44
+Not found
+ +Whoops. Looks like this page doesn't exist ¯\_(ツ)_/¯.
+ + ++ +
+diff --git a/404.html b/404.html new file mode 100644 index 0000000000..6ff210a0a7 --- /dev/null +++ b/404.html @@ -0,0 +1,175 @@ + + +
+ + + + + + + + + + + + + + +Whoops. Looks like this page doesn't exist ¯\_(ツ)_/¯.
+ + ++ +
+s that we want to ignore */ + display: none; +} + +/* in case of image render hook, Hugo may generate empty
s that we want to ignore as well, so a simple :first-child or :last-child is not enough */ +#R-body table th > :nth-child(1 of :not(:empty)), +#R-body table th > :nth-child(1 of :not(:empty)) :nth-child(1 of :not(:empty)), +#R-body table td > :nth-child(1 of :not(:empty)), +#R-body table td > :nth-child(1 of :not(:empty)) :nth-child(1 of :not(:empty)), +#R-body div.box > .box-content > :nth-child(1 of :not(:empty)), +#R-body div.box > .box-content > :nth-child(1 of :not(:empty)) :nth-child(1 of :not(:empty)), +#R-body div.expand > .expand-content-text > :nth-child(1 of :not(:empty)), +#R-body div.expand > .expand-content-text > :nth-child(1 of :not(:empty)) :nth-child(1 of :not(:empty)), +#R-body div.tab-content > .tab-content-text > :nth-child(1 of :not(:empty)), +#R-body div.tab-content > .tab-content-text > :nth-child(1 of :not(:empty)) :nth-child(1 of :not(:empty)) { + margin-top: 0; +} + +#R-body table th > :nth-last-child(1 of :not(:empty)), +#R-body table th > :nth-last-child(1 of :not(:empty)) :nth-last-child(1 of :not(:empty)), +#R-body table th > div.highlight:last-child pre:not(.mermaid), +#R-body table td > :nth-last-child(1 of :not(:empty)), +#R-body table td > :nth-last-child(1 of :not(:empty)) :nth-last-child(1 of :not(:empty)), +#R-body table td > div:last-child pre:not(.mermaid), +#R-body div.box > .box-content > :nth-last-child(1 of :not(:empty)), +#R-body div.box > .box-content > :nth-last-child(1 of :not(:empty)) :nth-last-child(1 of :not(:empty)), +#R-body div.box > .box-content > div:last-child pre:not(.mermaid), +#R-body div.expand > .expand-content-text > :nth-last-child(1 of :not(:empty)), +#R-body div.expand > .expand-content-text > :nth-last-child(1 of :not(:empty)) :nth-last-child(1 of :not(:empty)), +#R-body div.expand > .expand-content-text > div:last-child pre:not(.mermaid), +#R-body div.tab-content > .tab-content-text > :nth-last-child(1 of :not(:empty)), +#R-body div.tab-content > .tab-content-text > :nth-last-child(1 of :not(:empty)) :nth-last-child(1 of :not(:empty)), +#R-body div.tab-content > .tab-content-text > div:last-child pre:not(.mermaid) { + margin-bottom: 0; +} + +/* resources shortcode */ + +div.attachments .box-content { + display: block; + margin: 0; + padding-inline-start: 1.75rem; +} + +/* Children shortcode */ + +.children p { + font-size: .8125rem; + margin-bottom: 0; + margin-top: 0; + padding-bottom: 0; + padding-top: 0; +} + +.children-li p { + font-size: .8125rem; + font-style: italic; +} + +.children-h2 p, +.children-h3 p { + font-size: .8125rem; + margin-bottom: 0; + margin-top: 0; + padding-bottom: 0; + padding-top: 0; +} + +#R-body-inner .children h2, +#R-body-inner .children h3, +#R-body-inner .children h4, +#R-body-inner .children h5, +#R-body-inner .children h6 { + margin-bottom: 0; + margin-top: 1rem; +} +#R-body-inner ul.children-h2, +#R-body-inner ul.children-h3, +#R-body-inner ul.children-h4, +#R-body-inner ul.children-h5, +#R-body-inner ul.children-h6 { + /* if we display children with style=h2 but without a containerstyle + a ul will be used for structuring; we remove default indention for uls + in this case */ + padding-inline-start: 0; +} + +code, +kbd, +pre:not(.mermaid), +samp { + font-size: .934375rem; + vertical-align: baseline; +} + +code { + border-radius: 2px; + border-style: solid; + border-width: 1px; + -webkit-print-color-adjust: economy; + color-adjust: economy; + padding-left: 2px; + padding-right: 2px; + white-space: nowrap; +} + +span.copy-to-clipboard { + display: inline-block; + white-space: nowrap; +} + +code.copy-to-clipboard-code { + border-end-end-radius: 0; + border-start-end-radius: 0; + border-inline-end-width: 0; +} + +pre:not(.mermaid) { + border-radius: 2px; + border-style: solid; + border-width: 1px; + -webkit-print-color-adjust: economy; + color-adjust: economy; + line-height: 1.15; + padding: 1rem; + position: relative; +} + +/* pre:not(.mermaid):has( code ), */ +/* the :has() operator isn't available in FF yet, so we patch this by JS */ +pre:not(.mermaid).pre-code { + direction: ltr; + text-align: left; +} + +pre:not(.mermaid) code { + background-color: inherit; + border: 0; + color: inherit; + -webkit-print-color-adjust: economy; + color-adjust: economy; + font-size: .9375rem; + margin: 0; + padding: 0; +} + +div.highlight{ + position: relative; +} +/* we may have special treatment if highlight shortcode was used in table lineno mode */ +div.highlight > div{ + border-style: solid; + border-width: 1px; +} +/* remove default style for usual markdown tables */ +div.highlight > div table{ + background-color: transparent; + border-width: 0; + margin: 0; +} +div.highlight > div td{ + border-width: 0; +} +#R-body div.highlight > div a { + line-height: inherit; +} +#R-body div.highlight > div a:after { + display: none; +} +/* disable selection for lineno cells */ +div.highlight > div td:first-child:not(:last-child){ + -webkit-user-select: none; + user-select: none; +} +/* increase code column to full width if highlight shortcode was used in table lineno mode */ +div.highlight > div td:not(:first-child):last-child{ + width: 100%; +} +/* add scrollbars if highlight shortcode was used in table lineno mode */ +div.highlight > div table{ + display: block; + overflow: auto; +} +div.highlight:not(.wrap-code) pre:not(.mermaid){ + overflow: auto; +} +div.highlight:not(.wrap-code) pre:not(.mermaid) code{ + white-space: pre; +} +div.highlight.wrap-code pre:not(.mermaid) code{ + white-space: pre-wrap; +} +/* remove border from row cells if highlight shortcode was used in table lineno mode */ +div.highlight > div td > pre:not(.mermaid) { + border-radius: 0; + border-width: 0; +} +/* in case of table lineno mode we want to move each row closer together - besides the edges +this usually applies only to wrapfix tables but it doesn't hurt for non-wrapfix tables too */ +div.highlight > div tr:not(:first-child) pre:not(.mermaid){ + padding-top: 0; +} +div.highlight > div tr:not(:last-child) pre:not(.mermaid){ + padding-bottom: 0; +} +/* in case of table lineno mode we want to move each columns closer together on the inside */ +div.highlight > div td:first-child:not(:last-child) pre:not(.mermaid){ + padding-right: 0; +} +div.highlight > div td:not(:first-child):last-child pre:not(.mermaid){ + padding-left: 0; +} + +hr { + border-bottom: 4px solid rgba( 134, 134, 134, .125 ); +} + +#R-body-inner pre:not(.mermaid) { + white-space: pre-wrap; +} + +table { + border: 1px solid rgba( 134, 134, 134, .333 ); + margin-bottom: 1rem; + margin-top: 1rem; + table-layout: auto; +} + +th, +thead td { + background-color: rgba( 134, 134, 134, .166 ); + border: 1px solid rgba( 134, 134, 134, .333 ); + -webkit-print-color-adjust: exact; + color-adjust: exact; + padding: 0.5rem; +} + +td { + border: 1px solid rgba( 134, 134, 134, .333 ); + padding: 0.5rem; +} +tbody > tr:nth-child(even) > td { + background-color: rgba( 134, 134, 134, .045 ); +} + +.tooltipped { + position: relative; +} + +.tooltipped:after { + background: rgba( 0, 0, 0, 1 ); + border: 1px solid rgba( 119, 119, 119, 1 ); + border-radius: 3px; + color: rgba( 255, 255, 255, 1 ); + content: attr(aria-label); + display: none; + font-family: "Work Sans", "Helvetica", "Tahoma", "Geneva", "Arial", sans-serif; + font-size: .6875rem; + font-weight: normal; + -webkit-font-smoothing: subpixel-antialiased; + letter-spacing: normal; + line-height: 1.5; + padding: 5px 8px; + pointer-events: none; + position: absolute; + text-align: center; + text-decoration: none; + text-shadow: none; + text-transform: none; + white-space: pre; + word-wrap: break-word; + z-index: 140; +} + +.tooltipped:before { + border: 5px solid transparent; + color: rgba( 0, 0, 0, 1 ); + content: ""; + display: none; + height: 0; + pointer-events: none; + position: absolute; + width: 0; + z-index: 150; +} + +.tooltipped:hover:before, +.tooltipped:hover:after, +.tooltipped:active:before, +.tooltipped:active:after, +.tooltipped:focus:before, +.tooltipped:focus:after { + display: inline-block; + text-decoration: none; +} + +.tooltipped-s:after, +.tooltipped-se:after, +.tooltipped-sw:after { + margin-top: 5px; + right: 50%; + top: 100%; +} + +.tooltipped-s:before, +.tooltipped-se:before, +.tooltipped-sw:before { + border-bottom-color: rgba( 0, 0, 0, .8 ); + bottom: -5px; + margin-right: -5px; + right: 50%; + top: auto; +} + +.tooltipped-se:after { + left: 50%; + margin-left: -15px; + right: auto; +} + +.tooltipped-sw:after { + margin-right: -15px; +} + +.tooltipped-n:after, +.tooltipped-ne:after, +.tooltipped-nw:after { + bottom: 100%; + margin-bottom: 5px; + right: 50%; +} + +.tooltipped-n:before, +.tooltipped-ne:before, +.tooltipped-nw:before { + border-top-color: rgba( 0, 0, 0, .8 ); + bottom: auto; + margin-right: -5px; + right: 50%; + top: -5px; +} + +.tooltipped-ne:after { + left: 50%; + margin-left: -15px; + right: auto; +} + +.tooltipped-nw:after { + margin-right: -15px; +} + +.tooltipped-s:after, +.tooltipped-n:after { + transform: translateX(50%); +} + +.tooltipped-w:after { + bottom: 50%; + margin-right: 5px; + right: 100%; + transform: translateY(50%); +} + +.tooltipped-w:before { + border-left-color: rgba( 0, 0, 0, .8 ); + bottom: 50%; + left: -5px; + margin-top: -5px; + top: 50%; +} + +.tooltipped-e:after { + bottom: 50%; + left: 100%; + margin-left: 5px; + transform: translateY(50%); +} + +.tooltipped-e:before { + border-right-color: rgba( 0, 0, 0, .8 ); + bottom: 50%; + margin-top: -5px; + right: -5px; + top: 50%; +} + +#R-topbar { + min-height: 3rem; + position: relative; + z-index: 170; +} + +#R-topbar > .topbar-wrapper { + align-items: center; + background-color: rgba( 134, 134, 134, .066 ); + display: flex; + flex-basis: 100%; + flex-direction: row; + height: 100%; +} + +.topbar-button { + display: inline-block; + position: relative; +} +.topbar-button:not([data-origin]) { + display: none; +} + +.topbar-button > .topbar-control { + display: inline-block; + padding-left: 1rem; + padding-right: 1rem; +} +.topbar-wrapper > .topbar-area-start > .topbar-button > .topbar-control { + border-inline-end: 1px solid rgba( 134, 134, 134, .333 ); +} +.topbar-wrapper > .topbar-area-end > .topbar-button > .topbar-control { + border-inline-start: 1px solid rgba( 134, 134, 134, .333 ); +} + +.topbar-button > button:disabled i, +.topbar-button > span i { + color: rgba( 134, 134, 134, .333 ); +} +.topbar-button button{ + -webkit-appearance: none; + appearance: none; + background-color: transparent; +} + +.topbar-sidebar-divider { + border-inline-start-style: solid; + border-inline-start-width: 1px; + margin-inline-end: -1px; + width: 1px; +} +.topbar-sidebar-divider::after { + content: "\00a0"; +} + +.topbar-wrapper > .topbar-area-start { + display: flex; + flex-direction: row; + flex-shrink: 0; +} +.topbar-wrapper > .topbar-area-end { + display: flex; + flex-direction: row; + flex-shrink: 0; +} +.topbar-wrapper > .topbar-hidden { + display: none; +} + +html[dir="rtl"] .topbar-button-prev i, +html[dir="rtl"] .topbar-button-next i { + transform: scaleX(-1); +} + +.topbar-content { + top: .75rem; +} +.topbar-wrapper > .topbar-area-start .topbar-content { + inset-inline-start: 1.5rem; +} +.topbar-wrapper > .topbar-area-end .topbar-content { + inset-inline-end: 1.5rem; +} +.topbar-content .topbar-content{ + /* we don't allow flyouts in flyouts; come on, don't get funny... */ + display: none; +} + +.topbar-breadcrumbs { + flex-grow: 1; + margin: 0; + padding: 0 1rem; +} +@media screen and (max-width: 47.999rem) { + .topbar-breadcrumbs { + /* we just hide the breadcrumbs instead of display: none; + this makes sure that the breadcrumbs are still usable for + accessability */ + visibility: hidden; + } +} + +.breadcrumbs { + min-width: 0; + overflow: hidden; + text-overflow: ellipsis; + width: 100%; + white-space: nowrap; +} + +.breadcrumbs meta { + display: none; +} + +.breadcrumbs li { + display: inline-block; +} + +#R-body a[aria-disabled="true"] { + pointer-events: none; + text-decoration: none; +} + +@media screen and (max-width: 59.999rem) { + #R-sidebar { + min-width: var(--INTERNAL-MENU-WIDTH-M); + max-width: var(--INTERNAL-MENU-WIDTH-M); + width: var(--INTERNAL-MENU-WIDTH-M); + } + #R-body { + margin-inline-start: var(--INTERNAL-MENU-WIDTH-M); + min-width: calc( 100% - var(--INTERNAL-MENU-WIDTH-M) ); + max-width: calc( 100% - var(--INTERNAL-MENU-WIDTH-M) ); + width: calc( 100% - var(--INTERNAL-MENU-WIDTH-M) ); + } +} +@media screen and (max-width: 47.999rem) { + /* we don't support sidebar flyout in mobile */ + .mobile-support #R-sidebar { + inset-inline-start: calc( -1 * var(--INTERNAL-MENU-WIDTH-S) ); + min-width: var(--INTERNAL-MENU-WIDTH-S); + max-width: var(--INTERNAL-MENU-WIDTH-S); + width: var(--INTERNAL-MENU-WIDTH-S); + } + .mobile-support #navshow{ + display: inline; + } + .mobile-support #R-body { + min-width: 100%; + max-width: 100%; + width: 100%; + } + .mobile-support #R-body { + margin-inline-start: 0; + } + .mobile-support.sidebar-flyout { + overflow: hidden; + } + .mobile-support.sidebar-flyout #R-sidebar { + inset-inline-start: 0; + z-index: 90; + } + .mobile-support.sidebar-flyout #R-body { + margin-inline-start: var(--INTERNAL-MENU-WIDTH-S); + overflow: hidden; + } + .mobile-support.sidebar-flyout #R-body-overlay{ + background-color: rgba( 134, 134, 134, .5 ); + bottom: 0; + cursor: pointer; + height: 100vh; + left: 0; + position: absolute; + right: 0; + top: 0; + z-index: 190; + } +} + +.copy-to-clipboard-button { + border-start-start-radius: 0; + border-start-end-radius: 2px; + border-end-end-radius: 2px; + border-end-start-radius: 0; + border-style: solid; + border-width: 1px; + cursor: pointer; + font-size: .934375rem; + line-height: 1.15; +} + +span > .copy-to-clipboard-button { + border-start-start-radius: 0; + border-start-end-radius: 2px; + border-end-end-radius: 2px; + border-end-start-radius: 0; +} + +.copy-to-clipboard-button > i { + font-size: .859625rem; +} + +/* only show copy to clipboard on hover for code blocks if configured */ +div.highlight .copy-to-clipboard-button { + display: none; +} +@media (any-hover: none) { + /* if there is at least one input device that does not support hover, we want to force the copy button */ + div.highlight .copy-to-clipboard-button { + display: block; + } +} +div.highlight:hover .copy-to-clipboard-button { + display: block; +} +.disableHoverBlockCopyToClipBoard div.highlight .copy-to-clipboard-button { + display: block; +} + +div.highlight > div table + .copy-to-clipboard-button > i, +div.highlight pre:not(.mermaid) + .copy-to-clipboard-button > i, +.copy-to-clipboard-code + .copy-to-clipboard-button > i { + padding-left: 5px; + padding-right: 5px; +} + +div.highlight > div table + .copy-to-clipboard-button, +div.highlight pre:not(.mermaid) + .copy-to-clipboard-button, +pre:not(.mermaid) > .copy-to-clipboard-button { + background-color: rgba( 160, 160, 160, .2 ); + border-radius: 2px; + border-style: solid; + border-width: 1px; + right: 4px; + padding: 5px 3px; + position: absolute; + top: 4px; +} + +.disableInlineCopyToClipboard span > code.copy-to-clipboard-code + span.copy-to-clipboard-button { + display: none; +} + +.disableInlineCopyToClipboard span > code.copy-to-clipboard-code { + border-start-end-radius: 2px; + border-end-end-radius: 2px; + border-inline-end-width: 1px; +} + +#R-homelinks { + padding: 0; +} +#R-homelinks ul { + margin: .5rem 0; +} +#R-homelinks hr { + border-bottom-style: solid; + border-bottom-width: 1px; + margin: 0 1rem 3px 1rem; +} + +option { + color: initial; +} + +.expand { + margin-bottom: 1rem; + margin-top: 1rem; + position: relative; +} + +.expand > input { + -webkit-appearance: none; + appearance: none; + cursor: pointer; +} + +.expand > label { + cursor: pointer; + display: inline; + font-weight: 300; + inset-inline-start: 0; + line-height: 1.1; + margin-top: .2rem; + position: absolute; +} + +.expand > input:active + label, +.expand > input:focus + label, +.expand > label:hover { + text-decoration: underline; +} + +.expand > label > .fas { + font-size: .8rem; + width: .6rem; +} + +.expand > .expand-content { + margin-inline-start: 1rem; + margin-top: .5rem; +} +/* closed expander */ +.expand > input + label + div { + display: none; +} + +.expand > input + label > .fa-chevron-down { + display: none; +} +.expand > input + label > .fa-chevron-right { + display: inline-block; +} + +/* open expander */ +.expand > input:checked + label + div { + display: block; +} + +.expand > input:checked + label > .fa-chevron-down { + display: inline-block; +} +.expand > input:checked + label > .fa-chevron-right { + display: none; +} + +/* adjust expander for RTL reading direction */ +html[dir="rtl"] .expand > .expand-label > i.fa-chevron-right { + transform: