentials Environment Variable Name Description ULTRADNS_PASSWORD API Password ULTRADNS_USERNAME API Username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description ULTRADNS_ENDPOINT API endpoint URL, defaults to https://api.ultradns.com/ ULTRADNS_POLLING_INTERVAL Time between DNS propagation check ULTRADNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation ULTRADNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/variomedia/", "title": "Variomedia", "tags": [], "description": "", "content": " Configuration for Variomedia.\nCode: variomedia Since: v4.8.0 Here is an example bash command using the Variomedia provider:\nVARIOMEDIA_API_TOKEN=xxxx \\ lego --email you@example.com --dns variomedia --domains my.example.org run Credentials Environment Variable Name Description VARIOMEDIA_API_TOKEN API token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description DODE_SEQUENCE_INTERVAL Time between sequential requests VARIOMEDIA_HTTP_TIMEOUT API request timeout VARIOMEDIA_POLLING_INTERVAL Time between DNS propagation check VARIOMEDIA_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation VARIOMEDIA_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/vegadns/", "title": "VegaDNS", "tags": [], "description": "", "content": " Configuration for VegaDNS.\nCode: vegadns Since: v1.1.0 Please contribute by adding a CLI example.\nCredentials Environment Variable Name Description SECRET_VEGADNS_KEY API key SECRET_VEGADNS_SECRET API secret VEGADNS_URL API endpoint URL The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description VEGADNS_POLLING_INTERVAL Time between DNS propagation check VEGADNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation VEGADNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/vercel/", "title": "Vercel", "tags": [], "description": "", "content": " Configuration for Vercel.\nCode: vercel Since: v4.7.0 Here is an example bash command using the Vercel provider:\nVERCEL_API_TOKEN=xxxxxx \\ lego --email you@example.com --dns vercel --domains my.example.org run Credentials Environment Variable Name Description VERCEL_API_TOKEN Authentication token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description VERCEL_HTTP_TIMEOUT API request timeout VERCEL_POLLING_INTERVAL Time between DNS propagation check VERCEL_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation VERCEL_TEAM_ID Team ID (ex: team_xxxxxxxxxxxxxxxxxxxxxxxx) VERCEL_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/versio/", "title": "Versio.[nl|eu|uk]", "tags": [], "description": "", "content": " Configuration for Versio.[nl|eu|uk].\nCode: versio Since: v2.7.0 Here is an example bash command using the Versio.[nl|eu|uk] provider:\nVERSIO_USERNAME=\u0026lt;your login\u0026gt; \\ VERSIO_PASSWORD=\u0026lt;your password\u0026gt; \\ lego --email you@example.com --dns versio --domains my.example.org run Credentials Environment Variable Name Description VERSIO_PASSWORD Basic authentication password VERSIO_USERNAME Basic authentication username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description VERSIO_ENDPOINT The endpoint URL of the API Server VERSIO_HTTP_TIMEOUT API request timeout VERSIO_POLLING_INTERVAL Time between DNS propagation check VERSIO_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation VERSIO_SEQUENCE_INTERVAL Time between sequential requests, default 60s VERSIO_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nTo test with the sandbox environment set VERSIO_ENDPOINT=https://www.versio.nl/testapi/v1/\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/vinyldns/", "title": "VinylDNS", "tags": [], "description": "", "content": " Configuration for VinylDNS.\nCode: vinyldns Since: v4.4.0 Here is an example bash command using the VinylDNS provider:\nVINYLDNS_ACCESS_KEY=xxxxxx \\ VINYLDNS_SECRET_KEY=yyyyy \\ VINYLDNS_HOST=https://api.vinyldns.example.org:9443 \\ lego --email you@example.com --dns vinyldns --domains my.example.org run Credentials Environment Variable Name Description VINYLDNS_ACCESS_KEY The VinylDNS API key VINYLDNS_HOST The VinylDNS API URL VINYLDNS_SECRET_KEY The VinylDNS API Secret key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description VINYLDNS_POLLING_INTERVAL Time between DNS propagation check VINYLDNS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation VINYLDNS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nThe vinyldns integration makes use of dotted hostnames to ease permission management. Users are required to have DELETE ACL level or zone admin permissions on the VinylDNS zone containing the target host.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/vkcloud/", "title": "VK Cloud", "tags": [], "description": "", "content": " Configuration for VK Cloud.