acme_issuer
The `acme_issuer` directive configures the ACME issuer block for automatic certificate management in NGINX.
Description
The acme_issuer directive is part of the NGINX module for Automatic Certificate Management (ACMEv2). It enables the configuration of the ACME issuer block within the HTTP context of NGINX, facilitating the automatic issuance and renewal of SSL/TLS certificates for your web server. This directive is primarily focused on managing certificates via the ACME protocol, adhering to specifications from relevant RFCs, including RFC8555 for automatic certificate management.
Inside the acme_issuer block, you can specify several parameters that control the behavior of the certificate management process. This includes defining the URLs of the ACME server, authentication methods, and challenges that the server must respond to to validate the domain ownership. The module currently supports only HTTP-01 challenge types, which involves placing a specific token in a file accessible via a defined URL to demonstrate control over the domain. Integration with other security features such as renewal notifications and validation settings is also possible, providing a comprehensive solution for managing HTTPS certificates effortlessly.
Implementing acme_issuer properly ensures that certificates are always up to date and minimizes downtime due to expired certificates. It's essential to verify your configuration and test the renewal process to ensure that everything operates smoothly without manual intervention.
Config Example
http {
acme_issuer {
# URL of the ACME server
server_url https://acme.staging.api.letsencrypt.org/directory;
# Additional parameters for configuring ACME issuers
# Define the account key, email, and others here
}
}Ensure the NGINX server has the necessary privileges to write certificate files.
Be cautious with ACME server URLs; use production URLs in a live environment and staging URLs in testing.
Only the HTTP-01 challenge is supported; other challenge types require manual handling.