scaleX(-1); +} + +#R-body footer.footline{ + margin-top: 2rem; +} + +.headline i, +.footline i{ + margin-inline-start: .5rem; +} +.headline i:first-child, +.footline i:first-child{ + margin-inline-start: 0; +} + +.mermaid-container { + margin-bottom: 1.7rem; + margin-top: 1.7rem; +} + +.mermaid { + display: inline-block; + border: 1px solid transparent; + padding: .5rem .5rem 0 .5rem; + position: relative; + /* don't use display: none, as this will cause no renderinge by Mermaid */ + visibility: hidden; + width: 100%; +} +.mermaid-container.zoomable > .mermaid:hover { + border-color: rgba( 134, 134, 134, .333 ); +} +.mermaid.mermaid-render { + visibility: visible; +} + +.mermaid > svg { + /* remove inline height from generated diagram */ + height: initial !important; +} +.mermaid-container.zoomable > .mermaid > svg { + cursor: grab; +} + +.svg-reset-button { + background-color: rgba( 160, 160, 160, .2 ); + border-radius: 2px; + border-style: solid; + border-width: 1px; + cursor: pointer; + display: none; + font-size: .934375rem; + line-height: 1.15; + padding: 5px 3px; + position: absolute; + right: 4px; + top: 4px; +} +.mermaid:hover .svg-reset-button.zoomed { + display: block; +} +@media (any-hover: some) { + /* if there is at least one input device that does not support hover, we want to force the reset button if zoomed */ + .svg-reset-button.zoomed { + display: block; + } +} + +.svg-reset-button > i { + font-size: .859625rem; + padding-left: 5px; + padding-right: 5px; +} + +.mermaid-code { + display: none; +} + +.include.hide-first-heading h1:first-of-type, +.include.hide-first-heading h2:first-of-type, +.include.hide-first-heading h3:first-of-type, +.include.hide-first-heading h4:first-of-type, +.include.hide-first-heading h5:first-of-type, +.include.hide-first-heading h6:first-of-type { + display: none; +} + +.include.hide-first-heading h1 + h2:first-of-type, +.include.hide-first-heading h1 + h3:first-of-type, +.include.hide-first-heading h2 + h3:first-of-type, +.include.hide-first-heading h1 + h4:first-of-type, +.include.hide-first-heading h2 + h4:first-of-type, +.include.hide-first-heading h3 + h4:first-of-type, +.include.hide-first-heading h1 + h5:first-of-type, +.include.hide-first-heading h2 + h5:first-of-type, +.include.hide-first-heading h3 + h5:first-of-type, +.include.hide-first-heading h4 + h5:first-of-type, +.include.hide-first-heading h1 + h6:first-of-type, +.include.hide-first-heading h2 + h6:first-of-type, +.include.hide-first-heading h3 + h6:first-of-type, +.include.hide-first-heading h4 + h6:first-of-type, +.include.hide-first-heading h5 + h6:first-of-type { + display: block; +} + +/* Table of contents */ + +.topbar-flyout #R-main-overlay{ + bottom: 0; + cursor: pointer; + left: 0; + position: absolute; + right: 0; + top: 3rem; + z-index: 160; +} + +.topbar-content { + border: 0 solid rgba( 134, 134, 134, .166 ); + box-shadow: 1px 2px 5px 1px rgba( 134, 134, 134, .2 ); + height: 0; + opacity: 0; + overflow: hidden; + position: absolute; + visibility: hidden; + width: 0; + z-index: 180; +} + +.topbar-button.topbar-flyout .topbar-content { + border-width: 1px; + height: auto; + opacity: 1; + visibility: visible; + width: auto; +} + +.topbar-content .topbar-content-wrapper { + background-color: rgba( 134, 134, 134, .066 ); +} + +.topbar-content-wrapper { + --ps-rail-hover-color: rgba( 176, 176, 176, .25 ); + max-height: 90vh; + overflow: hidden; + padding: .5rem 1rem; + position: relative; /* PS */ +} + +.topbar-content .topbar-button .topbar-control { + border-width: 0; + padding: 0; +} +.topbar-content .topbar-button .topbar-control { + border-width: 0; + padding: .5rem 0; +} + +#TableOfContents, +.TableOfContents { + font-size: .8125rem; +} +#TableOfContents ul, +.TableOfContents ul { + list-style: none; + margin: 0; + padding: 0 1rem; +} + +#TableOfContents > ul, +.TableOfContents > ul { + padding: 0; +} + +#TableOfContents li, +.TableOfContents li { + white-space: nowrap; +} + +#TableOfContents > ul > li > a, +.TableOfContents > ul > li > a { + font-weight: 500; +} + +.btn { + border-radius: 4px; + display: inline-block; + font-size: .9rem; + font-weight: 500; + line-height: 1.1; + margin-bottom: 0; + touch-action: manipulation; + -webkit-user-select: none; + user-select: none; +} +.btn.interactive { + cursor: pointer; +} + +.btn > span, +.btn > a { + display: block; +} + +.btn > :where(button) { + -webkit-appearance: none; + appearance: none; + border-width: 0; + margin: 0; + padding: 0; +} + +.btn > * { + background-color: transparent; + border-radius: 4px; + border-style: solid; + border-width: 1px; + padding: 6px 12px; + text-align: center; + touch-action: manipulation; + -webkit-user-select: none; + user-select: none; + white-space: nowrap; +} + +.btn > *:after { + /* avoid breakage if no content is given */ + content: "\200b" +} + +#R-body #R-body-inner .btn > *.highlight:after { + background-color: transparent; +} + +.btn.interactive > .btn-interactive:focus { + outline: none; +} + +.btn.interactive > *:hover, +.btn.interactive > *:active, +.btn.interactive > *:focus { + text-decoration: none; +} + +/* anchors */ +.anchor { + cursor: pointer; + font-size: .5em; + margin-inline-start: .66em; + margin-top: .9em; + position: absolute; + visibility: hidden; +} +@media (any-hover: none) { + /* if there is at least one input device that does not support hover, we want to force the copy button */ + .anchor { + visibility: visible; + } +} + +h2:hover .anchor, +h3:hover .anchor, +h4:hover .anchor, +h5:hover .anchor, +h6:hover .anchor { + visibility: visible; +} + +/* Redfines headers style */ + +h1 a, +h2 a, +h3 a, +h4 a, +h5 a, +h6 a { + font-weight: inherit; +} + +#R-body h1 + h2, +#R-body h1 + h3, +#R-body h1 + h4, +#R-body h1 + h5, +#R-body h1 + h6, +#R-body h2 + h3, +#R-body h2 + h4, +#R-body h2 + h5, +#R-body h2 + h6, +#R-body h3 + h4, +#R-body h3 + h5, +#R-body h3 + h6, +#R-body h4 + h5, +#R-body h4 + h6, +#R-body h5 + h6 { + margin-top: 1rem; +} + +.menu-control .control-style { + cursor: pointer; + height: 1.574em; + overflow: hidden; +} + +.menu-control i { + padding-top: .25em; +} + +.menu-control i, +.menu-control span { + cursor: pointer; + display: block; + float: left; +} +html[dir="rtl"] .menu-control i, +html[dir="rtl"] .menu-control span { + float: right; +} + +.menu-control :hover, +.menu-control i:hover, +.menu-control span:hover { + cursor: pointer; +} + +.menu-control select, +.menu-control button { + -webkit-appearance: none; + appearance: none; + height: 1.33rem; + outline: none; + width: 100%; +} +.menu-control button:active, +.menu-control button:focus, +.menu-control select:active, +.menu-control select:focus{ + outline-style: solid; +} + +.menu-control select { + background-color: transparent; + background-image: none; + border: none; + box-shadow: none; + padding-left: 0; + padding-right: 0; +} + +.menu-control option { + color: rgba( 0, 0, 0, 1 ); + padding: 0; + margin: 0; +} + +.menu-control button { + background-color: transparent; + cursor: pointer; + display: block; + text-align: start; +} + +.clear { + clear: both; +} + +.footerLangSwitch, +.footerVariantSwitch, +.footerVisitedLinks, +.footerFooter { + display: none; +} + +.showLangSwitch, +.showVariantSwitch, +.showVisitedLinks, +.showFooter { + display: block; +} + +/* clears the 'X' from Chrome's search input */ +input[type="search"]::-webkit-search-decoration, +input[type="search"]::-webkit-search-cancel-button, +input[type="search"]::-webkit-search-results-button, +input[type="search"]::-webkit-search-results-decoration { display: none; } + +span.math:has(> mjx-container[display]) { + display: block; +} + +@supports selector(.math:has(> mjx-container)){ + .math{ + visibility: hidden; + } + .math:has(> mjx-container){ + visibility: visible; + } +} +.math.align-left > mjx-container{ + text-align: left !important; +} + +.math.align-center > mjx-container{ + text-align: center !important; +} + +.math.align-right > mjx-container{ + text-align: right !important; +} + +.scrollbar-measure { + /* https://davidwalsh.name/detect-scrollbar-width */ + height: 100px; + overflow: scroll; + position: absolute; + width: 100px; + top: -9999px; +} + +.a11y-only { + /* idea taken from https://www.filamentgroup.com/lab/a11y-form-labels.html */ + clip-path: polygon(0 0, 1px 0, 1px 1px, 0 1px); + overflow: hidden; + position: absolute; + height: 1px; + transform: translateY(-100%); + transition: transform .5s cubic-bezier(.18,.89,.32,1.28); + white-space: nowrap; + width: 1px; +} + +/* filament style for making action visible on focus - not adapted yet +.a11y-only:focus { + position: fixed; + height: auto; + overflow: visible; + clip: auto; + white-space: normal; + margin: 0 0 0 -100px; + top: -.3em; + left: 50%; + text-align: center; + width: 200px; + background: rgba( 255, 255, 255, 1 ); + color: rgba( 54, 133, 18, 1 ); + padding: .8em 0 .7em; + font-size: 16px; + z-index: 5000; + text-decoration: none; + border-bottom-right-radius: 8px; + border-bottom-left-radius: 8px; + outline: 0; + transform: translateY(0%); +} +*/ + +.mermaid-container.align-right { + text-align: right; +} + +.mermaid-container.align-center { + text-align: center; +} + +.mermaid-container.align-left { + text-align: left; +} + +.searchform { + display: flex; +} + +.searchform input { + flex: 1 0 60%; + border-radius: 4px; + border: 2px solid rgba( 134, 134, 134, .125 ); + background: rgba( 134, 134, 134, .125 ); + display: block; + margin: 0; + margin-inline-end: .5rem; +} + +.searchform input::-webkit-input-placeholder, +.searchform input::placeholder { + color: rgba( 134, 134, 134, 1 ); + opacity: .666; +} + +.searchform .btn { + display: inline-flex; +} + +.searchhint { + margin-top: 1rem; + height: 1.5rem; +} + +#R-searchresults a.autocomplete-suggestion { + display: block; + font-size: 1.3rem; + font-weight: 500; + line-height: 1.5rem; + padding: 1rem; + text-decoration: none; +} + +#R-searchresults a.autocomplete-suggestion:after { + height: 0; +} + +#R-searchresults .autocomplete-suggestion > .breadcrumbs { + font-size: .9rem; + font-weight: 400; + margin-top: .167em; + padding-left: .2em; + padding-right: .2em; +} + +#R-searchresults .autocomplete-suggestion > .context { + font-size: 1rem; + font-weight: 300; + margin-top: .66em; + padding-left: .1em; + padding-right: .1em; +} + +.badge { + border-radius: 3px; + display: inline-block; + font-size: .8rem; + font-weight: 500; + vertical-align: middle; +} + +.badge > * { + border-radius: 3px; + border-style: solid; + border-width: 1px; + display: inline-block; + padding: 0 .25rem +} + +.badge > .badge-title { + background-color: rgba( 16, 16, 16, 1 ); + border-inline-end: 0; + border-start-end-radius: 0; + border-end-end-radius: 0; + color: rgba( 240, 240, 240, 1 ); + filter: contrast(2); + opacity: .75; +} + +.badge.badge-with-title > .badge-content { + border-start-start-radius: 0; + border-end-start-radius: 0; +} + +.badge-content:after { + /* avoid breakage if no content is given */ + content: "\200b"; +} + +/* task list and its checkboxes */ +article ul > li:has(> input[type="checkbox"]) { + list-style: none; + margin-inline-start: -1rem; +} + +article ul > li:has(> input[type="checkbox"])::before { + content: "\200B"; /* accessibilty for Safari https://developer.mozilla.org/en-US/docs/Web/CSS/list-style */ +} + +/* https://moderncss.dev/pure-css-custom-checkbox-style/ */ +article ul > li > input[type="checkbox"] { + -webkit-appearance: none; + appearance: none; + /* For iOS < 15 */ + border: 0.15em solid currentColor; + border-radius: 0.15em; + display: inline-grid; + font: inherit; + height: 1.15em; + margin: 0; + place-content: center; + transform: translateY(-0.075em); + width: 1.15em; +} + +article ul > li > input[type="checkbox"]::before { + box-shadow: inset 1em 1em var(--INTERNAL-PRIMARY-color); + clip-path: polygon(14% 44%, 0 65%, 50% 100%, 100% 16%, 80% 0%, 43% 62%); + content: ""; + height: 0.65em; + transform: scale(0); + transform-origin: bottom left; + transition: 120ms transform ease-in-out; + width: 0.65em; + /* Windows High Contrast Mode fallback must be last */ + background-color: CanvasText; +} + +article ul > li > input[type="checkbox"]:checked::before { + transform: scale(1); +} + +/* CSS Lightbox https://codepen.io/gschier/pen/kyRXVx */ +.lightbox-back { + align-items: center; + background: rgba( 0, 0, 0, .8 ); + bottom: 0; + display: none; + justify-content: center; + left: 0; + position: fixed; + right: 0; + text-align: center; + top: 0; + white-space: nowrap; + z-index: 1999; +} + +.lightbox-back:target { + display: flex; +} + +.lightbox-back img { + max-height: 95%; + max-width: 95%; + overflow: auto; + padding: min(2vh, 2vw); +} + +/* basic menu list styles (non-collapsible) */ + +#R-sidebar ul > li > :is( a, span ) { + display: block; + position: relative; +} + +#R-sidebar ul.space > li > * { + padding-bottom: .125rem; + padding-top: .125rem; +} +#R-sidebar ul.space > li > ul { + padding-bottom: 0; + padding-top: 0; +} + +#R-sidebar ul.morespace > li > * { + padding-bottom: .25rem; + padding-top: .25rem; +} +#R-sidebar ul.morespace > li > ul { + padding-bottom: 0; + padding-top: 0; +} + +#R-sidebar ul.enlarge > li > :is( a, span ) { + font-size: 1.1rem; + line-height: 2rem; +} +#R-sidebar ul.enlarge > li > a > .read-icon { + margin-top: .5rem; +} +#R-sidebar ul.enlarge > li > ul > li:last-child { + padding-bottom: 1rem; +} + +#R-sidebar ul ul { + padding-inline-start: 1rem; +} + +/* collapsible menu style overrides */ + +#R-sidebar ul.collapsible-menu > li { + position: relative; +} + +#R-sidebar ul.collapsible-menu > li > input { + -webkit-appearance: none; + appearance: none; + cursor: pointer; + display: inline-block; + margin-left: 0; + margin-right: 0; + margin-top: .65rem; + position: absolute; + width: 1rem; + z-index: 1; +} +#R-sidebar ul.collapsible-menu.enlarge > li > input { + margin-top: .9rem; +} + +#R-sidebar ul.collapsible-menu > li > label { + cursor: pointer; + display: inline-block; + inset-inline-start: 0; + margin-bottom: 0; /* nucleus */ + padding-inline-start: .125rem; + position: absolute; + width: 1rem; + z-index: 2; +} +#R-sidebar ul.collapsible-menu.enlarge > li > label { + font-size: 1.1rem; + line-height: 2rem; +} + +#R-sidebar ul.collapsible-menu > li > label:after { + content: ""; + display: block; + height: 1px; + transition: width 0.5s ease; + width: 0%; +} + +#R-sidebar ul.collapsible-menu > li > label:hover:after { + width: 100%; +} + +#R-sidebar ul.collapsible-menu > li > label > .fas { + font-size: .8rem; + width: .6rem; +} + +#R-sidebar ul.collapsible-menu > li > :is( a, span ) { + display: inline-block; + width: 100%; +} + +/* menu states for not(.collapsible-menu) */ + +#R-sidebar ul ul { + display: none; +} + +#R-sidebar ul > li.parent > ul, +#R-sidebar ul > li.active > ul, +#R-sidebar ul > li.alwaysopen > ul { + display: block; +} + +/* closed menu */ + +#R-sidebar ul.collapsible-menu > li > input + label ~ ul { + display: none; +} + +#R-sidebar ul.collapsible-menu > li > input + label > .fa-chevron-down { + display: none; +} +#R-sidebar ul.collapsible-menu > li > input + label > .fa-chevron-right { + display: inline-block; +} + +/* open menu */ + +#R-sidebar ul.collapsible-menu > li > input:checked + label ~ ul { + display: block; +} + +#R-sidebar ul.collapsible-menu > li > input:checked + label > .fa-chevron-down { + display: inline-block; +} +#R-sidebar ul.collapsible-menu > li > input:checked + label > .fa-chevron-right { + display: none; +} + +/* adjust menu for RTL reading direction */ + +html[dir="rtl"] #R-sidebar ul.collapsible-menu > li > label > i.fa-chevron-right { + transform: scaleX(-1); +} + +.columnize{ + column-count: 2; +} +@media screen and (min-width: 79.25rem) { + .columnize{ + column-count: 3; + } +} + +.columnize > *{ + break-inside: avoid-column; +} + +.columnize .breadcrumbs{ + font-size: .859625rem; +} + +#R-body .tab-panel{ + margin-bottom: 1.5rem; + margin-top: 1.5rem; +} + +#R-body .tab-nav{ + display: flex; + flex-wrap: wrap; +} + +#R-body .tab-nav-title{ + font-size: .9rem; + font-weight: 400; + line-height: 1.42857143; + padding: .2rem 0; + margin-inline-start: .6rem; +} + +#R-body .tab-nav-button{ + -webkit-appearance: none; + appearance: none; + background-color: transparent; + border: 1px solid transparent; + display: block; + font-size: .9rem; + font-weight: 300; + line-height: 1.42857143; + margin-inline-start: .6rem; +} + +#R-body .tab-nav-button.active{ + border-radius: 2px 2px 0 0; + cursor: default; +} + +#R-body .tab-nav-button > .tab-nav-text{ + border-bottom-style: solid; + border-bottom-width: .15rem; + display: block; + padding: .2rem .6rem 0 .6rem; +} +/* https://stackoverflow.com/a/46452396 */ +#R-body .tab-nav-button.active > .tab-nav-text{ + border-bottom-color: transparent; + border-radius: 1px 1px 0 0; + text-shadow: -0.06ex 0 0 currentColor, 0.06ex 0 0 currentColor; +} +@supports (-webkit-text-stroke-width: 0.04ex){ + #R-body .tab-nav-button.active > .tab-nav-text{ + text-shadow: -0.03ex 0 0 currentColor, 0.03ex 0 0 currentColor; + -webkit-text-stroke-width: 0.04ex; + } +} + +#R-body .tab-content{ + border-style: solid; + border-width: 1px; + display: none; + /* if setting a border to 1px, a browser instead sets it to 1dppx which is not + usable as a unit yet, so we have to calculate it ourself */ + margin-top: calc( var(--bpx1)*-1px ); + z-index: 10; +} + +#R-body .tab-content.active{ + display: block; +} + +#R-body .tab-content-text{ + padding: 1rem; +} + +/* remove margin if only a single code block is contained in the tab (FF without :has using .codify style) */ +#R-body .tab-content.codify > .tab-content-text{ + padding: 0; +} +#R-body .tab-content-text:has(> div.highlight:only-child){ + padding: 0; +} + +/* remove border from code block if single in tab */ +#R-body .tab-content-text > div.highlight:only-child > div, +#R-body .tab-content-text > div.highlight:only-child pre:not(.mermaid), +#R-body .tab-content-text > pre:not(.mermaid).pre-code:only-child{ + border-width: 0; +} + +/* bordering the menu and topbar */ + +#R-topbar { + border-bottom-style: solid; + border-bottom-width: 1px; +} + +#R-header-topbar { + border-bottom-color: transparent; + border-bottom-style: solid; + border-bottom-width: 1px; + border-inline-end-style: solid; + border-inline-end-width: 1px; + height: 3rem; + position: absolute; + top: 0; + width: 100%; + z-index: 1; +} + +#R-header-wrapper, +#R-homelinks, +#R-content-wrapper > * { + border-inline-end-style: solid; + border-inline-end-width: 1px; +} + +#topics > ul { + margin-top: 1rem; +} + +#R-sidebar ul.collapsible-menu li.active > a{ + border-style: solid; + border-width: 1px; + padding-bottom: calc( .25rem - var(--bpx1)*1px); + padding-left: calc( 1rem - var(--bpx1)*1px); + padding-right: calc( 1rem - var(--bpx1)*1px); + padding-top: calc( .25rem - var(--bpx1)*1px); + width: calc(100% + var(--bpx1)*1px); +} + +#R-menu-footer { + padding-bottom: 1rem; +} + +#R-topics { + padding-top: 1rem; +} + +.term-list ul, +.term-list li { + list-style: none; + display: inline; + padding: 0; +} +.term-list i ~ ul > li:before{ + content: " " +} +.term-list ul > li ~ li:before { + content: " | " +} diff --git a/css/variables.css b/css/variables.css new file mode 100644 index 0000000000..daa3932baf --- /dev/null +++ b/css/variables.css @@ -0,0 +1,116 @@ +:root { + /* initially use section background to avoid flickering on load when a non default variant is active; + this is only possible because every color variant defines this variable, otherwise we would have been lost */ + --INTERNAL-PRIMARY-color: var(--PRIMARY-color, var(--MENU-HEADER-BG-color, rgba( 0, 0, 0, 0 ))); /* not --INTERNAL-MENU-HEADER-BG-color */ + --INTERNAL-SECONDARY-color: var(--SECONDARY-color, var(--MAIN-LINK-color, rgba( 72, 106, 201, 1 ))); /* not --INTERNAL-MAIN-LINK-color */ + --INTERNAL-ACCENT-color: var(--ACCENT-color, rgba( 255, 255, 0, 1 )); + + --INTERNAL-MAIN-TOPBAR-BORDER-color: var(--MAIN-TOPBAR-BORDER-color, transparent); + --INTERNAL-MAIN-LINK-color: var(--MAIN-LINK-color, var(--SECONDARY-color, rgba( 72, 106, 201, 1 ))); /* not --INTERNAL-SECONDARY-color */ + --INTERNAL-MAIN-LINK-HOVER-color: var(--MAIN-LINK-HOVER-color, var(--INTERNAL-MAIN-LINK-color)); + --INTERNAL-MAIN-BG-color: var(--MAIN-BG-color, rgba( 255, 255, 255, 1 )); + + --INTERNAL-MAIN-TEXT-color: var(--MAIN-TEXT-color, rgba( 16, 16, 16, 1 )); + --INTERNAL-MAIN-TITLES-TEXT-color: var(--MAIN-TITLES-TEXT-color, var(--INTERNAL-MAIN-TEXT-color)); + + --INTERNAL-MAIN-TITLES-H1-color: var(--MAIN-TITLES-H1-color, var(--INTERNAL-MAIN-TEXT-color)); + --INTERNAL-MAIN-TITLES-H2-color: var(--MAIN-TITLES-H2-color, var(--INTERNAL-MAIN-TITLES-TEXT-color)); + --INTERNAL-MAIN-TITLES-H3-color: var(--MAIN-TITLES-H3-color, var(--INTERNAL-MAIN-TITLES-H2-color)); + --INTERNAL-MAIN-TITLES-H4-color: var(--MAIN-TITLES-H4-color, var(--INTERNAL-MAIN-TITLES-H3-color)); + --INTERNAL-MAIN-TITLES-H5-color: var(--MAIN-TITLES-H5-color, var(--INTERNAL-MAIN-TITLES-H4-color)); + --INTERNAL-MAIN-TITLES-H6-color: var(--MAIN-TITLES-H6-color, var(--INTERNAL-MAIN-TITLES-H5-color)); + + --INTERNAL-MAIN-font: var(--MAIN-font, "Work Sans", "Helvetica", "Tahoma", "Geneva", "Arial", sans-serif); + --INTERNAL-MAIN-TITLES-TEXT-font: var(--MAIN-TITLES-TEXT-font, var(--INTERNAL-MAIN-font)); + + --INTERNAL-MAIN-TITLES-H1-font: var(--MAIN-TITLES-H1-font, var(--INTERNAL-MAIN-font)); + --INTERNAL-MAIN-TITLES-H2-font: var(--MAIN-TITLES-H2-font, var(--INTERNAL-MAIN-TITLES-TEXT-font)); + --INTERNAL-MAIN-TITLES-H3-font: var(--MAIN-TITLES-H3-font, var(--INTERNAL-MAIN-TITLES-H2-font)); + --INTERNAL-MAIN-TITLES-H4-font: var(--MAIN-TITLES-H4-font, var(--INTERNAL-MAIN-TITLES-H3-font)); + --INTERNAL-MAIN-TITLES-H5-font: var(--MAIN-TITLES-H5-font, var(--INTERNAL-MAIN-TITLES-H4-font)); + --INTERNAL-MAIN-TITLES-H6-font: var(--MAIN-TITLES-H6-font, var(--INTERNAL-MAIN-TITLES-H5-font)); + + --INTERNAL-CODE-theme: var(--CODE-theme, relearn-light); + --INTERNAL-CODE-font: var(--CODE-font, "Consolas", menlo, monospace); + --INTERNAL-CODE-BLOCK-color: var(--CODE-BLOCK-color, var(--MAIN-CODE-color, rgba( 39, 40, 34, 1 ))); + --INTERNAL-CODE-BLOCK-BG-color: var(--CODE-BLOCK-BG-color, var(--MAIN-CODE-BG-color, rgba( 250, 250, 250, 1 ))); + --INTERNAL-CODE-BLOCK-BORDER-color: var(--CODE-BLOCK-BORDER-color, var(--MAIN-CODE-BG-color, var(--INTERNAL-CODE-BLOCK-BG-color))); + --INTERNAL-CODE-INLINE-color: var(--CODE-INLINE-color, rgba( 94, 94, 94, 1 )); + --INTERNAL-CODE-INLINE-BG-color: var(--CODE-INLINE-BG-color, rgba( 255, 250, 233, 1 )); + --INTERNAL-CODE-INLINE-BORDER-color: var(--CODE-INLINE-BORDER-color, rgba( 251, 240, 203, 1 )); + + --INTERNAL-BROWSER-theme: var(--BROWSER-theme, light); + --INTERNAL-MERMAID-theme: var(--CONFIG-MERMAID-theme, var(--MERMAID-theme, var(--INTERNAL-PRINT-MERMAID-theme))); + --INTERNAL-OPENAPI-theme: var(--CONFIG-OPENAPI-theme, var(--OPENAPI-theme, var(--SWAGGER-theme, var(--INTERNAL-PRINT-OPENAPI-theme)))); + --INTERNAL-OPENAPI-CODE-theme: var(--CONFIG-OPENAPI-CODE-theme, var(--OPENAPI-CODE-theme, --INTERNAL-PRINT-OPENAPI-CODE-theme)); + + --INTERNAL-TAG-BG-color: var(--TAG-BG-color, var(--INTERNAL-PRIMARY-color)); + + --INTERNAL-MENU-BORDER-color: var(--MENU-BORDER-color, transparent); + --INTERNAL-MENU-TOPBAR-BORDER-color: var(--MENU-TOPBAR-BORDER-color, var(--INTERNAL-MENU-HEADER-BG-color)); + --INTERNAL-MENU-TOPBAR-SEPARATOR-color: var(--MENU-TOPBAR-SEPARATOR-color, transparent); + --INTERNAL-MENU-HEADER-BG-color: var(--MENU-HEADER-BG-color, var(--PRIMARY-color, rgba( 0, 0, 0, 0 ))); /* not --INTERNAL-PRIMARY-color */ + --INTERNAL-MENU-HEADER-BORDER-color: var(--MENU-HEADER-BORDER-color, var(--INTERNAL-MENU-HEADER-BG-color)); + --INTERNAL-MENU-HEADER-SEPARATOR-color: var(--MENU-HEADER-SEPARATOR-color, var(--INTERNAL-MENU-HEADER-BORDER-color)); + + --INTERNAL-MENU-HOME-LINK-color: var(--MENU-HOME-LINK-color, rgba( 50, 50, 50, 1 )); + --INTERNAL-MENU-HOME-LINK-HOVER-color: var(--MENU-HOME-LINK-HOVER-color, var(--MENU-HOME-LINK-HOVERED-color, rgba( 128, 128, 128, 1 ))); + + --INTERNAL-MENU-SEARCH-color: var(--MENU-SEARCH-color, var(--MENU-SEARCH-BOX-ICONS-color, rgba( 224, 224, 224, 1 ))); + --INTERNAL-MENU-SEARCH-BG-color: var(--MENU-SEARCH-BG-color, rgba( 50, 50, 50, 1 )); + --INTERNAL-MENU-SEARCH-BORDER-color: var(--MENU-SEARCH-BORDER-color, var(--MENU-SEARCH-BOX-color, var(--INTERNAL-MENU-SEARCH-BG-color))); + + --INTERNAL-MENU-SECTIONS-ACTIVE-BG-color: var(--MENU-SECTIONS-ACTIVE-BG-color, rgba( 0, 0, 0, .166 )); + --INTERNAL-MENU-SECTIONS-BG-color: var(--MENU-SECTIONS-BG-color, rgba( 40, 40, 40, 1 )); + --INTERNAL-MENU-SECTIONS-LINK-color: var(--MENU-SECTIONS-LINK-color, rgba( 186, 186, 186, 1 )); + --INTERNAL-MENU-SECTIONS-LINK-HOVER-color: var(--MENU-SECTIONS-LINK-HOVER-color, var(--INTERNAL-MENU-SECTIONS-LINK-color)); + --INTERNAL-MENU-SECTION-ACTIVE-CATEGORY-color: var(--MENU-SECTION-ACTIVE-CATEGORY-color, rgba( 68, 68, 68, 1 )); + --INTERNAL-MENU-SECTION-ACTIVE-CATEGORY-BG-color: var(--MENU-SECTION-ACTIVE-CATEGORY-BG-color, var(--INTERNAL-MAIN-BG-color)); + --INTERNAL-MENU-SECTION-ACTIVE-CATEGORY-BORDER-color: var(--MENU-SECTION-ACTIVE-CATEGORY-BORDER-color, transparent); + + --INTERNAL-MENU-VISITED-color: var(--MENU-VISITED-color, var(--INTERNAL-SECONDARY-color)); + --INTERNAL-MENU-SECTION-SEPARATOR-color: var(--MENU-SECTION-SEPARATOR-color, var(--MENU-SECTION-HR-color, rgba( 96, 96, 96, 1 ))); + + --INTERNAL-BOX-CAPTION-color: var(--BOX-CAPTION-color, rgba( 255, 255, 255, 1 )); + --INTERNAL-BOX-BG-color: var(--BOX-BG-color, rgba( 255, 255, 255, .833 )); + --INTERNAL-BOX-TEXT-color: var(--BOX-TEXT-color, var(--INTERNAL-MAIN-TEXT-color)); + + --INTERNAL-BOX-BLUE-color: var(--BOX-BLUE-color, rgba( 48, 117, 229, 1 )); + --INTERNAL-BOX-GREEN-color: var(--BOX-GREEN-color, rgba( 42, 178, 24, 1 )); + --INTERNAL-BOX-GREY-color: var(--BOX-GREY-color, rgba( 160, 160, 160, 1 )); + --INTERNAL-BOX-ORANGE-color: var(--BOX-ORANGE-color, rgba( 237, 153, 9, 1 )); + --INTERNAL-BOX-RED-color: var(--BOX-RED-color, rgba( 224, 62, 62, 1 )); + + --INTERNAL-BOX-INFO-color: var(--BOX-INFO-color, var(--INTERNAL-BOX-BLUE-color)); + --INTERNAL-BOX-NEUTRAL-color: var(--BOX-NEUTRAL-color, var(--INTERNAL-BOX-GREY-color)); + --INTERNAL-BOX-NOTE-color: var(--BOX-NOTE-color, var(--INTERNAL-BOX-ORANGE-color)); + --INTERNAL-BOX-TIP-color: var(--BOX-TIP-color, var(--INTERNAL-BOX-GREEN-color)); + --INTERNAL-BOX-WARNING-color: var(--BOX-WARNING-color, var(--INTERNAL-BOX-RED-color)); + + --INTERNAL-BOX-BLUE-TEXT-color: var(--BOX-BLUE-TEXT-color, var(--INTERNAL-BOX-TEXT-color)); + --INTERNAL-BOX-GREEN-TEXT-color: var(--BOX-GREEN-TEXT-color, var(--INTERNAL-BOX-TEXT-color)); + --INTERNAL-BOX-GREY-TEXT-color: var(--BOX-GREY-TEXT-color, var(--INTERNAL-BOX-TEXT-color)); + --INTERNAL-BOX-ORANGE-TEXT-color: var(--BOX-ORANGE-TEXT-color, var(--INTERNAL-BOX-TEXT-color)); + --INTERNAL-BOX-RED-TEXT-color: var(--BOX-RED-TEXT-color, var(--INTERNAL-BOX-TEXT-color)); + + --INTERNAL-BOX-INFO-TEXT-color: var(--BOX-INFO-TEXT-color, var(--INTERNAL-BOX-BLUE-TEXT-color)); + --INTERNAL-BOX-NEUTRAL-TEXT-color: var(--BOX-NEUTRAL-TEXT-color, var(--INTERNAL-BOX-GREY-TEXT-color)); + --INTERNAL-BOX-NOTE-TEXT-color: var(--BOX-NOTE-TEXT-color, var(--INTERNAL-BOX-ORANGE-TEXT-color)); + --INTERNAL-BOX-TIP-TEXT-color: var(--BOX-TIP-TEXT-color, var(--INTERNAL-BOX-GREEN-TEXT-color)); + --INTERNAL-BOX-WARNING-TEXT-color: var(--BOX-WARNING-TEXT-color, var(--INTERNAL-BOX-RED-TEXT-color)); + + /* print style, values taken from relearn-light as it is used as a default print style */ + --INTERNAL-PRINT-MAIN-BG-color: var(--PRINT-MAIN-BG-color, rgba( 255, 255, 255, 1 )); + --INTERNAL-PRINT-CODE-font: var(--PRINT-CODE-font, "Consolas", menlo, monospace); + --INTERNAL-PRINT-TAG-BG-color: var(--PRINT-TAG-BG-color, rgba( 125, 201, 3, 1 )); + --INTERNAL-PRINT-MAIN-font: var(--PRINT-MAIN-font, "Work Sans", "Helvetica", "Tahoma", "Geneva", "Arial", sans-serif); + --INTERNAL-PRINT-MAIN-TEXT-color: var(--PRINT-MAIN-TEXT-color, rgba( 16, 16, 16, 1 )); + --INTERNAL-PRINT-MERMAID-theme: var(--PRINT-MERMAID-theme, default); + --INTERNAL-PRINT-OPENAPI-theme: var(--PRINT-OPENAPI-theme, var(--PRINT-SWAGGER-theme, light)); + --INTERNAL-PRINT-OPENAPI-CODE-theme: var(--PRINT-OPENAPI-CODE-theme, idea); + + --INTERNAL-MENU-WIDTH-S: var(--MENU-WIDTH-S, 14.375rem); + --INTERNAL-MENU-WIDTH-M: var(--MENU-WIDTH-M, 14.375rem); + --INTERNAL-MENU-WIDTH-L: var(--MENU-WIDTH-L, 18.75rem); + --INTERNAL-MAIN-WIDTH-MAX: var(--MAIN-WIDTH-MAX, 81.25rem); +} diff --git a/css/variant.css b/css/variant.css new file mode 100644 index 0000000000..4482085259 --- /dev/null +++ b/css/variant.css @@ -0,0 +1,515 @@ +@import "variables.css?1732196118"; + +html { + color-scheme: only var(--INTERNAL-BROWSER-theme); +} + +body { + background-color: var(--INTERNAL-MAIN-BG-color); + color: var(--INTERNAL-MAIN-TEXT-color); + font-family: var(--INTERNAL-MAIN-font); +} + +a, +.anchor, +.topbar-button button, +#R-searchresults .autocomplete-suggestion { + color: var(--INTERNAL-MAIN-LINK-color); +} + +a:hover, +a:active, +a:focus, +.anchor:hover, +.anchor:active, +.anchor:focus, +.topbar-button button:hover, +.topbar-button button:active, +.topbar-button button:focus{ + color: var(--INTERNAL-MAIN-LINK-HOVER-color); +} + +#R-sidebar { + background: var(--INTERNAL-MENU-SECTIONS-BG-color); +} + +#R-header-wrapper { + background-color: var(--INTERNAL-MENU-HEADER-BG-color); + color: var(--INTERNAL-MENU-SEARCH-color); +} + +.searchbox { + border-color: var(--INTERNAL-MENU-SEARCH-BORDER-color); + background-color: var(--INTERNAL-MENU-SEARCH-BG-color); +} + +#R-sidebar .searchbox > :first-child, +#R-sidebar .searchbox > :last-child { + color: var(--INTERNAL-MENU-SEARCH-color); +} + +.searchbox input::-webkit-input-placeholder, +.searchbox input::placeholder { + color: var(--INTERNAL-MENU-SEARCH-color); +} + +#R-sidebar .collapsible-menu label, +#R-sidebar .menu-control, +#R-sidebar :is( a, span ) { + color: var(--INTERNAL-MENU-SECTIONS-LINK-color); +} + +#R-sidebar select:hover, +#R-sidebar .collapsible-menu li:not(.active) > label:hover, +#R-sidebar .menu-control:hover, +#R-sidebar a:hover { + color: var(--INTERNAL-MENU-SECTIONS-LINK-HOVER-color); +} + +#R-sidebar ul.enlarge > li.parent, +#R-sidebar ul.enlarge > li.active { + background-color: var(--INTERNAL-MENU-SECTIONS-ACTIVE-BG-color); +} + +#R-sidebar li.active > label, +#R-sidebar li.active > a { + color: var(--INTERNAL-MENU-SECTION-ACTIVE-CATEGORY-color); +} + +#R-sidebar li.active > a { + background-color: var(--INTERNAL-MENU-SECTION-ACTIVE-CATEGORY-BG-color); +} + +#R-sidebar ul li > a .read-icon { + color: var(--INTERNAL-MENU-VISITED-color); +} + +#R-sidebar .nav-title { + color: var(--INTERNAL-MENU-SECTIONS-LINK-color); +} + +#R-content-wrapper hr { + border-color: var(--INTERNAL-MENU-SECTION-SEPARATOR-color); +} + +#R-footer { + color: var(--INTERNAL-MENU-SECTIONS-LINK-color); +} + +mark { + background-image: linear-gradient( + to right, + color-mix( in srgb, var(--INTERNAL-ACCENT-color) 20%, transparent ), + color-mix( in srgb, var(--INTERNAL-ACCENT-color) 90%, transparent ) 4%, + color-mix( in srgb, var(--INTERNAL-ACCENT-color) 40%, transparent ) + ); +} + +kbd { + color: var(--INTERNAL-TEXT-color); + font-family: var(--INTERNAL-CODE-font); +} + +h1 { + color: var(--INTERNAL-MAIN-TITLES-H1-color); + font-family: var(--INTERNAL-MAIN-TITLES-H1-font); +} + +h2 { + color: var(--INTERNAL-MAIN-TITLES-H2-color); + font-family: var(--INTERNAL-MAIN-TITLES-H2-font); +} + +h3, .article-subheading { + color: var(--INTERNAL-MAIN-TITLES-H3-color); + font-family: var(--INTERNAL-MAIN-TITLES-H3-font); +} + +h4 { + color: var(--INTERNAL-MAIN-TITLES-H4-color); + font-family: var(--INTERNAL-MAIN-TITLES-H4-font); +} + +h5 { + color: var(--INTERNAL-MAIN-TITLES-H5-color); + font-family: var(--INTERNAL-MAIN-TITLES-H5-font); +} + +h6 { + color: var(--INTERNAL-MAIN-TITLES-H6-color); + font-family: var(--INTERNAL-MAIN-TITLES-H6-font); +} + +div.box { + background-color: var(--VARIABLE-BOX-color); + border-color: var(--VARIABLE-BOX-color); +} + +div.box > .box-label { + color: var(--VARIABLE-BOX-CAPTION-color); +} + +div.box > .box-content { + background-color: var(--VARIABLE-BOX-BG-color); + color: var(--VARIABLE-BOX-TEXT-color); +} + +.cstyle.info { + --VARIABLE-BOX-color: var(--INTERNAL-BOX-INFO-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-BOX-INFO-TEXT-color); +} + +.cstyle.warning { + --VARIABLE-BOX-color: var(--INTERNAL-BOX-WARNING-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-BOX-WARNING-TEXT-color); +} + +.cstyle.note { + --VARIABLE-BOX-color: var(--INTERNAL-BOX-NOTE-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-BOX-NOTE-TEXT-color); +} + +.cstyle.tip { + --VARIABLE-BOX-color: var(--INTERNAL-BOX-TIP-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-BOX-TIP-TEXT-color); +} + +.cstyle.primary { + --VARIABLE-BOX-color: var(--INTERNAL-PRIMARY-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-MAIN-TEXT-color); +} + +.cstyle.secondary { + --VARIABLE-BOX-color: var(--INTERNAL-SECONDARY-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-MAIN-TEXT-color); +} + +.cstyle.accent { + --VARIABLE-BOX-color: var(--INTERNAL-ACCENT-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-MAIN-TEXT-color); +} + +.cstyle.blue { + --VARIABLE-BOX-color: var(--INTERNAL-BOX-BLUE-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-BOX-BLUE-TEXT-color); +} + +.cstyle.green { + --VARIABLE-BOX-color: var(--INTERNAL-BOX-GREEN-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-BOX-GREEN-TEXT-color); +} + +.cstyle.grey { + --VARIABLE-BOX-color: var(--INTERNAL-BOX-GREY-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-BOX-GREY-TEXT-color); +} + +.cstyle.orange { + --VARIABLE-BOX-color: var(--INTERNAL-BOX-ORANGE-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-BOX-ORANGE-TEXT-color); +} + +.cstyle.red { + --VARIABLE-BOX-color: var(--INTERNAL-BOX-RED-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-BOX-RED-TEXT-color); +} + +.cstyle.code { + --VARIABLE-BOX-color: var(--INTERNAL-CODE-BLOCK-BORDER-color); + --VARIABLE-BOX-CAPTION-color: var(--INTERNAL-CODE-BLOCK-color); + --VARIABLE-BOX-BG-color: var(--INTERNAL-CODE-BLOCK-BG-color); + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-CODE-BLOCK-color); +} + +.cstyle.transparent { + --VARIABLE-BOX-color: transparent; + --VARIABLE-BOX-CAPTION-color: var(--INTERNAL-MAIN-TITLES-TEXT-color); + --VARIABLE-BOX-BG-color: transparent; + --VARIABLE-BOX-TEXT-color: var(--INTERNAL-MAIN-TEXT-color); +} + +code, +kbd, +pre:not(.mermaid), +samp { + font-family: var(--INTERNAL-CODE-font); +} + +code { + background-color: var(--INTERNAL-CODE-INLINE-BG-color); + border-color: var(--INTERNAL-CODE-INLINE-BORDER-color); + color: var(--INTERNAL-CODE-INLINE-color); +} + +pre:not(.mermaid) { + background-color: var(--INTERNAL-CODE-BLOCK-BG-color); + border-color: var(--INTERNAL-CODE-BLOCK-BORDER-color); + color: var(--INTERNAL-CODE-BLOCK-color); +} + +div.highlight > div { + background-color: var(--INTERNAL-CODE-BLOCK-BG-color); + border-color: var(--INTERNAL-CODE-BLOCK-BORDER-color); +} + +table { + background-color: var(--INTERNAL-MAIN-BG-color); +} + +.lightbox-back img{ + background-color: var(--INTERNAL-MAIN-BG-color); +} + +#R-topbar { + background-color: var(--INTERNAL-MAIN-BG-color); +} + +.topbar-sidebar-divider { + border-inline-start-color: var(--INTERNAL-MENU-TOPBAR-SEPARATOR-color); +} +@media screen and (max-width: 47.999rem) { + .topbar-sidebar-divider { + border-inline-start-color: transparent; + } +} + +#R-body a[aria-disabled="true"], +#R-searchresults .autocomplete-suggestion > .context { + color: var(--INTERNAL-MAIN-TEXT-color); +} + +#R-searchresults .autocomplete-suggestion > .breadcrumbs { + color: var(--INTERNAL-PRIMARY-color); +} + +.copy-to-clipboard-button { + background-color: var(--INTERNAL-CODE-INLINE-BG-color); + border-color: var(--INTERNAL-CODE-INLINE-BORDER-color); + color: var(--INTERNAL-CODE-INLINE-color); + font-family: var(--INTERNAL-CODE-font); +} + +.copy-to-clipboard-button:hover { + background-color: var(--INTERNAL-CODE-INLINE-color); + color: var(--INTERNAL-CODE-INLINE-BG-color); +} + +div.highlight > div table + .copy-to-clipboard-button, +div.highlight pre:not(.mermaid) + .copy-to-clipboard-button, +pre:not(.mermaid) .copy-to-clipboard-button { + border-color: transparent; + color: var(--INTERNAL-MAIN-LINK-color); +} + +div.highlight > div table + .copy-to-clipboard-button:hover, +div.highlight pre:not(.mermaid) + .copy-to-clipboard-button:hover, +pre:not(.mermaid) .copy-to-clipboard-button:hover { + background-color: var(--INTERNAL-MAIN-LINK-color); + border-color: var(--INTERNAL-MAIN-LINK-color); + color: var(--INTERNAL-CODE-BLOCK-BG-color); +} + +.expand > label { + color: var(--INTERNAL-MAIN-LINK-color); +} + +.expand > label:hover, +.expand > label:active, +.expand > label:focus, +.expand > input:hover + label, +.expand > input:active + label, +.expand > input:focus + label{ + color: var(--INTERNAL-MAIN-LINK-HOVER-color); +} + +.svg-reset-button { + border-color: transparent; + color: var(--INTERNAL-MAIN-LINK-color); +} +.svg-reset-button:hover { + background-color: var(--INTERNAL-MAIN-LINK-color); + border-color: var(--INTERNAL-MAIN-LINK-color); + color: var(--INTERNAL-MAIN-BG-color); +} + +#R-homelinks { + background-color: var(--INTERNAL-MENU-HEADER-BORDER-color); +} + +#R-homelinks a { + color: var(--INTERNAL-MENU-HOME-LINK-color); +} + +#R-homelinks a:hover { + color: var(--INTERNAL-MENU-HOME-LINK-HOVER-color); +} + +#R-homelinks hr { + border-color: var(--INTERNAL-MENU-HEADER-SEPARATOR-color); +} + +.topbar-content { + background-color: var(--INTERNAL-MAIN-BG-color); +} + +.btn { + background-color: var(--VARIABLE-BOX-color); +} + +.btn > * { + border-color: var(--VARIABLE-BOX-color); + color: var(--VARIABLE-BOX-CAPTION-color); +} + +.btn.interactive > *:hover, +.btn.interactive > *:active, +.btn.interactive > *:focus { + background-color: var(--VARIABLE-BOX-BG-color); + color: var(--VARIABLE-BOX-TEXT-color); +} + +.btn.cstyle.transparent { + --VARIABLE-BOX-BG-color: var(--INTERNAL-BOX-BG-color); +} + +.btn.cstyle.interactive.transparent:hover, +.btn.cstyle.interactive.transparent:focus, +.btn.cstyle.interactive.transparent:active, +.btn.cstyle.interactive.transparent:has(a:hover), +.btn.cstyle.interactive.transparent:has(a:focus), +.btn.cstyle.interactive.transparent:has(a:active) { + background-color: var(--INTERNAL-BOX-NEUTRAL-color); +} + +.btn.cstyle.transparent > * { + --VARIABLE-BOX-color: var(--INTERNAL-BOX-NEUTRAL-color); + --VARIABLE-BOX-TEXT-color: var(--VARIABLE-BOX-CAPTION-color); +} + +#R-body .tags { + --VARIABLE-TAGS-color: var(--INTERNAL-MAIN-BG-color); + --VARIABLE-TAGS-BG-color: var(--VARIABLE-BOX-color); +} + +#R-body .tags a.term-link { + background-color: var(--VARIABLE-TAGS-BG-color); + color: var(--VARIABLE-TAGS-color); +} + +#R-body .tags a.term-link:before { + border-right-color: var(--VARIABLE-TAGS-BG-color); +} + +#R-body .tags a.term-link:after { + background-color: var(--VARIABLE-TAGS-color); +} + +.badge > * { + border-color: var(--VARIABLE-BOX-TEXT-color); +} + +.badge > .badge-content { + background-color: var(--VARIABLE-BOX-color); + color: var(--VARIABLE-BOX-CAPTION-color); +} + +.badge.cstyle.transparent{ + --VARIABLE-BOX-BG-color: var(--INTERNAL-BOX-BG-color); +} + +article ul > li > input[type="checkbox"] { + background-color: var(--INTERNAL-MAIN-BG-color); /* box background */ + color: var(--INTERNAL-MAIN-TEXT-color); +} + +#R-body .tab-nav-button { + color: var(--INTERNAL-MAIN-LINK-color); +} +#R-body .tab-nav-button:not(.active):hover, +#R-body .tab-nav-button:not(.active):active, +#R-body .tab-nav-button:not(.active):focus { + color: var(--INTERNAL-MAIN-LINK-HOVER-color); +} + +#R-body .tab-nav-button.active { + background-color: var(--VARIABLE-BOX-color); + border-bottom-color: var(--VARIABLE-BOX-BG-color); + color: var(--VARIABLE-BOX-TEXT-color); +} + +#R-body .tab-nav-button > .tab-nav-text{ + border-bottom-color: var(--VARIABLE-BOX-color); +} +#R-body .tab-nav-button.active > .tab-nav-text{ + background-color: var(--VARIABLE-BOX-BG-color); +} +#R-body .tab-nav-button:not(.active):hover > .tab-nav-text, +#R-body .tab-nav-button:not(.active):active > .tab-nav-text, +#R-body .tab-nav-button:not(.active):focus > .tab-nav-text { + border-bottom-color: var(--INTERNAL-MAIN-LINK-HOVER-color); +} + +#R-body .tab-content{ + background-color: var(--VARIABLE-BOX-color); + border-color: var(--VARIABLE-BOX-color); +} + +#R-body .tab-content-text{ + background-color: var(--VARIABLE-BOX-BG-color); + color: var(--VARIABLE-BOX-TEXT-color); +} + +.tab-panel-style.cstyle.initial, +.tab-panel-style.cstyle.default { + --VARIABLE-BOX-BG-color: var(--INTERNAL-MAIN-BG-color); +} + +.tab-panel-style.cstyle.transparent { + --VARIABLE-BOX-color: rgba( 134, 134, 134, .4 ); + --VARIABLE-BOX-BG-color: transparent; +} + +#R-body .tab-panel-style.cstyle.initial.tab-nav-button.active, +#R-body .tab-panel-style.cstyle.default.tab-nav-button.active, +#R-body .tab-panel-style.cstyle.transparent.tab-nav-button.active{ + background-color: var(--VARIABLE-BOX-BG-color); + border-left-color: var(--VARIABLE-BOX-color); + border-right-color: var(--VARIABLE-BOX-color); + border-top-color: var(--VARIABLE-BOX-color); +} + +#R-body .tab-panel-style.cstyle.code.tab-nav-button:not(.active){ + --VARIABLE-BOX-color: var(--INTERNAL-BOX-NEUTRAL-color); +} + +#R-body .tab-panel-style.cstyle.initial.tab-content, +#R-body .tab-panel-style.cstyle.default.tab-content, +#R-body .tab-panel-style.cstyle.transparent.tab-content{ + background-color: var(--VARIABLE-BOX-BG-color); +} + +#R-topbar { + border-bottom-color: var(--INTERNAL-MAIN-TOPBAR-BORDER-color); +} + +#R-header-topbar { + border-inline-end-color: var(--INTERNAL-MENU-TOPBAR-BORDER-color); +} +@media screen and (max-width: 47.999rem) { + .mobile-support #R-header-topbar { + border-inline-end-color: var(--INTERNAL-MENU-BORDER-color); + } +} + +#R-header-wrapper, +#R-homelinks, +#R-content-wrapper > * { + border-inline-end-color: var(--INTERNAL-MENU-BORDER-color); +} + +#R-sidebar ul.collapsible-menu li.active > a{ + border-bottom-color: var(--INTERNAL-MENU-BORDER-color); + border-top-color: var(--INTERNAL-MENU-BORDER-color); + border-inline-start-color: var(--INTERNAL-MENU-BORDER-color); + border-inline-end-color: var(--INTERNAL-MENU-SECTION-ACTIVE-CATEGORY-BORDER-color); +} diff --git a/dns/acme-dns/index.html b/dns/acme-dns/index.html new file mode 100644 index 0000000000..617ccf3d81 --- /dev/null +++ b/dns/acme-dns/index.html @@ -0,0 +1,407 @@ + + +
+ + + + + + + + + + + + + + + + + + + + + + + +Configuration for Joohoi’s ACME-DNS.
+acme-dns
Here is an example bash command using the Joohoi’s ACME-DNS provider:
+ACME_DNS_API_BASE=http://10.0.0.8:4443 \
+ACME_DNS_STORAGE_PATH=/root/.lego-acme-dns-accounts.json \
+lego --email you@example.com --dns "acme-dns" -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
ACME_DNS_API_BASE |
+The ACME-DNS API address | +
ACME_DNS_STORAGE_PATH |
+The ACME-DNS JSON account data file. A per-domain account will be registered/persisted to this file and used for TXT updates. | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Alibaba Cloud DNS.
+alidns
Here is an example bash command using the Alibaba Cloud DNS provider:
+# Setup using instance RAM role
+ALICLOUD_RAM_ROLE=lego \
+lego --email you@example.com --dns alidns -d '*.example.com' -d example.com run
+
+# Or, using credentials
+ALICLOUD_ACCESS_KEY=abcdefghijklmnopqrstuvwx \
+ALICLOUD_SECRET_KEY=your-secret-key \
+ALICLOUD_SECURITY_TOKEN=your-sts-token \
+lego --email you@example.com --dns alidns - -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
ALICLOUD_ACCESS_KEY |
+Access key ID | +
ALICLOUD_RAM_ROLE |
+Your instance RAM role (https://www.alibabacloud.com/help/doc-detail/54579.htm) | +
ALICLOUD_SECRET_KEY |
+Access Key secret | +
ALICLOUD_SECURITY_TOKEN |
+STS Security Token (optional) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
ALICLOUD_HTTP_TIMEOUT |
+API request timeout | +
ALICLOUD_POLLING_INTERVAL |
+Time between DNS propagation check | +
ALICLOUD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
ALICLOUD_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for all-inkl.
+allinkl
Here is an example bash command using the all-inkl provider:
+ALL_INKL_LOGIN=xxxxxxxxxxxxxxxxxxxxxxxxxx \
+ALL_INKL_PASSWORD=yyyyyyyyyyyyyyyyyyyyyyyyyy \
+lego --email you@example.com --dns allinkl -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
ALL_INKL_LOGIN |
+KAS login | +
ALL_INKL_PASSWORD |
+KAS password | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
ALL_INKL_HTTP_TIMEOUT |
+API request timeout | +
ALL_INKL_POLLING_INTERVAL |
+Time between DNS propagation check | +
ALL_INKL_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for ArvanCloud.
+arvancloud
Here is an example bash command using the ArvanCloud provider:
+ARVANCLOUD_API_KEY="Apikey xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" \
+lego --email you@example.com --dns arvancloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
ARVANCLOUD_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
ARVANCLOUD_HTTP_TIMEOUT |
+API request timeout | +
ARVANCLOUD_POLLING_INTERVAL |
+Time between DNS propagation check | +
ARVANCLOUD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
ARVANCLOUD_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Aurora DNS.
+auroradns
Here is an example bash command using the Aurora DNS provider:
+AURORA_API_KEY=xxxxx \
+AURORA_SECRET=yyyyyy \
+lego --email you@example.com --dns auroradns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
AURORA_API_KEY |
+API key or username to used | +
AURORA_SECRET |
+Secret password to be used | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
AURORA_ENDPOINT |
+API endpoint URL | +
AURORA_POLLING_INTERVAL |
+Time between DNS propagation check | +
AURORA_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
AURORA_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Autodns.
+autodns
Here is an example bash command using the Autodns provider:
+AUTODNS_API_USER=username \
+AUTODNS_API_PASSWORD=supersecretpassword \
+lego --email you@example.com --dns autodns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
AUTODNS_API_PASSWORD |
+User Password | +
AUTODNS_API_USER |
+Username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
AUTODNS_CONTEXT |
+API context (4 for production, 1 for testing. Defaults to 4) | +
AUTODNS_ENDPOINT |
+API endpoint URL, defaults to https://api.autodns.com/v1/ | +
AUTODNS_HTTP_TIMEOUT |
+API request timeout, defaults to 30 seconds | +
AUTODNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
AUTODNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
AUTODNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Azure (deprecated).
+azure
Please contribute by adding a CLI example.
+Environment Variable Name | +Description | +
---|---|
AZURE_CLIENT_ID |
+Client ID | +
AZURE_CLIENT_SECRET |
+Client secret | +
AZURE_ENVIRONMENT |
+Azure environment, one of: public, usgovernment, german, and china | +
AZURE_RESOURCE_GROUP |
+Resource group | +
AZURE_SUBSCRIPTION_ID |
+Subscription ID | +
AZURE_TENANT_ID |
+Tenant ID | +
instance metadata service |
+If the credentials are not set via the environment, then it will attempt to get a bearer token via the instance metadata service. | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
AZURE_METADATA_ENDPOINT |
+Metadata Service endpoint URL | +
AZURE_POLLING_INTERVAL |
+Time between DNS propagation check | +
AZURE_PRIVATE_ZONE |
+Set to true to use Azure Private DNS Zones and not public | +
AZURE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
AZURE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
AZURE_ZONE_NAME |
+Zone name to use inside Azure DNS service to add the TXT record in | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Azure DNS.
+azuredns
Here is an example bash command using the Azure DNS provider:
+### Using client secret
+
+AZURE_CLIENT_ID=<your service principal client ID> \
+AZURE_TENANT_ID=<your service principal tenant ID> \
+AZURE_CLIENT_SECRET=<your service principal client secret> \
+lego --email you@example.com --dns azuredns -d '*.example.com' -d example.com run
+
+### Using client certificate
+
+AZURE_CLIENT_ID=<your service principal client ID> \
+AZURE_TENANT_ID=<your service principal tenant ID> \
+AZURE_CLIENT_CERTIFICATE_PATH=<your service principal certificate path> \
+lego --email you@example.com --dns azuredns -d '*.example.com' -d example.com run
+
+### Using Azure CLI
+
+az login \
+lego --email you@example.com --dns azuredns -d '*.example.com' -d example.com run
+
+### Using Managed Identity (Azure VM)
+
+AZURE_TENANT_ID=<your service principal tenant ID> \
+AZURE_RESOURCE_GROUP=<your target zone resource group name> \
+lego --email you@example.com --dns azuredns -d '*.example.com' -d example.com run
+
+### Using Managed Identity (Azure Arc)
+
+AZURE_TENANT_ID=<your service principal tenant ID> \
+IMDS_ENDPOINT=http://localhost:40342 \
+IDENTITY_ENDPOINT=http://localhost:40342/metadata/identity/oauth2/token \
+lego --email you@example.com --dns azuredns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
AZURE_CLIENT_CERTIFICATE_PATH |
+Client certificate path | +
AZURE_CLIENT_ID |
+Client ID | +
AZURE_CLIENT_SECRET |
+Client secret | +
AZURE_TENANT_ID |
+Tenant ID | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
AZURE_AUTH_METHOD |
+Specify which authentication method to use | +
AZURE_AUTH_MSI_TIMEOUT |
+Managed Identity timeout duration | +
AZURE_ENVIRONMENT |
+Azure environment, one of: public, usgovernment, and china | +
AZURE_POLLING_INTERVAL |
+Time between DNS propagation check | +
AZURE_PRIVATE_ZONE |
+Set to true to use Azure Private DNS Zones and not public | +
AZURE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
AZURE_RESOURCE_GROUP |
+DNS zone resource group | +
AZURE_SERVICEDISCOVERY_FILTER |
+Advanced ServiceDiscovery filter using Kusto query condition | +
AZURE_SUBSCRIPTION_ID |
+DNS zone subscription ID | +
AZURE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
AZURE_ZONE_NAME |
+Zone name to use inside Azure DNS service to add the TXT record in | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Several authentication methods can be used to authenticate against Azure DNS API.
+Default Azure Credentials automatically detects in the following locations and prioritized in the following order:
+AZURE_CLIENT_ID
, AZURE_TENANT_ID
, AZURE_CLIENT_SECRET
AZURE_CLIENT_ID
, AZURE_TENANT_ID
, AZURE_CLIENT_CERTIFICATE_PATH
~/.azure
folder), used by Azure CLILink:
+ +Lego automatically finds all visible Azure (private) DNS zones using Azure ResourceGraph query.
+This can be limited by specifying environment variable AZURE_SUBSCRIPTION_ID
and/or AZURE_RESOURCE_GROUP
which limits the
+DNS zones to only a subscription or to one resourceGroup.
Additionally environment variable AZURE_SERVICEDISCOVERY_FILTER
can be used to filter DNS zones with an addition Kusto filter eg:
resources
+| where type =~ "microsoft.network/dnszones"
+| ${AZURE_SERVICEDISCOVERY_FILTER}
+| project subscriptionId, resourceGroup, name
The Azure Credentials can be configured using the following environment variables:
+This authentication method can be specifically used by setting the AZURE_AUTH_METHOD
environment variable to env
.