\nCode: vkcloud Since: v4.9.0 Here is an example bash command using the VK Cloud provider:\nVK_CLOUD_PROJECT_ID=\u0026#34;\u0026lt;your_project_id\u0026gt;\u0026#34; \\ VK_CLOUD_USERNAME=\u0026#34;\u0026lt;your_email\u0026gt;\u0026#34; \\ VK_CLOUD_PASSWORD=\u0026#34;\u0026lt;your_password\u0026gt;\u0026#34; \\ lego --email you@example.com --dns vkcloud --domains \u0026#34;example.org\u0026#34; --domains \u0026#34;*.example.org\u0026#34; run Credentials Environment Variable Name Description VK_CLOUD_PASSWORD Password for VK Cloud account VK_CLOUD_PROJECT_ID String ID of project in VK Cloud VK_CLOUD_USERNAME Email of VK Cloud account The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description VK_CLOUD_DNS_ENDPOINT URL of DNS API. Defaults to https://mcs.mail.ru/public-dns but can be changed for usage with private clouds VK_CLOUD_DOMAIN_NAME Openstack users domain name. Defaults to users but can be changed for usage with private clouds VK_CLOUD_IDENTITY_ENDPOINT URL of OpenStack Auth API, Defaults to https://infra.mail.ru:35357/v3/ but can be changed for usage with private clouds VK_CLOUD_POLLING_INTERVAL Time between DNS propagation check VK_CLOUD_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation VK_CLOUD_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nCredential inforamtion You can find all required and additional information on \u0026ldquo;Project/Keys\u0026rdquo; page of your cloud.\nENV Variable Parameter from page VK_CLOUD_PROJECT_ID Project ID VK_CLOUD_USERNAME Username VK_CLOUD_DOMAIN_NAME User Domain Name VK_CLOUD_IDENTITY_ENDPOINT Identity endpoint More information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/vscale/", "title": "Vscale", "tags": [], "description": "", "content": " Configuration for Vscale.\nCode: vscale Since: v2.0.0 Here is an example bash command using the Vscale provider:\nVSCALE_API_TOKEN=xxxxx \\ lego --email you@example.com --dns vscale --domains my.example.org run Credentials Environment Variable Name Description VSCALE_API_TOKEN API token The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description VSCALE_BASE_URL API endpoint URL VSCALE_HTTP_TIMEOUT API request timeout VSCALE_POLLING_INTERVAL Time between DNS propagation check VSCALE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation VSCALE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/vultr/", "title": "Vultr", "tags": [], "description": "", "content": " Configuration for Vultr.\nCode: vultr Since: v0.3.1 Here is an example bash command using the Vultr provider:\nVULTR_API_KEY=xxxxx \\ lego --email you@example.com --dns vultr --domains my.example.org run Credentials Environment Variable Name Description VULTR_API_KEY API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description VULTR_HTTP_TIMEOUT API request timeout VULTR_POLLING_INTERVAL Time between DNS propagation check VULTR_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation VULTR_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation Go client " }, { "uri": "https://go-acme.github.io/lego/dns/websupport/", "title": "Websupport", "tags": [], "description": "", "content": " Configuration for Websupport.\nCode: websupport Since: v4.10.0 Here is an example bash command using the Websupport provider:\nWEBSUPPORT_API_KEY=\u0026#34;xxxxxxxxxxxxxxxxxxxxx\u0026#34; \\ WEBSUPPORT_SECRET=\u0026#34;yyyyyyyyyyyyyyyyyyyyy\u0026#34; \\ lego --email myemail@example.com --dns websupport --domains my.example.org run Credentials Environment Variable Name Description WEBSUPPORT_API_KEY API key WEBSUPPORT_SECRET API secret The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description WEBSUPPORT_HTTP_TIMEOUT API request timeout WEBSUPPORT_POLLING_INTERVAL Time between DNS propagation check WEBSUPPORT_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation WEBSUPPORT_SEQUENCE_INTERVAL Time between sequential requests WEBSUPPORT_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/wedos/", "title": "WEDOS", "tags": [], "description": "", "content": " Configuration for WEDOS.\nCode: wedos Since: v4.4.0 Here is an example bash command using the WEDOS provider:\nWEDOS_USERNAME=xxxxxxxx \\ WEDOS_WAPI_PASSWORD=xxxxxxxx \\ lego --email you@example.com --dns wedos --domains my.example.org run Credentials Environment Variable Name Description WEDOS_USERNAME Username is the same as for the admin account WEDOS_WAPI_PASSWORD Password needs to be generated and IP allowed in the admin interface The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description WEDOS_HTTP_TIMEOUT API request timeout WEDOS_POLLING_INTERVAL Time between DNS propagation check WEDOS_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation WEDOS_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/", "title": "Welcome", "tags": [], "description": "", "content": "Lego Let\u0026rsquo;s Encrypt client and ACME library written in Go.