lego/docs/content/dns/zz_gen_yandexcloud.md
2024-08-14 23:55:11 +02:00

2.8 KiB

title date draft slug dnsprovider
Yandex Cloud 2019-03-03T16:39:46+01:00 false yandexcloud
since code url
v4.9.0 yandexcloud https://cloud.yandex.com

Configuration for Yandex Cloud.

  • Code: yandexcloud
  • Since: v4.9.0

Here is an example bash command using the Yandex Cloud provider:

YANDEX_CLOUD_IAM_TOKEN=<base64_IAM_token> \
YANDEX_CLOUD_FOLDER_ID=<folder/project_id> \
lego --email you@example.com --dns yandexcloud --domains "example.org" --domains "*.example.org" run

# ---

YANDEX_CLOUD_IAM_TOKEN=$(echo '{ \
  "id": "<string id>", \
  "service_account_id": "<string id>", \
  "created_at": "<datetime>", \
  "key_algorithm": "RSA_2048", \
  "public_key": "-----BEGIN PUBLIC KEY-----<rsa public key>-----END PUBLIC KEY-----", \
  "private_key": "-----BEGIN PRIVATE KEY-----<rsa private key>-----END PRIVATE KEY-----" \
}' | base64) \
YANDEX_CLOUD_FOLDER_ID=<yandex cloud folder(project) id> \
lego --email you@example.com --dns yandexcloud --domains "example.org" --domains "*.example.org" run

Credentials

Environment Variable Name Description
YANDEX_CLOUD_FOLDER_ID The string id of folder (aka project) in Yandex Cloud
YANDEX_CLOUD_IAM_TOKEN The base64 encoded json which contains information about iam token of service account with dns.admin permissions

The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information [here]({{% ref "dns#configuration-and-credentials" %}}).

Additional Configuration

Environment Variable Name Description
YANDEX_CLOUD_POLLING_INTERVAL Time between DNS propagation check
YANDEX_CLOUD_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation
YANDEX_CLOUD_TTL The TTL of the TXT record used for the DNS challenge

The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information [here]({{% ref "dns#configuration-and-credentials" %}}).

IAM Token

The simplest way to retrieve IAM access token is usage of yc-cli, follow docs to get it

yc iam key create --service-account-name my-robot --output key.json
cat key.json | base64

More information