The Azure Credentials can be configured using the following environment variables:
+This authentication method can be specifically used by setting the AZURE_AUTH_METHOD
environment variable to env
.
Workload identity allows workloads running Azure Kubernetes Services (AKS) clusters to authenticate as an Azure AD application identity using federated credentials.
+This must be configured in kubernetes workload deployment in one hand and on the Azure AD application registration in the other hand.
+Here is a summary of the steps to follow to use it :
+ServiceAccount
resource, add following annotations to reference the targeted Azure AD application registration : azure.workload.identity/client-id
and azure.workload.identity/tenant-id
.Deployment
resource you must reference the previous ServiceAccount
and add the following label : azure.workload.identity/use: "true"
.Kubernetes accessing Azure resources
, add the cluster issuer URL and add the namespace and name of your kubernetes service account.Link :
+ +This authentication method can be specifically used by setting the AZURE_AUTH_METHOD
environment variable to wli
.
The Azure Managed Identity service allows linking Azure AD identities to Azure resources, without needing to manually manage client IDs and secrets.
+Workloads with a Managed Identity can manage their own certificates, with permissions on specific domain names set using IAM assignments.
+For this to work, the Managed Identity requires the Reader role on the target DNS Zone,
+and the DNS Zone Contributor on the relevant _acme-challenge
TXT records.
For example, to allow a Managed Identity to create a certificate for “fw01.lab.example.com”, using Azure CLI:
+export AZURE_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
+export AZURE_RESOURCE_GROUP="rg1"
+export SERVICE_PRINCIPAL_ID="00000000-0000-0000-0000-000000000000"
+
+export AZURE_DNS_ZONE="lab.example.com"
+export AZ_HOSTNAME="fw01"
+export AZ_RECORD_SET="_acme-challenge.${AZ_HOSTNAME}"
+
+az role assignment create \
+--assignee "${SERVICE_PRINCIPAL_ID}" \
+--role "Reader" \
+--scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${AZURE_RESOURCE_GROUP}/providers/Microsoft.Network/dnszones/${AZURE_DNS_ZONE}"
+
+az role assignment create \
+--assignee "${SERVICE_PRINCIPAL_ID}" \
+--role "DNS Zone Contributor" \
+--scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${AZURE_RESOURCE_GROUP}/providers/Microsoft.Network/dnszones/${AZURE_DNS_ZONE}/TXT/${AZ_RECORD_SET}"
A timeout wrapper is configured for this authentication method.
+The duration can be configured by setting the AZURE_AUTH_MSI_TIMEOUT
.
+The default timeout is 2 seconds.
+This authentication method can be specifically used by setting the AZURE_AUTH_METHOD
environment variable to msi
.
The Azure Arc agent provides the ability to use a Managed Identity on resources hosted outside of Azure +(such as on-prem virtual machines, or VMs in another cloud provider).
+While the upstream azidentity
SDK will try to automatically identify and use the Azure Arc metadata service,
+if you get azuredns: DefaultAzureCredential: failed to acquire a token.
error messages,
+you may need to set the environment variables:
IMDS_ENDPOINT=http://localhost:40342
IDENTITY_ENDPOINT=http://localhost:40342/metadata/identity/oauth2/token
A timeout wrapper is configured for this authentication method.
+The duration can be configured by setting the AZURE_AUTH_MSI_TIMEOUT
.
+The default timeout is 2 seconds.
+This authentication method can be specifically used by setting the AZURE_AUTH_METHOD
environment variable to msi
.
The Azure CLI is a command-line tool provided by Microsoft to interact with Azure resources.
+It provides an easy way to authenticate by simply running az login
command.
+The generated token will be cached by default in the ~/.azure
folder.
This authentication method can be specifically used by setting the AZURE_AUTH_METHOD
environment variable to cli
.
Open ID Connect is a mechanism that establish a trust relationship between a running environment and the Azure AD identity provider.
+It can be enabled by setting the AZURE_AUTH_METHOD
environment variable to oidc
.
Configuration for Bindman.
+bindman
Here is an example bash command using the Bindman provider:
+BINDMAN_MANAGER_ADDRESS=<your bindman manager address> \
+lego --email you@example.com --dns bindman -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
BINDMAN_MANAGER_ADDRESS |
+The server URL, should have scheme, hostname, and port (if required) of the Bindman-DNS Manager server | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
BINDMAN_HTTP_TIMEOUT |
+API request timeout | +
BINDMAN_POLLING_INTERVAL |
+Time between DNS propagation check | +
BINDMAN_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Bluecat.
+bluecat
Here is an example bash command using the Bluecat provider:
+BLUECAT_PASSWORD=mypassword \
+BLUECAT_DNS_VIEW=myview \
+BLUECAT_USER_NAME=myusername \
+BLUECAT_CONFIG_NAME=myconfig \
+BLUECAT_SERVER_URL=https://bam.example.com \
+BLUECAT_TTL=30 \
+lego --email you@example.com --dns bluecat -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
BLUECAT_CONFIG_NAME |
+Configuration name | +
BLUECAT_DNS_VIEW |
+External DNS View Name | +
BLUECAT_PASSWORD |
+API password | +
BLUECAT_SERVER_URL |
+The server URL, should have scheme, hostname, and port (if required) of the authoritative Bluecat BAM serve | +
BLUECAT_USER_NAME |
+API username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
BLUECAT_HTTP_TIMEOUT |
+API request timeout | +
BLUECAT_POLLING_INTERVAL |
+Time between DNS propagation check | +
BLUECAT_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
BLUECAT_SKIP_DEPLOY |
+Skip deployements | +
BLUECAT_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Brandit has been acquired by Abion. +Abion has a different API.
+If you are a Brandit/Albion user, you can try the PR https://github.com/go-acme/lego/pull/2112.
+brandit
Here is an example bash command using the Brandit (deprecated) provider:
+BRANDIT_API_KEY=xxxxxxxxxxxxxxxxxxxxx \
+BRANDIT_API_USERNAME=yyyyyyyyyyyyyyyyyyyy \
+lego --email you@example.com --dns brandit -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
BRANDIT_API_KEY |
+The API key | +
BRANDIT_API_USERNAME |
+The API username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
BRANDIT_HTTP_TIMEOUT |
+API request timeout | +
BRANDIT_POLLING_INTERVAL |
+Time between DNS propagation check | +
BRANDIT_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
BRANDIT_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Bunny.
+bunny
Here is an example bash command using the Bunny provider:
+BUNNY_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
+lego --email you@example.com --dns bunny -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
BUNNY_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
BUNNY_POLLING_INTERVAL |
+Time between DNS propagation check | +
BUNNY_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
BUNNY_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Checkdomain.
+checkdomain
Here is an example bash command using the Checkdomain provider:
+CHECKDOMAIN_TOKEN=yoursecrettoken \
+lego --email you@example.com --dns checkdomain -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CHECKDOMAIN_TOKEN |
+API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CHECKDOMAIN_ENDPOINT |
+API endpoint URL, defaults to https://api.checkdomain.de | +
CHECKDOMAIN_HTTP_TIMEOUT |
+API request timeout, defaults to 30 seconds | +
CHECKDOMAIN_POLLING_INTERVAL |
+Time between DNS propagation check | +
CHECKDOMAIN_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
CHECKDOMAIN_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Civo.
+civo
Here is an example bash command using the Civo provider:
+CIVO_TOKEN=xxxxxx \
+lego --email you@example.com --dns civo -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CIVO_TOKEN |
+Authentication token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CIVO_POLLING_INTERVAL |
+Time between DNS propagation check | +
CIVO_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
CIVO_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for CloudDNS.
+clouddns
Here is an example bash command using the CloudDNS provider:
+CLOUDDNS_CLIENT_ID=bLsdFAks23429841238feb177a572aX \
+CLOUDDNS_EMAIL=you@example.com \
+CLOUDDNS_PASSWORD=b9841238feb177a84330f \
+lego --email you@example.com --dns clouddns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CLOUDDNS_CLIENT_ID |
+Client ID | +
CLOUDDNS_EMAIL |
+Account email | +
CLOUDDNS_PASSWORD |
+Account password | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CLOUDDNS_HTTP_TIMEOUT |
+API request timeout | +
CLOUDDNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
CLOUDDNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
CLOUDDNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Cloudflare.
+cloudflare
Here is an example bash command using the Cloudflare provider:
+CLOUDFLARE_EMAIL=you@example.com \
+CLOUDFLARE_API_KEY=b9841238feb177a84330febba8a83208921177bffe733 \
+lego --email you@example.com --dns cloudflare -d '*.example.com' -d example.com run
+
+# or
+
+CLOUDFLARE_DNS_API_TOKEN=1234567890abcdefghijklmnopqrstuvwxyz \
+lego --email you@example.com --dns cloudflare -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CF_API_EMAIL |
+Account email | +
CF_API_KEY |
+API key | +
CF_DNS_API_TOKEN |
+API token with DNS:Edit permission (since v3.1.0) | +
CF_ZONE_API_TOKEN |
+API token with Zone:Read permission (since v3.1.0) | +
CLOUDFLARE_API_KEY |
+Alias to CF_API_KEY | +
CLOUDFLARE_DNS_API_TOKEN |
+Alias to CF_DNS_API_TOKEN | +
CLOUDFLARE_EMAIL |
+Alias to CF_API_EMAIL | +
CLOUDFLARE_ZONE_API_TOKEN |
+Alias to CF_ZONE_API_TOKEN | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CLOUDFLARE_HTTP_TIMEOUT |
+API request timeout (in seconds) | +
CLOUDFLARE_POLLING_INTERVAL |
+Time between DNS propagation check (in seconds) | +
CLOUDFLARE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation (in seconds) | +
CLOUDFLARE_TTL |
+The TTL of the TXT record used for the DNS challenge (in seconds) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
You may use CF_API_EMAIL
and CF_API_KEY
to authenticate, or CF_DNS_API_TOKEN
, or CF_DNS_API_TOKEN
and CF_ZONE_API_TOKEN
.
If using API keys (CF_API_EMAIL
and CF_API_KEY
), the Global API Key needs to be used, not the Origin CA Key.
Please be aware, that this in principle allows Lego to read and change everything related to this account.
+With API tokens (CF_DNS_API_TOKEN
, and optionally CF_ZONE_API_TOKEN
),
+very specific access can be granted to your resources at Cloudflare.
+See this Cloudflare announcement for details.
The main resources Lego cares for are the DNS entries for your Zones. +It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
+Hence, you should create an API token with the following permissions:
+You also need to scope the access to all your domains for this to work.
+Then pass the API token as CF_DNS_API_TOKEN
to Lego.
Alternatively, if you prefer a more strict set of privileges, +you can split the access tokens:
+CF_ZONE_API_TOKEN
to Lego.CF_DNS_API_TOKEN
to Lego.Zone:Read
and DNS:Edit
permission for the zone.This “paranoid” setup is mainly interesting for users who manage many zones/domains with a single Cloudflare account. +It follows the principle of least privilege and limits the possible damage, should one of the hosts become compromised.
+Configuration for ClouDNS.
+cloudns
Here is an example bash command using the ClouDNS provider:
+CLOUDNS_AUTH_ID=xxxx \
+CLOUDNS_AUTH_PASSWORD=yyyy \
+lego --email you@example.com --dns cloudns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CLOUDNS_AUTH_ID |
+The API user ID | +
CLOUDNS_AUTH_PASSWORD |
+The password for API user ID | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CLOUDNS_HTTP_TIMEOUT |
+API request timeout | +
CLOUDNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
CLOUDNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
CLOUDNS_SUB_AUTH_ID |
+The API sub user ID | +
CLOUDNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Cloud.ru.
+cloudru
Here is an example bash command using the Cloud.ru provider:
+CLOUDRU_SERVICE_INSTANCE_ID=ppp \
+CLOUDRU_KEY_ID=xxx \
+CLOUDRU_SECRET=yyy \
+lego --email you@example.com --dns cloudru -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CLOUDRU_KEY_ID |
+Key ID (login) | +
CLOUDRU_SECRET |
+Key Secret | +
CLOUDRU_SERVICE_INSTANCE_ID |
+Service Instance ID (parentId) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CLOUDRU_HTTP_TIMEOUT |
+API request timeout | +
CLOUDRU_POLLING_INTERVAL |
+Time between DNS propagation check | +
CLOUDRU_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
CLOUDRU_SEQUENCE_INTERVAL |
+Time between sequential requests | +
CLOUDRU_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
The CloudXNS DNS provider has shut down.
+cloudxns
Here is an example bash command using the CloudXNS (Deprecated) provider:
+CLOUDXNS_API_KEY=xxxx \
+CLOUDXNS_SECRET_KEY=yyyy \
+lego --email you@example.com --dns cloudxns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CLOUDXNS_API_KEY |
+The API key | +
CLOUDXNS_SECRET_KEY |
+The API secret key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CLOUDXNS_HTTP_TIMEOUT |
+API request timeout | +
CLOUDXNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
CLOUDXNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
CLOUDXNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for ConoHa.
+conoha
Here is an example bash command using the ConoHa provider:
+CONOHA_TENANT_ID=487727e3921d44e3bfe7ebb337bf085e \
+CONOHA_API_USERNAME=xxxx \
+CONOHA_API_PASSWORD=yyyy \
+lego --email you@example.com --dns conoha -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CONOHA_API_PASSWORD |
+The API password | +
CONOHA_API_USERNAME |
+The API username | +
CONOHA_TENANT_ID |
+Tenant ID | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CONOHA_HTTP_TIMEOUT |
+API request timeout | +
CONOHA_POLLING_INTERVAL |
+Time between DNS propagation check | +
CONOHA_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
CONOHA_REGION |
+The region | +
CONOHA_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Constellix.
+constellix
Here is an example bash command using the Constellix provider:
+CONSTELLIX_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
+CONSTELLIX_SECRET_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
+lego --email you@example.com --dns constellix -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CONSTELLIX_API_KEY |
+User API key | +
CONSTELLIX_SECRET_KEY |
+User secret key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CONSTELLIX_HTTP_TIMEOUT |
+API request timeout | +
CONSTELLIX_POLLING_INTERVAL |
+Time between DNS propagation check | +
CONSTELLIX_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
CONSTELLIX_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Core-Networks.
+corenetworks
Here is an example bash command using the Core-Networks provider:
+CORENETWORKS_LOGIN="xxxx" \
+CORENETWORKS_PASSWORD="yyyy" \
+lego --email you@example.com --dns corenetworks -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CORENETWORKS_LOGIN |
+The username of the API account | +
CORENETWORKS_PASSWORD |
+The password | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CORENETWORKS_HTTP_TIMEOUT |
+API request timeout | +
CORENETWORKS_POLLING_INTERVAL |
+Time between DNS propagation check | +
CORENETWORKS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
CORENETWORKS_SEQUENCE_INTERVAL |
+Time between sequential requests | +
CORENETWORKS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for CPanel/WHM.
+cpanel
Here is an example bash command using the CPanel/WHM provider:
+### CPANEL (default)
+
+CPANEL_USERNAME = "yyyy"
+CPANEL_TOKEN = "xxxx"
+CPANEL_BASE_URL = "https://example.com:2083" \
+lego --email you@example.com --dns cpanel -d '*.example.com' -d example.com run
+
+## WHM
+
+CPANEL_MODE = whm
+CPANEL_USERNAME = "yyyy"
+CPANEL_TOKEN = "xxxx"
+CPANEL_BASE_URL = "https://example.com:2087" \
+lego --email you@example.com --dns cpanel -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
CPANEL_BASE_URL |
+API server URL | +
CPANEL_TOKEN |
+API token | +
CPANEL_USERNAME |
+username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
CPANEL_HTTP_TIMEOUT |
+API request timeout | +
CPANEL_MODE |
+use cpanel API or WHM API (Default: cpanel) | +
CPANEL_POLLING_INTERVAL |
+Time between DNS propagation check | +
CPANEL_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
CPANEL_REGION |
+The region | +
CPANEL_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Derak Cloud.
+derak
Here is an example bash command using the Derak Cloud provider:
+DERAK_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+lego --email you@example.com --dns derak -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DERAK_API_KEY |
+The API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DERAK_HTTP_TIMEOUT |
+API request timeout | +
DERAK_POLLING_INTERVAL |
+Time between DNS propagation check | +
DERAK_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DERAK_TTL |
+The TTL of the TXT record used for the DNS challenge | +
DERAK_WEBSITE_ID |
+Force the zone/website ID | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for deSEC.io.
+desec
Here is an example bash command using the deSEC.io provider:
+DESEC_TOKEN=x-xxxxxxxxxxxxxxxxxxxxxxxxxx \
+lego --email you@example.com --dns desec -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DESEC_TOKEN |
+Domain token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DESEC_HTTP_TIMEOUT |
+API request timeout | +
DESEC_POLLING_INTERVAL |
+Time between DNS propagation check | +
DESEC_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DESEC_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Designate DNSaaS for Openstack.
+designate
Here is an example bash command using the Designate DNSaaS for Openstack provider:
+# With a `clouds.yaml`
+OS_CLOUD=my_openstack \
+lego --email you@example.com --dns designate -d '*.example.com' -d example.com run
+
+# or
+
+OS_AUTH_URL=https://openstack.example.org \
+OS_REGION_NAME=RegionOne \
+OS_PROJECT_ID=23d4522a987d4ab529f722a007c27846
+OS_USERNAME=myuser \
+OS_PASSWORD=passw0rd \
+lego --email you@example.com --dns designate -d '*.example.com' -d example.com run
+
+# or
+
+OS_AUTH_URL=https://openstack.example.org \
+OS_REGION_NAME=RegionOne \
+OS_AUTH_TYPE=v3applicationcredential \
+OS_APPLICATION_CREDENTIAL_ID=imn74uq0or7dyzz20dwo1ytls4me8dry \
+OS_APPLICATION_CREDENTIAL_SECRET=68FuSPSdQqkFQYH5X1OoriEIJOwyLtQ8QSqXZOc9XxFK1A9tzZT6He2PfPw0OMja \
+lego --email you@example.com --dns designate -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
OS_APPLICATION_CREDENTIAL_ID |
+Application credential ID | +
OS_APPLICATION_CREDENTIAL_NAME |
+Application credential name | +
OS_APPLICATION_CREDENTIAL_SECRET |
+Application credential secret | +
OS_AUTH_URL |
+Identity endpoint URL | +
OS_PASSWORD |
+Password | +
OS_PROJECT_NAME |
+Project name | +
OS_REGION_NAME |
+Region name | +
OS_USERNAME |
+Username | +
OS_USER_ID |
+User ID | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DESIGNATE_POLLING_INTERVAL |
+Time between DNS propagation check | +
DESIGNATE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DESIGNATE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
DESIGNATE_ZONE_NAME |
+The zone name to use in the OpenStack Project to manage TXT records. | +
OS_PROJECT_ID |
+Project ID | +
OS_TENANT_NAME |
+Tenant name (deprecated see OS_PROJECT_NAME and OS_PROJECT_ID) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
There are three main ways of authenticating with Designate:
+OS_CLOUD
environment variable and a clouds.yaml
file.OS_USERNAME
, OS_PASSWORD
and OS_PROJECT_NAME
environment variables.OS_APPLICATION_CREDENTIAL_*
and OS_USER_ID
environment variables.For the username/password and application methods, the OS_AUTH_URL
and OS_REGION_NAME
environment variables are required.
For more information, you can read about the different methods of authentication with OpenStack in the Keystone’s documentation and the gophercloud documentation:
+ +Public cloud providers with support for Designate:
+Configuration for Digital Ocean.
+digitalocean
Here is an example bash command using the Digital Ocean provider:
+DO_AUTH_TOKEN=xxxxxx \
+lego --email you@example.com --dns digitalocean -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DO_AUTH_TOKEN |
+Authentication token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DO_API_URL |
+The URL of the API | +
DO_HTTP_TIMEOUT |
+API request timeout | +
DO_POLLING_INTERVAL |
+Time between DNS propagation check | +
DO_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DO_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for DirectAdmin.