\nFeatures ACME v2 RFC 8555 Support RFC 8737: TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension Support RFC 8738: issues certificates for IP addresses Support draft-ietf-acme-ari-01: Renewal Information (ARI) Extension Register with CA Obtain certificates, both from scratch or with an existing CSR Renew certificates Revoke certificates Robust implementation of all ACME challenges HTTP (http-01) DNS (dns-01) TLS (tls-alpn-01) SAN certificate support CNAME support by default Comes with multiple optional DNS providers Custom challenge solvers Certificate bundling OCSP helper function " }, { "uri": "https://go-acme.github.io/lego/usage/library/writing-a-challenge-solver/", "title": "Writing a Challenge Solver", "tags": [], "description": "", "content": "Lego can solve multiple ACME challenge types out of the box, but sometimes you have custom requirements.\nFor example, you may want to write a solver for the DNS-01 challenge that works with a different DNS provider (lego already supports CloudFlare, AWS, DigitalOcean, and others).\nThe DNS-01 challenge is advantageous when other challenge types are impossible. For example, the HTTP-01 challenge doesn\u0026rsquo;t work well behind a load balancer or CDN and the TLS-ALPN-01 challenge breaks behind TLS termination.\nBut even if using HTTP-01 or TLS-ALPN-01 challenges, you may have specific needs that lego does not consider by default.\nYou can write something called a challenge.Provider that implements this interface:\ntype Provider interface { Present(domain, token, keyAuth string) error CleanUp(domain, token, keyAuth string) error } This provides the means to solve a challenge. First you present a token to the ACME server in a way defined by the challenge type you\u0026rsquo;re solving for, then you \u0026ldquo;clean up\u0026rdquo; after the challenge finishes.\nWriting a challenge.Provider Pretend we want to write our own DNS-01 challenge provider (other challenge types have different requirements but the same principles apply).\nThis will let us prove ownership of domain names parked at a new, imaginary DNS service called BestDNS without having to start our own HTTP server. BestDNS has an API that, given an authentication token, allows us to manipulate DNS records.\nThis simplistic example has only one field to store the auth token, but in reality you may need to keep more state.\ntype DNSProviderBestDNS struct { apiAuthToken string } We should provide a constructor that returns a pointer to the struct. This is important in case we need to maintain state in the struct.\nfunc NewDNSProviderBestDNS(apiAuthToken string) (*DNSProviderBestDNS, error) { return \u0026amp;DNSProviderBestDNS{apiAuthToken: apiAuthToken}, nil } Now we need to implement the interface. We\u0026rsquo;ll start with the Present method. You\u0026rsquo;ll be passed the domain name for which you\u0026rsquo;re proving ownership, a token, and a keyAuth string. How your provider uses token and keyAuth, or if you even use them at all, depends on the challenge type. For DNS-01, we\u0026rsquo;ll just use domain and keyAuth.\nfunc (d *DNSProviderBestDNS) Present(domain, token, keyAuth string) error { info := dns01.GetChallengeInfo(domain, keyAuth) // make API request to set a TXT record on fqdn with value and TTL return nil } After calling dns01.GetChallengeInfo(domain, keyAuth), we now have the information we need to make our API request and set the TXT record:\nFQDN is the fully qualified domain name on which to set the TXT record. EffectiveFQDN is the fully qualified domain name after the CNAMEs resolutions on which to set the TXT record. Value is the record\u0026rsquo;s value to set on the record. So then you make an API request to the DNS service according to their docs. Once the TXT record is set on the domain, you may return and the challenge will proceed.\nThe ACME server will then verify that you did what it required you to do, and once it is finished, lego will call your CleanUp method. In our case, we want to remove the TXT record we just created.\nfunc (d *DNSProviderBestDNS) CleanUp(domain, token, keyAuth string) error { // clean up any state you created in Present, like removing the TXT record } In our case, we\u0026rsquo;d just make another API request to have the DNS record deleted; no need to keep it and clutter the zone file.\nUsing your new challenge.Provider To use your new challenge provider, call client.Challenge.SetDNS01Provider to tell lego, \u0026ldquo;For this challenge, use this provider\u0026rdquo;. In our case:\nbestDNS, err := NewDNSProviderBestDNS(\u0026#34;my-auth-token\u0026#34;) if err != nil { return err } client.Challenge.SetDNS01Provider(bestDNS) Then, when this client tries to solve the DNS-01 challenge, it will use our new provider, which sets TXT records on a domain name hosted by BestDNS.