You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/nginx/admin-guide/dynamic-modules/acme.md
+54-8Lines changed: 54 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -198,25 +198,71 @@ In a text editor, open the NGINX Plus configuration file:
198
198
- `/etc/nginx/nginx.conf`for Linux
199
199
- `/usr/local/etc/nginx/nginx.conf`for FreeBSD
200
200
201
-
For a complete list of directives, embedded variables, default span attributes, refer to the `ngx_http_acme_module` official documentation.
202
201
203
-
List of directives:
202
+
For a complete list of directives and variables refer to the `ngx_http_acme_module` [official documentation](https://nginx.org/en/docs/http/ngx_http_acme_module.html) and [NGINX ACME module GitHub project](https://github.com/nginx/nginx-acme).
1. To enable ACME functionality, specify the directory URL of the ACME server with the [`uri`](https://nginx.org/en/docs/http/ngx_http_acme_module.html#uri) directive.
206
205
207
-
List of variables:
206
+
Additionally, you can provide information regarding how to contact the client incaseof certificate-related issues or where to store module data with the [`contact`](https://nginx.org/en/docs/http/ngx_http_acme_module.html#contact) and [`state_path`](https://nginx.org/en/docs/http/ngx_http_acme_module.html#state_path) directives.
2. If necessary, you can increase the default shared memory zone that stores certificates, private keys, and challenge data for all the configured certificate issuers with the [`acme_shared_zone`](https://nginx.org/en/docs/http/ngx_http_acme_module.html#acme_shared_zone) directive. The default zone size is `256k`.
213
219
214
-
```shell
220
+
```nginx
221
+
acme_shared_zone zone=acme_shared:1M;
222
+
```
223
+
224
+
3. Configure Challenges by defining a listener on port 80 in the nginx configuration to process ACME HTTP-01 challenges:
225
+
226
+
```nginx
227
+
server {
228
+
# listener on port 80 is required to process ACME HTTP-01 challenges
229
+
listen 80;
230
+
231
+
location / {
232
+
#Serve a basic 404 response while listening for challenges
233
+
return 404;
234
+
}
235
+
}
236
+
```
237
+
238
+
4. Automate the issuance or renewal of TLS certificates with the [`acme_certificate`](https://nginx.org/en/docs/http/ngx_http_acme_module.html#acme_certificate) directive in the respective [`server`](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) block. The directive requires the list of identifiers (domains) for which the certificates need to be dynamically issued that can be defined with the [`server_name`](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) directive. The [`$acme_certificate`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_acme_certificate_key) and [`$acme_certificate_key`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_acme_certificate_key) variables are used to pass the SSL certificate and key information for the associated domain:
239
+
240
+
```nginx
241
+
server {
242
+
243
+
listen 443 ssl;
244
+
245
+
server_name .example.com;
246
+
247
+
acme_certificate letsencrypt;
248
+
249
+
ssl_certificate $acme_certificate;
250
+
ssl_certificate_key $acme_certificate_key;
251
+
ssl_certificate_cache max=2;
252
+
}
253
+
```
254
+
255
+
Note that not all values accepted by the [`server_name`](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name) directive are valid identifiers. Wildcards and regular expressions are not supported.
0 commit comments