+directadmin
Here is an example bash command using the DirectAdmin provider:
+DIRECTADMIN_API_URL="http://example.com:2222" \
+DIRECTADMIN_USERNAME=xxxx \
+DIRECTADMIN_PASSWORD=yyy \
+lego --email you@example.com --dns directadmin -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DIRECTADMIN_API_URL |
+URL of the API | +
DIRECTADMIN_PASSWORD |
+API password | +
DIRECTADMIN_USERNAME |
+API username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DIRECTADMIN_HTTP_TIMEOUT |
+API request timeout | +
DIRECTADMIN_POLLING_INTERVAL |
+Time between DNS propagation check | +
DIRECTADMIN_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DIRECTADMIN_TTL |
+The TTL of the TXT record used for the DNS challenge | +
DIRECTADMIN_ZONE_NAME |
+Zone name used to add the TXT record | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for dnsHome.de.
+dnshomede
Here is an example bash command using the dnsHome.de provider:
+DNSHOMEDE_CREDENTIALS=example.org:password \
+lego --email you@example.com --dns dnshomede -d '*.example.com' -d example.com run
+
+DNSHOMEDE_CREDENTIALS=my.example.org:password1,demo.example.org:password2 \
+lego --email you@example.com --dns dnshomede -d my.example.org -d demo.example.org
Environment Variable Name | +Description | +
---|---|
DNSHOMEDE_CREDENTIALS |
+Comma-separated list of domain:password credential pairs | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DNSHOMEDE_HTTP_TIMEOUT |
+API request timeout | +
DNSHOMEDE_POLLING_INTERVAL |
+Time between DNS propagation checks | +
DNSHOMEDE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation; defaults to 300s (5 minutes) | +
DNSHOMEDE_SEQUENCE_INTERVAL |
+Time between sequential requests | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for DNSimple.
+dnsimple
Here is an example bash command using the DNSimple provider:
+DNSIMPLE_OAUTH_TOKEN=1234567890abcdefghijklmnopqrstuvwxyz \
+lego --email you@example.com --dns dnsimple -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DNSIMPLE_OAUTH_TOKEN |
+OAuth token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DNSIMPLE_BASE_URL |
+API endpoint URL | +
DNSIMPLE_POLLING_INTERVAL |
+Time between DNS propagation check | +
DNSIMPLE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DNSIMPLE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
DNSIMPLE_BASE_URL
is optional and must be set to production (https://api.dnsimple.com).
+if DNSIMPLE_BASE_URL
is not defined or empty, the production URL is used by default.
While you can manage DNS records in the DNSimple Sandbox environment, +DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.
+To authenticate you need to provide a valid API token. +HTTP Basic Authentication is intentionally not supported.
+You can generate a new API token from your account page. +Only Account API tokens are supported, if you try to use a User API token you will receive an error message.
+Configuration for DNS Made Easy.
+dnsmadeeasy
Here is an example bash command using the DNS Made Easy provider:
+DNSMADEEASY_API_KEY=xxxxxx \
+DNSMADEEASY_API_SECRET=yyyyy \
+lego --email you@example.com --dns dnsmadeeasy -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DNSMADEEASY_API_KEY |
+The API key | +
DNSMADEEASY_API_SECRET |
+The API Secret key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DNSMADEEASY_HTTP_TIMEOUT |
+API request timeout | +
DNSMADEEASY_POLLING_INTERVAL |
+Time between DNS propagation check | +
DNSMADEEASY_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DNSMADEEASY_SANDBOX |
+Activate the sandbox (boolean) | +
DNSMADEEASY_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Use the Tencent Cloud provider instead.
+dnspod
Here is an example bash command using the DNSPod (deprecated) provider:
+DNSPOD_API_KEY=xxxxxx \
+lego --email you@example.com --dns dnspod -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DNSPOD_API_KEY |
+The user token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DNSPOD_HTTP_TIMEOUT |
+API request timeout | +
DNSPOD_POLLING_INTERVAL |
+Time between DNS propagation check | +
DNSPOD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DNSPOD_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Domain Offensive (do.de).
+dode
Here is an example bash command using the Domain Offensive (do.de) provider:
+DODE_TOKEN=xxxxxx \
+lego --email you@example.com --dns dode -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DODE_TOKEN |
+API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DODE_HTTP_TIMEOUT |
+API request timeout | +
DODE_POLLING_INTERVAL |
+Time between DNS propagation check | +
DODE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DODE_SEQUENCE_INTERVAL |
+Time between sequential requests | +
DODE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Domeneshop.
+domeneshop
Here is an example bash command using the Domeneshop provider:
+DOMENESHOP_API_TOKEN=<token> \
+DOMENESHOP_API_SECRET=<secret> \
+lego --email example@example.com --dns domeneshop -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DOMENESHOP_API_SECRET |
+API secret | +
DOMENESHOP_API_TOKEN |
+API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DOMENESHOP_HTTP_TIMEOUT |
+API request timeout | +
DOMENESHOP_POLLING_INTERVAL |
+Time between DNS propagation check | +
DOMENESHOP_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Visit the following page for information on how to create API credentials with Domeneshop:
+https://api.domeneshop.no/docs/#section/Authentication
+Configuration for DreamHost.
+dreamhost
Here is an example bash command using the DreamHost provider:
+DREAMHOST_API_KEY="YOURAPIKEY" \
+lego --email you@example.com --dns dreamhost -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DREAMHOST_API_KEY |
+The API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DREAMHOST_HTTP_TIMEOUT |
+API request timeout | +
DREAMHOST_POLLING_INTERVAL |
+Time between DNS propagation check | +
DREAMHOST_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DREAMHOST_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Duck DNS.
+duckdns
Here is an example bash command using the Duck DNS provider:
+DUCKDNS_TOKEN=xxxxxx \
+lego --email you@example.com --dns duckdns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DUCKDNS_TOKEN |
+Account token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DUCKDNS_HTTP_TIMEOUT |
+API request timeout | +
DUCKDNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
DUCKDNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DUCKDNS_SEQUENCE_INTERVAL |
+Time between sequential requests | +
DUCKDNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Dyn.
+dyn
Here is an example bash command using the Dyn provider:
+DYN_CUSTOMER_NAME=xxxxxx \
+DYN_USER_NAME=yyyyy \
+DYN_PASSWORD=zzzz \
+lego --email you@example.com --dns dyn -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DYN_CUSTOMER_NAME |
+Customer name | +
DYN_PASSWORD |
+Password | +
DYN_USER_NAME |
+User name | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DYN_HTTP_TIMEOUT |
+API request timeout | +
DYN_POLLING_INTERVAL |
+Time between DNS propagation check | +
DYN_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DYN_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Dynu.
+dynu
Here is an example bash command using the Dynu provider:
+DYNU_API_KEY=1234567890abcdefghijklmnopqrstuvwxyz \
+lego --email you@example.com --dns dynu -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
DYNU_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
DYNU_HTTP_TIMEOUT |
+API request timeout | +
DYNU_POLLING_INTERVAL |
+Time between DNS propagation check | +
DYNU_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
DYNU_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for EasyDNS.
+easydns
Here is an example bash command using the EasyDNS provider:
+EASYDNS_TOKEN=xxx \
+EASYDNS_KEY=yyy \
+lego --email you@example.com --dns easydns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
EASYDNS_KEY |
+API Key | +
EASYDNS_TOKEN |
+API Token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
EASYDNS_ENDPOINT |
+The endpoint URL of the API Server | +
EASYDNS_HTTP_TIMEOUT |
+API request timeout | +
EASYDNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
EASYDNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
EASYDNS_SEQUENCE_INTERVAL |
+Time between sequential requests | +
EASYDNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
To test with the sandbox environment set EASYDNS_ENDPOINT=https://sandbox.rest.easydns.net
Akamai edgedns supersedes FastDNS; implementing a DNS provider for solving the DNS-01 challenge using Akamai EdgeDNS
+edgedns
Here is an example bash command using the Akamai EdgeDNS provider:
+AKAMAI_CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz1234567890ABCDEFG= \
+AKAMAI_CLIENT_TOKEN=akab-mnbvcxzlkjhgfdsapoiuytrewq1234567 \
+AKAMAI_HOST=akab-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.luna.akamaiapis.net \
+AKAMAI_ACCESS_TOKEN=akab-1234567890qwerty-asdfghjklzxcvtnu \
+lego --email you@example.com --dns edgedns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
AKAMAI_ACCESS_TOKEN |
+Access token, managed by the Akamai EdgeGrid client | +
AKAMAI_CLIENT_SECRET |
+Client secret, managed by the Akamai EdgeGrid client | +
AKAMAI_CLIENT_TOKEN |
+Client token, managed by the Akamai EdgeGrid client | +
AKAMAI_EDGERC |
+Path to the .edgerc file, managed by the Akamai EdgeGrid client | +
AKAMAI_EDGERC_SECTION |
+Configuration section, managed by the Akamai EdgeGrid client | +
AKAMAI_HOST |
+API host, managed by the Akamai EdgeGrid client | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
AKAMAI_POLLING_INTERVAL |
+Time between DNS propagation check. Default: 15 seconds | +
AKAMAI_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation. Default: 3 minutes | +
AKAMAI_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Akamai’s credentials are automatically detected in the following locations and prioritized in the following order:
+{SECTION}
is specified using AKAMAI_EDGERC_SECTION
):AKAMAI_{SECTION}_HOST
AKAMAI_{SECTION}_ACCESS_TOKEN
AKAMAI_{SECTION}_CLIENT_TOKEN
AKAMAI_{SECTION}_CLIENT_SECRET
AKAMAI_EDGERC_SECTION
is not defined or is set to default
, environment variables:AKAMAI_HOST
AKAMAI_ACCESS_TOKEN
AKAMAI_CLIENT_TOKEN
AKAMAI_CLIENT_SECRET
.edgerc
file located at AKAMAI_EDGERC
~/.edgerc
, sections can be specified using AKAMAI_EDGERC_SECTION
AKAMAI_HOST
AKAMAI_ACCESS_TOKEN
AKAMAI_CLIENT_TOKEN
AKAMAI_CLIENT_SECRET
See also:
+ +Configuration for Efficient IP.
+efficientip
Here is an example bash command using the Efficient IP provider:
+EFFICIENTIP_USERNAME="user" \
+EFFICIENTIP_PASSWORD="secret" \
+EFFICIENTIP_HOSTNAME="ipam.example.org" \
+EFFICIENTIP_DNS_NAME="dns.smart" \
+lego --email you@example.com --dns efficientip -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
EFFICIENTIP_DNS_NAME |
+DNS name (ex: dns.smart) | +
EFFICIENTIP_HOSTNAME |
+Hostname (ex: foo.example.com) | +
EFFICIENTIP_PASSWORD |
+Password | +
EFFICIENTIP_USERNAME |
+Username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
EFFICIENTIP_HTTP_TIMEOUT |
+API request timeout | +
EFFICIENTIP_INSECURE_SKIP_VERIFY |
+Whether or not to verify EfficientIP API certificate | +
EFFICIENTIP_POLLING_INTERVAL |
+Time between DNS propagation check | +
EFFICIENTIP_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
EFFICIENTIP_TTL |
+The TTL of the TXT record used for the DNS challenge | +
EFFICIENTIP_VIEW_NAME |
+View name (ex: external) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Epik.
+epik
Here is an example bash command using the Epik provider:
+EPIK_SIGNATURE=xxxxxxxxxxxxxxxxxxxxxxxxxx \
+lego --email you@example.com --dns epik -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
EPIK_SIGNATURE |
+Epik API signature (https://registrar.epik.com/account/api-settings/) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
EPIK_HTTP_TIMEOUT |
+API request timeout | +
EPIK_POLLING_INTERVAL |
+Time between DNS propagation check | +
EPIK_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
EPIK_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Solving the DNS-01 challenge using an external program.
+exec
Here is an example bash command using the External program provider:
+EXEC_PATH=/the/path/to/myscript.sh \
+lego --email you@example.com --dns exec -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
EXEC_MODE |
+RAW , none |
+
EXEC_PATH |
+The path of the the external program. | +
Environment Variable Name | +Description | +
---|---|
EXEC_POLLING_INTERVAL |
+Time between DNS propagation check. | +
EXEC_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation. | +
EXEC_SEQUENCE_INTERVAL |
+Time between sequential requests. | +
The file name of the external program is specified in the environment variable EXEC_PATH
.
When it is run by lego, three command-line parameters are passed to it: +The action (“present” or “cleanup”), the fully-qualified domain name and the value for the record.
+For example, requesting a certificate for the domain ‘my.example.org’ can be achieved by calling lego as follows:
+EXEC_PATH=./update-dns.sh \
+lego --email you@example.com --dns exec --d my.example.org run
It will then call the program ‘./update-dns.sh’ with like this:
+./update-dns.sh "present" "_acme-challenge.my.example.org." "MsijOYZxqyjGnFGwhjrhfg-Xgbl5r68WPda0J9EgqqI"
The program then needs to make sure the record is inserted. +When it returns an error via a non-zero exit code, lego aborts.
+When the record is to be removed again,
+the program is called with the first command-line parameter set to cleanup
instead of present
.
If you want to use the raw domain, token, and keyAuth values with your program, you can set EXEC_MODE=RAW
:
EXEC_MODE=RAW \
+EXEC_PATH=./update-dns.sh \
+lego --email you@example.com --dns exec -d my.example.org run
It will then call the program ./update-dns.sh
like this:
./update-dns.sh "present" "--" "my.example.org." "some-token" "KxAy-J3NwUmg9ZQuM-gP_Mq1nStaYSaP9tYQs5_-YsE.ksT-qywTd8058G-SHHWA3RAN72Pr0yWtPYmmY5UBpQ8"
The --
is because the token MAY start with a -
, and the called program may try and interpret a -
as indicating a flag.
+In the case of urfave, which is commonly used,
+you can use the --
delimiter to specify the start of positional arguments, and handle such a string safely.
Mode | +Command | +
---|---|
default | +myprogram present <FQDN> <record> |
+
RAW |
+myprogram present -- <domain> <token> <key_auth> |
+
Mode | +Command | +
---|---|
default | +myprogram cleanup <FQDN> <record> |
+
RAW |
+myprogram cleanup -- <domain> <token> <key_auth> |
+
Configuration for Exoscale.
+exoscale
Here is an example bash command using the Exoscale provider:
+EXOSCALE_API_KEY=abcdefghijklmnopqrstuvwx \
+EXOSCALE_API_SECRET=xxxxxxx \
+lego --email you@example.com --dns exoscale -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
EXOSCALE_API_KEY |
+API key | +
EXOSCALE_API_SECRET |
+API secret | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
EXOSCALE_ENDPOINT |
+API endpoint URL | +
EXOSCALE_HTTP_TIMEOUT |
+API request timeout | +
EXOSCALE_POLLING_INTERVAL |
+Time between DNS propagation check | +
EXOSCALE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
EXOSCALE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for freemyip.com.
+freemyip
Here is an example bash command using the freemyip.com provider:
+FREEMYIP_TOKEN=xxxxxx \
+lego --email you@example.com --dns freemyip -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
FREEMYIP_TOKEN |
+Account token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
FREEMYIP_HTTP_TIMEOUT |
+API request timeout | +
FREEMYIP_POLLING_INTERVAL |
+Time between DNS propagation check | +
FREEMYIP_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
FREEMYIP_SEQUENCE_INTERVAL |
+Time between sequential requests | +
FREEMYIP_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Gandi.
+gandi
Here is an example bash command using the Gandi provider:
+GANDI_API_KEY=abcdefghijklmnopqrstuvwx \
+lego --email you@example.com --dns gandi -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
GANDI_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
GANDI_HTTP_TIMEOUT |
+API request timeout | +
GANDI_POLLING_INTERVAL |
+Time between DNS propagation check | +
GANDI_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
GANDI_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Gandi Live DNS (v5).
+gandiv5
Here is an example bash command using the Gandi Live DNS (v5) provider:
+GANDIV5_PERSONAL_ACCESS_TOKEN=abcdefghijklmnopqrstuvwx \
+lego --email you@example.com --dns gandiv5 -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
GANDIV5_API_KEY |
+API key (Deprecated) | +
GANDIV5_PERSONAL_ACCESS_TOKEN |
+Personal Access Token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
GANDIV5_HTTP_TIMEOUT |
+API request timeout | +
GANDIV5_POLLING_INTERVAL |
+Time between DNS propagation check | +
GANDIV5_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
GANDIV5_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Google Cloud.
+gcloud
Here is an example bash command using the Google Cloud provider:
+GCE_PROJECT="gc-project-id" \
+GCE_SERVICE_ACCOUNT_FILE="/path/to/svc/account/file.json" \
+lego --email you@email.com --dns gcloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
Application Default Credentials |
+Documentation | +
GCE_PROJECT |
+Project name (by default, the project name is auto-detected by using the metadata service) | +
GCE_SERVICE_ACCOUNT |
+Account | +
GCE_SERVICE_ACCOUNT_FILE |
+Account file path | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
GCE_ALLOW_PRIVATE_ZONE |
+Allows requested domain to be in private DNS zone, works only with a private ACME server (by default: false) | +
GCE_POLLING_INTERVAL |
+Time between DNS propagation check | +
GCE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
GCE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
GCE_ZONE_ID |
+Allows to skip the automatic detection of the zone | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for G-Core.
+gcore
Here is an example bash command using the G-Core provider:
+GCORE_PERMANENT_API_TOKEN=xxxxx \
+lego --email you@example.com --dns gcore -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
GCORE_PERMANENT_API_TOKEN |
+Permanent API token (https://gcore.com/blog/permanent-api-token-explained/) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
GCORE_HTTP_TIMEOUT |
+API request timeout | +
GCORE_POLLING_INTERVAL |
+Time between DNS propagation check | +
GCORE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
GCORE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Glesys.
+glesys
Here is an example bash command using the Glesys provider:
+GLESYS_API_USER=xxxxx \
+GLESYS_API_KEY=yyyyy \
+lego --email you@example.com --dns glesys -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
GLESYS_API_KEY |
+API key | +
GLESYS_API_USER |
+API user | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
GLESYS_HTTP_TIMEOUT |
+API request timeout | +
GLESYS_POLLING_INTERVAL |
+Time between DNS propagation check | +
GLESYS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
GLESYS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Go Daddy.
+godaddy
Here is an example bash command using the Go Daddy provider:
+GODADDY_API_KEY=xxxxxxxx \
+GODADDY_API_SECRET=yyyyyyyy \
+lego --email you@example.com --dns godaddy -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
GODADDY_API_KEY |
+API key | +
GODADDY_API_SECRET |
+API secret | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
GODADDY_HTTP_TIMEOUT |
+API request timeout | +
GODADDY_POLLING_INTERVAL |
+Time between DNS propagation check | +
GODADDY_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
GODADDY_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
GoDaddy has recently (2024-04) updated the account requirements to access parts of their production Domains API:
+Configuration for Google Domains.
+googledomains
Here is an example bash command using the Google Domains provider:
+GOOGLE_DOMAINS_ACCESS_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
+lego --email you@example.com --dns googledomains -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
GOOGLE_DOMAINS_ACCESS_TOKEN |
+Access token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
GOOGLE_DOMAINS_HTTP_TIMEOUT |
+API request timeout | +
GOOGLE_DOMAINS_POLLING_INTERVAL |
+Time between DNS propagation check | +
GOOGLE_DOMAINS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Hetzner.
+hetzner
Here is an example bash command using the Hetzner provider:
+HETZNER_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
+lego --email you@example.com --dns hetzner -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
HETZNER_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
HETZNER_HTTP_TIMEOUT |
+API request timeout | +
HETZNER_POLLING_INTERVAL |
+Time between DNS propagation check | +
HETZNER_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
HETZNER_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Hosting.de.
+hostingde
Here is an example bash command using the Hosting.de provider:
+HOSTINGDE_API_KEY=xxxxxxxx \
+lego --email you@example.com --dns hostingde -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
HOSTINGDE_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
HOSTINGDE_HTTP_TIMEOUT |
+API request timeout | +
HOSTINGDE_POLLING_INTERVAL |
+Time between DNS propagation check | +
HOSTINGDE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
HOSTINGDE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
HOSTINGDE_ZONE_NAME |
+Zone name in ACE format | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Hosttech.
+hosttech
Here is an example bash command using the Hosttech provider:
+HOSTTECH_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxx \
+lego --email you@example.com --dns hosttech -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
HOSTTECH_API_KEY |
+API login | +
HOSTTECH_PASSWORD |
+API password | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
HOSTTECH_HTTP_TIMEOUT |
+API request timeout | +
HOSTTECH_POLLING_INTERVAL |
+Time between DNS propagation check | +
HOSTTECH_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
HOSTTECH_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for http.net.