\nThat\u0026rsquo;s really all there is to it. Go make awesome things!\n" }, { "uri": "https://go-acme.github.io/lego/dns/yandexcloud/", "title": "Yandex Cloud", "tags": [], "description": "", "content": " Configuration for Yandex Cloud.\nCode: yandexcloud Since: v4.9.0 Here is an example bash command using the Yandex Cloud provider:\nYANDEX_CLOUD_IAM_TOKEN=\u0026lt;base64_IAM_token\u0026gt; \\ YANDEX_CLOUD_FOLDER_ID=\u0026lt;folder/project_id\u0026gt; \\ lego --email you@example.com --dns yandexcloud --domains \u0026#34;example.org\u0026#34; --domains \u0026#34;*.example.org\u0026#34; run # --- YANDEX_CLOUD_IAM_TOKEN=$(echo \u0026#39;{ \\ \u0026#34;id\u0026#34;: \u0026#34;\u0026lt;string id\u0026gt;\u0026#34;, \\ \u0026#34;service_account_id\u0026#34;: \u0026#34;\u0026lt;string id\u0026gt;\u0026#34;, \\ \u0026#34;created_at\u0026#34;: \u0026#34;\u0026lt;datetime\u0026gt;\u0026#34;, \\ \u0026#34;key_algorithm\u0026#34;: \u0026#34;RSA_2048\u0026#34;, \\ \u0026#34;public_key\u0026#34;: \u0026#34;-----BEGIN PUBLIC KEY-----\u0026lt;rsa public key\u0026gt;-----END PUBLIC KEY-----\u0026#34;, \\ \u0026#34;private_key\u0026#34;: \u0026#34;-----BEGIN PRIVATE KEY-----\u0026lt;rsa private key\u0026gt;-----END PRIVATE KEY-----\u0026#34; \\ }\u0026#39; | base64) \\ YANDEX_CLOUD_FOLDER_ID=\u0026lt;yandex cloud folder(project) id\u0026gt; \\ lego --email you@example.com --dns yandexcloud --domains \u0026#34;example.org\u0026#34; --domains \u0026#34;*.example.org\u0026#34; run Credentials Environment Variable Name Description YANDEX_CLOUD_FOLDER_ID The string id of folder (aka project) in Yandex Cloud YANDEX_CLOUD_IAM_TOKEN The base64 encoded json which contains inforamtion about iam token of serivce account with dns.admin permissions The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description YANDEX_CLOUD_POLLING_INTERVAL Time between DNS propagation check YANDEX_CLOUD_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation YANDEX_CLOUD_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nIAM Token The simplest way to retrieve IAM access token is usage of yc-cli, follow docs to get it\nyc iam key create --service-account-name my-robot --output key.json cat key.json | base64 More information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/yandex/", "title": "Yandex PDD", "tags": [], "description": "", "content": " Configuration for Yandex PDD.\nCode: yandex Since: v3.7.0 Here is an example bash command using the Yandex PDD provider:\nYANDEX_PDD_TOKEN=\u0026lt;your PDD Token\u0026gt; \\ lego --email you@example.com --dns yandex --domains my.example.org run Credentials Environment Variable Name Description YANDEX_PDD_TOKEN Basic authentication username The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description YANDEX_HTTP_TIMEOUT API request timeout YANDEX_POLLING_INTERVAL Time between DNS propagation check YANDEX_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation YANDEX_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/zoneee/", "title": "Zone.ee", "tags": [], "description": "", "content": " Configuration for Zone.ee.\nCode: zoneee Since: v2.1.0 Here is an example bash command using the Zone.ee provider:\nZONEEE_API_USER=xxxxx \\ ZONEEE_API_KEY=yyyyy \\ lego --email you@example.com --dns zoneee --domains my.example.org run Credentials Environment Variable Name Description ZONEEE_API_KEY API key ZONEEE_API_USER API user The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description ZONEEE_ENDPOINT API endpoint URL ZONEEE_HTTP_TIMEOUT API request timeout ZONEEE_POLLING_INTERVAL Time between DNS propagation check ZONEEE_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation ZONEEE_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/dns/zonomi/", "title": "Zonomi", "tags": [], "description": "", "content": " Configuration for Zonomi.\nCode: zonomi Since: v3.5.0 Here is an example bash command using the Zonomi provider:\nZONOMI_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \\ lego --email you@example.com --dns zonomi --domains my.example.org run Credentials Environment Variable Name Description ZONOMI_API_KEY User API key The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nAdditional Configuration Environment Variable Name Description ZONOMI_HTTP_TIMEOUT API request timeout ZONOMI_POLLING_INTERVAL Time between DNS propagation check ZONOMI_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation ZONOMI_TTL The TTL of the TXT record used for the DNS challenge The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information here.\nMore information API documentation " }, { "uri": "https://go-acme.github.io/lego/categories/", "title": "Categories", "tags": [], "description": "", "content": "" }, { "uri": "https://go-acme.github.io/lego/tags/", "title": "Tags", "tags": [], "description": "", "content": "" }]