+httpnet
Here is an example bash command using the http.net provider:
+HTTPNET_API_KEY=xxxxxxxx \
+lego --email you@example.com --dns httpnet -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
HTTPNET_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
HTTPNET_HTTP_TIMEOUT |
+API request timeout | +
HTTPNET_POLLING_INTERVAL |
+Time between DNS propagation check | +
HTTPNET_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
HTTPNET_TTL |
+The TTL of the TXT record used for the DNS challenge | +
HTTPNET_ZONE_NAME |
+Zone name in ACE format | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for HTTP request.
+httpreq
Here is an example bash command using the HTTP request provider:
+HTTPREQ_ENDPOINT=http://my.server.com:9090 \
+lego --email you@example.com --dns httpreq -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
HTTPREQ_ENDPOINT |
+The URL of the server | +
HTTPREQ_MODE |
+RAW , none |
+
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
HTTPREQ_HTTP_TIMEOUT |
+API request timeout | +
HTTPREQ_PASSWORD |
+Basic authentication password | +
HTTPREQ_POLLING_INTERVAL |
+Time between DNS propagation check | +
HTTPREQ_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
HTTPREQ_USERNAME |
+Basic authentication username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
The server must provide:
+POST
/present
POST
/cleanup
The URL of the server must be defined by HTTPREQ_ENDPOINT
.
There are 2 modes (HTTPREQ_MODE
):
{
+ "fqdn": "_acme-challenge.domain.",
+ "value": "LHDhK3oGRvkiefQnx7OOczTY5Tic_xZ6HcMOc_gmtoM"
+}
RAW
{
+ "domain": "domain",
+ "token": "token",
+ "keyAuth": "key"
+}
Basic authentication (optional) can be set with some environment variables:
+HTTPREQ_USERNAME
and HTTPREQ_PASSWORD
Configuration for Huawei Cloud.
+huaweicloud
Here is an example bash command using the Huawei Cloud provider:
+HUAWEICLOUD_ACCESS_KEY_ID=your-access-key-id \
+HUAWEICLOUD_SECRET_ACCESS_KEY=your-secret-access-key \
+HUAWEICLOUD_REGION=cn-south-1 \
+lego --email you@example.com --dns huaweicloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
HUAWEICLOUD_ACCESS_KEY_ID |
+Access key ID | +
HUAWEICLOUD_REGION |
+Region | +
HUAWEICLOUD_SECRET_ACCESS_KEY |
+Access Key secret | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
HUAWEICLOUD_HTTP_TIMEOUT |
+API request timeout | +
HUAWEICLOUD_POLLING_INTERVAL |
+Time between DNS propagation check | +
HUAWEICLOUD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
HUAWEICLOUD_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Hurricane Electric DNS.
+hurricane
Here is an example bash command using the Hurricane Electric DNS provider:
+HURRICANE_TOKENS=example.org:token \
+lego --email you@example.com --dns hurricane -d '*.example.com' -d example.com run
+
+HURRICANE_TOKENS=my.example.org:token1,demo.example.org:token2 \
+lego --email you@example.com --dns hurricane -d my.example.org -d demo.example.org
Environment Variable Name | +Description | +
---|---|
HURRICANE_TOKENS |
+TXT record names and tokens | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
HURRICANE_HTTP_TIMEOUT |
+API request timeout | +
HURRICANE_POLLING_INTERVAL |
+Time between DNS propagation checks | +
HURRICANE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation; defaults to 300s (5 minutes) | +
HURRICANE_SEQUENCE_INTERVAL |
+Time between sequential requests | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Before using lego to request a certificate for a given domain or wildcard (such as my.example.org
or *.my.example.org
),
+create a TXT record named _acme-challenge.my.example.org
, and enable dynamic updates on it.
+Generate a token for each URL with Hurricane Electric’s UI, and copy it down.
+Stick to alphanumeric tokens for greatest reliability.
To authenticate with the Hurricane Electric API,
+add each record name/token pair you want to update to the HURRICANE_TOKENS
environment variable, as shown in the examples.
+Record names (without the _acme-challenge.
component) and their tokens are separated with colons,
+while the credential pairs are concatenated into a comma-separated list, like so:
HURRICANE_TOKENS=my.example.org:token1,demo.example.org:token2
If you are issuing both a wildcard certificate and a standard certificate for a given subdomain, +you should not have repeat entries for that name, as both will use the same credential.
+HURRICANE_TOKENS=example.org:token
Configuration for HyperOne.
+hyperone
Here is an example bash command using the HyperOne provider:
+lego --email you@example.com --dns hyperone -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
HYPERONE_API_URL |
+Allows to pass custom API Endpoint to be used in the challenge (default https://api.hyperone.com/v2) | +
HYPERONE_LOCATION_ID |
+Specifies location (region) to be used in API calls. (default pl-waw-1) | +
HYPERONE_PASSPORT_LOCATION |
+Allows to pass custom passport file location (default ~/.h1/passport.json) | +
HYPERONE_POLLING_INTERVAL |
+Time between DNS propagation check | +
HYPERONE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
HYPERONE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Default configuration does not require any additional environment variables,
+just a passport file in ~/.h1/passport.json
location.
To use this application you have to generate passport file for sa
:
h1 iam project sa credential generate --name my-passport --project <project ID> --sa <sa ID> --passport-output-file ~/.h1/passport.json
The application requires following permissions:
+dns/zone/list
dns/zone.recordset/list
dns/zone.recordset/create
dns/zone.recordset/delete
dns/zone.record/create
dns/zone.record/list
dns/zone.record/delete
All required permissions are available via platform role tool.lego
.
Configuration for IBM Cloud (SoftLayer).
+ibmcloud
Here is an example bash command using the IBM Cloud (SoftLayer) provider:
+SOFTLAYER_USERNAME=xxxxx \
+SOFTLAYER_API_KEY=yyyyy \
+lego --email you@example.com --dns ibmcloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SOFTLAYER_API_KEY |
+Classic Infrastructure API key | +
SOFTLAYER_USERNAME |
+Username (IBM Cloud is _) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SOFTLAYER_POLLING_INTERVAL |
+Time between DNS propagation check | +
SOFTLAYER_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SOFTLAYER_TIMEOUT |
+API request timeout | +
SOFTLAYER_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Internet Initiative Japan.
+iij
Here is an example bash command using the Internet Initiative Japan provider:
+IIJ_API_ACCESS_KEY=xxxxxxxx \
+IIJ_API_SECRET_KEY=yyyyyy \
+IIJ_DO_SERVICE_CODE=zzzzzz \
+lego --email you@example.com --dns iij -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
IIJ_API_ACCESS_KEY |
+API access key | +
IIJ_API_SECRET_KEY |
+API secret key | +
IIJ_DO_SERVICE_CODE |
+DO service code | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
IIJ_POLLING_INTERVAL |
+Time between DNS propagation check | +
IIJ_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
IIJ_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for IIJ DNS Platform Service.
+iijdpf
Here is an example bash command using the IIJ DNS Platform Service provider:
+IIJ_DPF_API_TOKEN=xxxxxxxx \
+IIJ_DPF_DPM_SERVICE_CODE=yyyyyy \
+lego --email you@example.com --dns iijdpf -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
IIJ_DPF_API_TOKEN |
+API token | +
IIJ_DPF_DPM_SERVICE_CODE |
+IIJ Managed DNS Service’s service code | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
IIJ_DPF_API_ENDPOINT |
+API endpoint URL, defaults to https://api.dns-platform.jp/dpf/v1 | +
IIJ_DPF_POLLING_INTERVAL |
+Time between DNS propagation check, defaults to 5 second | +
IIJ_DPF_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation, defaults to 660 second | +
IIJ_DPF_TTL |
+The TTL of the TXT record used for the DNS challenge, default to 300 | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Credentials and DNS configuration for DNS providers must be passed through environment variables.
+The environment variables can reference a value.
+Here is an example bash command using the Cloudflare DNS provider:
+$ CLOUDFLARE_EMAIL=you@example.com \
+ CLOUDFLARE_API_KEY=b9841238feb177a84330febba8a83208921177bffe733 \
+ lego --dns cloudflare --domains www.example.com --email you@example.com run
The environment variables can reference a path to file.
+In this case the name of environment variable must be suffixed by _FILE
.
The file must contain only the value.
+Here is an example bash command using the CloudFlare DNS provider:
+$ cat /the/path/to/my/key
+b9841238feb177a84330febba8a83208921177bffe733
+
+$ cat /the/path/to/my/email
+you@example.com
+
+$ CLOUDFLARE_EMAIL_FILE=/the/path/to/my/email \
+ CLOUDFLARE_API_KEY_FILE=/the/path/to/my/key \
+ lego --dns cloudflare --domains www.example.com --email you@example.com run
Provider name | +CLI flag name | +Required lego version | +|
---|---|---|---|
+ Akamai EdgeDNS + | +Website | +
+ edgedns
+ |
+ v3.9.0 | +
+ Alibaba Cloud DNS + | +Website | +
+ alidns
+ |
+ v1.1.0 | +
+ all-inkl + | +Website | +
+ allinkl
+ |
+ v4.5.0 | +
+ Amazon Lightsail + | +Website | +
+ lightsail
+ |
+ v0.5.0 | +
+ Amazon Route 53 + | +Website | +
+ route53
+ |
+ v0.3.0 | +
+ ArvanCloud + | +Website | +
+ arvancloud
+ |
+ v3.8.0 | +
+ Aurora DNS + | +Website | +
+ auroradns
+ |
+ v0.4.0 | +
+ Autodns + | +Website | +
+ autodns
+ |
+ v3.2.0 | +
+ Azure (deprecated) + | +Website | +
+ azure
+ |
+ v0.4.0 | +
+ Azure DNS + | +Website | +
+ azuredns
+ |
+ v4.13.0 | +
+ Bindman + | +Website | +
+ bindman
+ |
+ v2.6.0 | +
+ Bluecat + | +Website | +
+ bluecat
+ |
+ v0.5.0 | +
+ Brandit (deprecated) + | +Website | +
+ brandit
+ |
+ v4.11.0 | +
+ Bunny + | +Website | +
+ bunny
+ |
+ v4.11.0 | +
+ Checkdomain + | +Website | +
+ checkdomain
+ |
+ v3.3.0 | +
+ Civo + | +Website | +
+ civo
+ |
+ v4.9.0 | +
+ Cloud.ru + | +Website | +
+ cloudru
+ |
+ v4.14.0 | +
+ CloudDNS + | +Website | +
+ clouddns
+ |
+ v3.6.0 | +
+ Cloudflare + | +Website | +
+ cloudflare
+ |
+ v0.3.0 | +
+ ClouDNS + | +Website | +
+ cloudns
+ |
+ v2.3.0 | +
+ CloudXNS (Deprecated) + | +Website | +
+ cloudxns
+ |
+ v0.5.0 | +
+ ConoHa + | +Website | +
+ conoha
+ |
+ v1.2.0 | +
+ Constellix + | +Website | +
+ constellix
+ |
+ v3.4.0 | +
+ Core-Networks + | +Website | +
+ corenetworks
+ |
+ v4.20.0 | +
+ CPanel/WHM + | +Website | +
+ cpanel
+ |
+ v4.16.0 | +
+ Derak Cloud + | +Website | +
+ derak
+ |
+ v4.12.0 | +
+ deSEC.io + | +Website | +
+ desec
+ |
+ v3.7.0 | +
+ Designate DNSaaS for Openstack + | +Website | +
+ designate
+ |
+ v2.2.0 | +
+ Digital Ocean + | +Website | +
+ digitalocean
+ |
+ v0.3.0 | +
+ DirectAdmin + | +Website | +
+ directadmin
+ |
+ v4.18.0 | +
+ DNS Made Easy + | +Website | +
+ dnsmadeeasy
+ |
+ v0.4.0 | +
+ dnsHome.de + | +Website | +
+ dnshomede
+ |
+ v4.10.0 | +
+ DNSimple + | +Website | +
+ dnsimple
+ |
+ v0.3.0 | +
+ DNSPod (deprecated) + | +Website | +
+ dnspod
+ |
+ v0.4.0 | +
+ Domain Offensive (do.de) + | +Website | +
+ dode
+ |
+ v2.4.0 | +
+ Domeneshop + | +Website | +
+ domeneshop
+ |
+ v4.3.0 | +
+ DreamHost + | +Website | +
+ dreamhost
+ |
+ v1.1.0 | +
+ Duck DNS + | +Website | +
+ duckdns
+ |
+ v0.5.0 | +
+ Dyn + | +Website | +
+ dyn
+ |
+ v0.3.0 | +
+ Dynu + | +Website | +
+ dynu
+ |
+ v3.5.0 | +
+ EasyDNS + | +Website | +
+ easydns
+ |
+ v2.6.0 | +
+ Efficient IP + | +Website | +
+ efficientip
+ |
+ v4.13.0 | +
+ Epik + | +Website | +
+ epik
+ |
+ v4.5.0 | +
+ Exoscale + | +Website | +
+ exoscale
+ |
+ v0.4.0 | +
+ External program + | +Website | +
+ exec
+ |
+ v0.5.0 | +
+ freemyip.com + | +Website | +
+ freemyip
+ |
+ v4.5.0 | +
+ G-Core + | +Website | +
+ gcore
+ |
+ v4.5.0 | +
+ Gandi + | +Website | +
+ gandi
+ |
+ v0.3.0 | +
+ Gandi Live DNS (v5) + | +Website | +
+ gandiv5
+ |
+ v0.5.0 | +
+ Glesys + | +Website | +
+ glesys
+ |
+ v0.5.0 | +
+ Go Daddy + | +Website | +
+ godaddy
+ |
+ v0.5.0 | +
+ Google Cloud + | +Website | +
+ gcloud
+ |
+ v0.3.0 | +
+ Google Domains + | +Website | +
+ googledomains
+ |
+ v4.11.0 | +
+ Hetzner + | +Website | +
+ hetzner
+ |
+ v3.7.0 | +
+ Hosting.de + | +Website | +
+ hostingde
+ |
+ v1.1.0 | +
+ Hosttech + | +Website | +
+ hosttech
+ |
+ v4.5.0 | +
+ HTTP request + | +Website | +
+ httpreq
+ |
+ v2.0.0 | +
+ http.net + | +Website | +
+ httpnet
+ |
+ v4.15.0 | +
+ Huawei Cloud + | +Website | +
+ huaweicloud
+ |
+ v4.19 | +
+ Hurricane Electric DNS + | +Website | +
+ hurricane
+ |
+ v4.3.0 | +
+ HyperOne + | +Website | +
+ hyperone
+ |
+ v3.9.0 | +
+ IBM Cloud (SoftLayer) + | +Website | +
+ ibmcloud
+ |
+ v4.5.0 | +
+ IIJ DNS Platform Service + | +Website | +
+ iijdpf
+ |
+ v4.7.0 | +
+ Infoblox + | +Website | +
+ infoblox
+ |
+ v4.4.0 | +
+ Infomaniak + | +Website | +
+ infomaniak
+ |
+ v4.1.0 | +
+ Internet Initiative Japan + | +Website | +
+ iij
+ |
+ v1.1.0 | +
+ Internet.bs + | +Website | +
+ internetbs
+ |
+ v4.5.0 | +
+ INWX + | +Website | +
+ inwx
+ |
+ v2.0.0 | +
+ Ionos + | +Website | +
+ ionos
+ |
+ v4.2.0 | +
+ IPv64 + | +Website | +
+ ipv64
+ |
+ v4.13.0 | +
+ iwantmyname + | +Website | +
+ iwantmyname
+ |
+ v4.7.0 | +
+ Joker + | +Website | +
+ joker
+ |
+ v2.6.0 | +
+ Joohoi's ACME-DNS + | +Website | +
+ acme-dns
+ |
+ v1.1.0 | +
+ Liara + | +Website | +
+ liara
+ |
+ v4.10.0 | +
+ Lima-City + | +Website | +
+ limacity
+ |
+ v4.18.0 | +
+ Linode (v4) + | +Website | +
+ linode
+ |
+ v1.1.0 | +
+ Liquid Web + | +Website | +
+ liquidweb
+ |
+ v3.1.0 | +
+ Loopia + | +Website | +
+ loopia
+ |
+ v4.2.0 | +
+ LuaDNS + | +Website | +
+ luadns
+ |
+ v3.7.0 | +
+ Mail-in-a-Box + | +Website | +
+ mailinabox
+ |
+ v4.16.0 | +
+ Manual + | ++ |
+ manual
+ |
+ v0.3.0 | +
+ Metaname + | +Website | +
+ metaname
+ |
+ v4.13.0 | +
+ mijn.host + | +Website | +
+ mijnhost
+ |
+ v4.18.0 | +
+ Mittwald + | +Website | +
+ mittwald
+ |
+ v1.48.0 | +
+ MyDNS.jp + | +Website | +
+ mydnsjp
+ |
+ v1.2.0 | +
+ MythicBeasts + | +Website | +
+ mythicbeasts
+ |
+ v0.3.7 | +
+ Name.com + | +Website | +
+ namedotcom
+ |
+ v0.5.0 | +
+ Namecheap + | +Website | +
+ namecheap
+ |
+ v0.3.0 | +
+ Namesilo + | +Website | +
+ namesilo
+ |
+ v2.7.0 | +
+ NearlyFreeSpeech.NET + | +Website | +
+ nearlyfreespeech
+ |
+ v4.8.0 | +
+ Netcup + | +Website | +
+ netcup
+ |
+ v1.1.0 | +
+ Netlify + | +Website | +
+ netlify
+ |
+ v3.7.0 | +
+ Nicmanager + | +Website | +
+ nicmanager
+ |
+ v4.5.0 | +
+ NIFCloud + | +Website | +
+ nifcloud
+ |
+ v1.1.0 | +
+ Njalla + | +Website | +
+ njalla
+ |
+ v4.3.0 | +
+ Nodion + | +Website | +
+ nodion
+ |
+ v4.11.0 | +
+ NS1 + | +Website | +
+ ns1
+ |
+ v0.4.0 | +
+ Open Telekom Cloud + | +Website | +
+ otc
+ |
+ v0.4.1 | +
+ Oracle Cloud + | +Website | +
+ oraclecloud
+ |
+ v2.3.0 | +
+ OVH + | +Website | +
+ ovh
+ |
+ v0.4.0 | +
+ plesk.com + | +Website | +
+ plesk
+ |
+ v4.11.0 | +
+ Porkbun + | +Website | +
+ porkbun
+ |
+ v4.4.0 | +
+ PowerDNS + | +Website | +
+ pdns
+ |
+ v0.4.0 | +
+ Rackspace + | +Website | +
+ rackspace
+ |
+ v0.4.0 | +
+ RcodeZero + | +Website | +
+ rcodezero
+ |
+ v4.13 | +
+ reg.ru + | +Website | +
+ regru
+ |
+ v3.5.0 | +
+ Regfish + | +Website | +
+ regfish
+ |
+ v4.20.0 | +
+ RFC2136 + | +Website | +
+ rfc2136
+ |
+ v0.3.0 | +
+ RimuHosting + | +Website | +
+ rimuhosting
+ |
+ v0.3.5 | +
+ Sakura Cloud + | +Website | +
+ sakuracloud
+ |
+ v1.1.0 | +
+ Scaleway + | +Website | +
+ scaleway
+ |
+ v3.4.0 | +
+ Selectel + | +Website | +
+ selectel
+ |
+ v1.2.0 | +
+ Selectel v2 + | +Website | +
+ selectelv2
+ |
+ v4.17.0 | +
+ SelfHost.(de|eu) + | +Website | +
+ selfhostde
+ |
+ v4.19.0 | +
+ Servercow + | +Website | +
+ servercow
+ |
+ v3.4.0 | +
+ Shellrent + | +Website | +
+ shellrent
+ |
+ v4.16.0 | +
+ Simply.com + | +Website | +
+ simply
+ |
+ v4.4.0 | +
+ Sonic + | +Website | +
+ sonic
+ |
+ v4.4.0 | +
+ Stackpath + | +Website | +
+ stackpath
+ |
+ v1.1.0 | +
+ Technitium + | +Website | +
+ technitium
+ |
+ v4.20.0 | +
+ Tencent Cloud DNS + | +Website | +
+ tencentcloud
+ |
+ v4.6.0 | +
+ Timeweb Cloud + | +Website | +
+ timewebcloud
+ |
+ v4.20.0 | +
+ TransIP + | +Website | +
+ transip
+ |
+ v2.0.0 | +
+ UKFast SafeDNS + | +Website | +
+ safedns
+ |
+ v4.6.0 | +
+ Ultradns + | +Website | +
+ ultradns
+ |
+ v4.10.0 | +
+ Variomedia + | +Website | +
+ variomedia
+ |
+ v4.8.0 | +
+ VegaDNS + | +Website | +
+ vegadns
+ |
+ v1.1.0 | +
+ Vercel + | +Website | +
+ vercel
+ |
+ v4.7.0 | +
+ Versio.[nl|eu|uk] + | +Website | +
+ versio
+ |
+ v2.7.0 | +
+ VinylDNS + | +Website | +
+ vinyldns
+ |
+ v4.4.0 | +
+ VK Cloud + | +Website | +
+ vkcloud
+ |
+ v4.9.0 | +
+ Volcano Engine/火山引擎 + | +Website | +
+ volcengine
+ |
+ v4.19.0 | +
+ Vscale + | +Website | +
+ vscale
+ |
+ v2.0.0 | +
+ Vultr + | +Website | +
+ vultr
+ |
+ v0.3.1 | +
+ Webnames + | +Website | +
+ webnames
+ |
+ v4.15.0 | +
+ Websupport + | +Website | +
+ websupport
+ |
+ v4.10.0 | +
+ WEDOS + | +Website | +
+ wedos
+ |
+ v4.4.0 | +
+ Yandex 360 + | +Website | +
+ yandex360
+ |
+ v4.14.0 | +
+ Yandex Cloud + | +Website | +
+ yandexcloud
+ |
+ v4.9.0 | +
+ Yandex PDD + | +Website | +
+ yandex
+ |
+ v3.7.0 | +
+ Zone.ee + | +Website | +
+ zoneee
+ |
+ v2.1.0 | +
+ Zonomi + | +Website | +
+ zonomi
+ |
+ v3.5.0 | +
Configuration for Infoblox.
+infoblox
Here is an example bash command using the Infoblox provider:
+INFOBLOX_USERNAME=api-user-529 \
+INFOBLOX_PASSWORD=b9841238feb177a84330febba8a83208921177bffe733 \
+INFOBLOX_HOST=infoblox.example.org
+lego --email you@example.com --dns infoblox -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
INFOBLOX_HOST |
+Host URI | +
INFOBLOX_PASSWORD |
+Account Password | +
INFOBLOX_USERNAME |
+Account Username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
INFOBLOX_DNS_VIEW |
+The view for the TXT records, default: External | +
INFOBLOX_HTTP_TIMEOUT |
+HTTP request timeout | +
INFOBLOX_POLLING_INTERVAL |
+Time between DNS propagation check | +
INFOBLOX_PORT |
+The port for the infoblox grid manager, default: 443 | +
INFOBLOX_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
INFOBLOX_SSL_VERIFY |
+Whether or not to verify the TLS certificate, default: true | +
INFOBLOX_TTL |
+The TTL of the TXT record used for the DNS challenge | +
INFOBLOX_WAPI_VERSION |
+The version of WAPI being used, default: 2.11 | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
When creating an API’s user ensure it has the proper permissions for the view you are working with.
+Configuration for Infomaniak.
+infomaniak
Here is an example bash command using the Infomaniak provider:
+INFOMANIAK_ACCESS_TOKEN=1234567898765432 \
+lego --email you@example.com --dns infomaniak -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
INFOMANIAK_ACCESS_TOKEN |
+Access token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
INFOMANIAK_ENDPOINT |
+https://api.infomaniak.com | +
INFOMANIAK_HTTP_TIMEOUT |
+API request timeout | +
INFOMANIAK_POLLING_INTERVAL |
+Time between DNS propagation check | +
INFOMANIAK_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
INFOMANIAK_TTL |
+The TTL of the TXT record used for the DNS challenge in seconds | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Access token can be created at the url https://manager.infomaniak.com/v3/infomaniak-api. +You will need domain scope.
+Configuration for Internet.bs.
+internetbs
Here is an example bash command using the Internet.bs provider:
+INTERNET_BS_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxx \
+INTERNET_BS_PASSWORD=yyyyyyyyyyyyyyyyyyyyyyyyyy \
+lego --email you@example.com --dns internetbs -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
INTERNET_BS_API_KEY |
+API key | +
INTERNET_BS_PASSWORD |
+API password | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
INTERNET_BS_HTTP_TIMEOUT |
+API request timeout | +
INTERNET_BS_POLLING_INTERVAL |
+Time between DNS propagation check | +
INTERNET_BS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
INTERNET_BS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for INWX.
+inwx
Here is an example bash command using the INWX provider:
+INWX_USERNAME=xxxxxxxxxx \
+INWX_PASSWORD=yyyyyyyyyy \
+lego --email you@example.com --dns inwx -d '*.example.com' -d example.com run
+
+# 2FA
+INWX_USERNAME=xxxxxxxxxx \
+INWX_PASSWORD=yyyyyyyyyy \
+INWX_SHARED_SECRET=zzzzzzzzzz \
+lego --email you@example.com --dns inwx -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
INWX_PASSWORD |
+Password | +
INWX_USERNAME |
+Username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
INWX_POLLING_INTERVAL |
+Time between DNS propagation check | +
INWX_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation (default 360s) | +
INWX_SANDBOX |
+Activate the sandbox (boolean) | +
INWX_SHARED_SECRET |
+shared secret related to 2FA | +
INWX_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Ionos.
+ionos
Here is an example bash command using the Ionos provider:
+IONOS_API_KEY=xxxxxxxx \
+lego --email you@example.com --dns ionos -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
IONOS_API_KEY |
+API key <prefix>.<secret> https://developer.hosting.ionos.com/docs/getstarted |
+
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
IONOS_HTTP_TIMEOUT |
+API request timeout | +
IONOS_POLLING_INTERVAL |
+Time between DNS propagation check | +
IONOS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
IONOS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for IPv64.
+ipv64
Here is an example bash command using the IPv64 provider:
+IPV64_API_KEY=xxxxxx \
+lego --email you@example.com --dns ipv64 -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
IPV64_API_KEY |
+Account API Key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
IPV64_HTTP_TIMEOUT |
+API request timeout | +
IPV64_POLLING_INTERVAL |
+Time between DNS propagation check | +
IPV64_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
IPV64_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for iwantmyname.
+iwantmyname
Here is an example bash command using the iwantmyname provider:
+IWANTMYNAME_USERNAME=xxxxxxxx \
+IWANTMYNAME_PASSWORD=xxxxxxxx \
+lego --email you@example.com --dns iwantmyname -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
IWANTMYNAME_PASSWORD |
+API password | +
IWANTMYNAME_USERNAME |
+API username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
IWANTMYNAME_HTTP_TIMEOUT |
+API request timeout | +
IWANTMYNAME_POLLING_INTERVAL |
+Time between DNS propagation check | +
IWANTMYNAME_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
IWANTMYNAME_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Joker.
+joker
Here is an example bash command using the Joker provider:
+# SVC
+JOKER_API_MODE=SVC \
+JOKER_USERNAME=<your email> \
+JOKER_PASSWORD=<your password> \
+lego --email you@example.com --dns joker -d '*.example.com' -d example.com run
+
+# DMAPI
+JOKER_API_MODE=DMAPI \
+JOKER_USERNAME=<your email> \
+JOKER_PASSWORD=<your password> \
+lego --email you@example.com --dns joker -d '*.example.com' -d example.com run
+## or
+JOKER_API_MODE=DMAPI \
+JOKER_API_KEY=<your API key> \
+lego --email you@example.com --dns joker -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
JOKER_API_KEY |
+API key (only with DMAPI mode) | +
JOKER_API_MODE |
+‘DMAPI’ or ‘SVC’. DMAPI is for resellers accounts. (Default: DMAPI) | +
JOKER_PASSWORD |
+Joker.com password | +
JOKER_USERNAME |
+Joker.com username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
JOKER_HTTP_TIMEOUT |
+API request timeout | +
JOKER_POLLING_INTERVAL |
+Time between DNS propagation check | +
JOKER_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
JOKER_SEQUENCE_INTERVAL |
+Time between sequential requests (only with ‘SVC’ mode) | +
JOKER_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
In the SVC mode, username and passsword are not your email and account passwords, but those displayed in Joker.com domain dashboard when enabling Dynamic DNS.
+As per Joker.com documentation:
++++
+- +
+please log in at Joker.com, visit ‘My Domains’, +find the domain you want to add Let’s Encrypt certificate for, and chose “DNS” in the menu
+- +
+on the top right, you will find the setting for ‘Dynamic DNS’. +If not already active, please activate it. +It will not affect any other already existing DNS records of this domain.
+- +
+please take a note of the credentials which are now shown as ‘Dynamic DNS Authentication’, consisting of a ‘username’ and a ‘password’.
+- +
+this is all you have to do here - and only once per domain.
+
Configuration for Liara.
+liara
Here is an example bash command using the Liara provider:
+LIARA_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+lego --email you@example.com --dns liara -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
LIARA_API_KEY |
+The API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
LIARA_HTTP_TIMEOUT |
+API request timeout | +
LIARA_POLLING_INTERVAL |
+Time between DNS propagation check | +
LIARA_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
LIARA_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Amazon Lightsail.
+lightsail
Please contribute by adding a CLI example.
+Environment Variable Name | +Description | +
---|---|
AWS_ACCESS_KEY_ID |
+Managed by the AWS client. Access key ID (AWS_ACCESS_KEY_ID_FILE is not supported, use AWS_SHARED_CREDENTIALS_FILE instead) |
+
AWS_SECRET_ACCESS_KEY |
+Managed by the AWS client. Secret access key (AWS_SECRET_ACCESS_KEY_FILE is not supported, use AWS_SHARED_CREDENTIALS_FILE instead) |
+
DNS_ZONE |
+Domain name of the DNS zone | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
AWS_SHARED_CREDENTIALS_FILE |
+Managed by the AWS client. Shared credentials file. | +
LIGHTSAIL_POLLING_INTERVAL |
+Time between DNS propagation check | +
LIGHTSAIL_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
+AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
, [AWS_SESSION_TOKEN
]~/.aws/credentials
, profiles can be specified using AWS_PROFILE
)AWS region is not required to set as the Lightsail DNS zone is in global (us-east-1) region.
+The following AWS IAM policy document describes the minimum permissions required for lego to complete the DNS challenge.
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "lightsail:DeleteDomainEntry",
+ "lightsail:CreateDomainEntry"
+ ],
+ "Resource": "<Lightsail DNS zone ARN>"
+ }
+ ]
+}
Replace the Resource
value with your Lightsail DNS zone ARN.
+You can retrieve the ARN using aws cli by running aws lightsail get-domains --region us-east-1
(Lightsail web console does not show the ARN, unfortunately).
+It should be in the format of arn:aws:lightsail:global:<ACCOUNT ID>:Domain/<DOMAIN ID>
.
+You also need to replace the region in the ARN to us-east-1
(instead of global
).
Alternatively, you can also set the Resource
to *
(wildcard), which allow to access all domain, but this is not recommended.
Configuration for Lima-City.
+limacity
Here is an example bash command using the Lima-City provider:
+LIMACITY_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+lego --email you@example.com --dns limacity -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
LIMACITY_API_KEY |
+The API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
LIMACITY_HTTP_TIMEOUT |
+API request timeout | +
LIMACITY_POLLING_INTERVAL |
+Time between DNS propagation check | +
LIMACITY_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
LIMACITY_SEQUENCE_INTERVAL |
+Time between sequential requests | +
LIMACITY_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Linode (v4).
+linode
Here is an example bash command using the Linode (v4) provider:
+LINODE_TOKEN=xxxxx \
+lego --email you@example.com --dns linode -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
LINODE_TOKEN |
+API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
LINODE_HTTP_TIMEOUT |
+API request timeout | +
LINODE_POLLING_INTERVAL |
+Time between DNS propagation check | +
LINODE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
LINODE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Liquid Web.
+liquidweb
Here is an example bash command using the Liquid Web provider:
+LWAPI_USERNAME=someuser \
+LWAPI_PASSWORD=somepass \
+lego --email you@example.com --dns liquidweb -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
LWAPI_PASSWORD |
+Liquid Web API Password | +
LWAPI_USERNAME |
+Liquid Web API Username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
LWAPI_HTTP_TIMEOUT |
+Maximum waiting time for the DNS records to be created (not verified) | +
LWAPI_POLLING_INTERVAL |
+Time between DNS propagation check | +
LWAPI_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
LWAPI_TTL |
+The TTL of the TXT record used for the DNS challenge | +
LWAPI_URL |
+Liquid Web API endpoint | +
LWAPI_ZONE |
+DNS Zone | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Loopia.
+loopia
Here is an example bash command using the Loopia provider:
+LOOPIA_API_USER=xxxxxxxx \
+LOOPIA_API_PASSWORD=yyyyyyyy \
+lego --email you@example.com --dns loopia -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
LOOPIA_API_PASSWORD |
+API password | +
LOOPIA_API_USER |
+API username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
LOOPIA_API_URL |
+API endpoint. Ex: https://api.loopia.se/RPCSERV or https://api.loopia.rs/RPCSERV | +
LOOPIA_HTTP_TIMEOUT |
+API request timeout | +
LOOPIA_POLLING_INTERVAL |
+Time between DNS propagation check | +
LOOPIA_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
LOOPIA_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
You can generate a new API user from your account page.
+It needs to have the following permissions:
+Configuration for LuaDNS.
+luadns
Here is an example bash command using the LuaDNS provider:
+LUADNS_API_USERNAME=youremail \
+LUADNS_API_TOKEN=xxxxxxxx \
+lego --email you@example.com --dns luadns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
LUADNS_API_TOKEN |
+API token | +
LUADNS_API_USERNAME |
+Username (your email) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
LUADNS_HTTP_TIMEOUT |
+API request timeout | +
LUADNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
LUADNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
LUADNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Mail-in-a-Box.
+mailinabox
Here is an example bash command using the Mail-in-a-Box provider:
+MAILINABOX_EMAIL=user@example.com \
+MAILINABOX_PASSWORD=yyyy \
+MAILINABOX_BASE_URL=https://box.example.com \
+lego --email you@example.com --dns mailinabox -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
MAILINABOX_BASE_URL |
+Base API URL (ex: https://box.example.com) | +
MAILINABOX_EMAIL |
+User email | +
MAILINABOX_PASSWORD |
+User password | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
MAILINABOX_POLLING_INTERVAL |
+Time between DNS propagation check | +
MAILINABOX_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Solving the DNS-01 challenge using CLI prompt.
+To start using the CLI prompt “provider”, start lego with --dns manual
:
$ lego --email "you@example.com" --domains="example.com" --dns "manual" run
+
What follows are a few log print-outs, interspersed with some prompts, asking for you to do perform some actions:
+No key found for account you@example.com. Generating a P256 key.
+Saved key to ./.lego/accounts/acme-v02.api.letsencrypt.org/you@example.com/keys/you@example.com.key
+Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
+Do you accept the TOS? Y/n
If you accept the linked Terms of Service, hit Enter
.
[INFO] acme: Registering account for you@example.com
+!!!! HEADS UP !!!!
+
+ Your account credentials have been saved in your Let's Encrypt
+ configuration directory at "./.lego/accounts".
+
+ You should make a secure backup of this folder now. This
+ configuration directory will also contain certificates and
+ private keys obtained from Let's Encrypt so making regular
+ backups of this folder is ideal.
+[INFO] [example.com] acme: Obtaining bundled SAN certificate
+[INFO] [example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2345678901
+[INFO] [example.com] acme: Could not find solver for: tls-alpn-01
+[INFO] [example.com] acme: Could not find solver for: http-01
+[INFO] [example.com] acme: use dns-01 solver
+[INFO] [example.com] acme: Preparing to solve DNS-01
+lego: Please create the following TXT record in your example.com. zone:
+_acme-challenge.example.com. 120 IN TXT "hX0dPkG6Gfs9hUvBAchQclkyyoEKbShbpvJ9mY5q2JQ"
+lego: Press 'Enter' when you are done
Do as instructed, and create the TXT records, and hit Enter
.
[INFO] [example.com] acme: Trying to solve DNS-01
+[INFO] [example.com] acme: Checking DNS record propagation using [192.168.8.1:53]
+[INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
+[INFO] [example.com] acme: Waiting for DNS record propagation.
+[INFO] [example.com] The server validated our request
+[INFO] [example.com] acme: Cleaning DNS-01 challenge
+lego: You can now remove this TXT record from your example.com. zone:
+_acme-challenge.example.com. 120 IN TXT "hX0dPkG6Gfs9hUvBAchQclkyyoEKbShbpvJ9mY5q2JQ"
+[INFO] [example.com] acme: Validations succeeded; requesting certificates
+[INFO] [example.com] Server responded with a certificate.
As mentioned, you can now remove the TXT record again.
+ +Configuration for Metaname.
+metaname
Here is an example bash command using the Metaname provider:
+METANAME_ACCOUNT_REFERENCE=xxxx \
+METANAME_API_KEY=yyyyyyy \
+lego --email you@example.com --dns metaname -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
METANAME_ACCOUNT_REFERENCE |
+The four-digit reference of a Metaname account | +
METANAME_API_KEY |
+API Key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
METANAME_POLLING_INTERVAL |
+Time between DNS propagation check | +
METANAME_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
METANAME_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for mijn.host.
+mijnhost
Here is an example bash command using the mijn.host provider:
+MIJNHOST_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+lego --email you@example.com --dns mijnhost -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
MIJNHOST_API_KEY |
+The API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
MIJNHOST_HTTP_TIMEOUT |
+API request timeout | +
MIJNHOST_POLLING_INTERVAL |
+Time between DNS propagation check | +
MIJNHOST_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
MIJNHOST_SEQUENCE_INTERVAL |
+Time between sequential requests | +
MIJNHOST_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Mittwald.
+mittwald
Here is an example bash command using the Mittwald provider:
+MITTWALD_TOKEN=my-token \
+lego --email you@example.com --dns mittwald -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
MITTWALD_TOKEN |
+API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
MITTWALD_HTTP_TIMEOUT |
+API request timeout | +
MITTWALD_POLLING_INTERVAL |
+Time between DNS propagation check | +
MITTWALD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
MITTWALD_SEQUENCE_INTERVAL |
+Time between sequential requests | +
MITTWALD_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for MyDNS.jp.
+mydnsjp
Here is an example bash command using the MyDNS.jp provider:
+MYDNSJP_MASTER_ID=xxxxx \
+MYDNSJP_PASSWORD=xxxxx \
+lego --email you@example.com --dns mydnsjp -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
MYDNSJP_MASTER_ID |
+Master ID | +
MYDNSJP_PASSWORD |
+Password | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
MYDNSJP_HTTP_TIMEOUT |
+API request timeout | +
MYDNSJP_POLLING_INTERVAL |
+Time between DNS propagation check | +
MYDNSJP_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
MYDNSJP_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for MythicBeasts.
+mythicbeasts
Here is an example bash command using the MythicBeasts provider:
+MYTHICBEASTS_USERNAME=myuser \
+MYTHICBEASTS_PASSWORD=mypass \
+lego --email you@example.com --dns mythicbeasts -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
MYTHICBEASTS_PASSWORD |
+Password | +
MYTHICBEASTS_USERNAME |
+User name | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
MYTHICBEASTS_API_ENDPOINT |
+The endpoint for the API (must implement v2) | +
MYTHICBEASTS_AUTH_API_ENDPOINT |
+The endpoint for Mythic Beasts’ Authentication | +
MYTHICBEASTS_HTTP_TIMEOUT |
+API request timeout | +
MYTHICBEASTS_POLLING_INTERVAL |
+Time between DNS propagation check | +
MYTHICBEASTS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
MYTHICBEASTS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
If you are using specific API keys, then the username is the API ID for your API key, and the password is the API secret.
+Your API key name is not needed to operate lego.
+Configuration for Namecheap.
+To enable API access on the Namecheap production environment, some opaque requirements must be met. +More information in the section Enabling API Access of the Namecheap documentation. +(2020-08: Account balance of $50+, 20+ domains in your account, or purchases totaling $50+ within the last 2 years.)
+namecheap
Here is an example bash command using the Namecheap provider:
+NAMECHEAP_API_USER=user \
+NAMECHEAP_API_KEY=key \
+lego --email you@example.com --dns namecheap -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NAMECHEAP_API_KEY |
+API key | +
NAMECHEAP_API_USER |
+API user | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NAMECHEAP_HTTP_TIMEOUT |
+API request timeout | +
NAMECHEAP_POLLING_INTERVAL |
+Time between DNS propagation check | +
NAMECHEAP_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
NAMECHEAP_SANDBOX |
+Activate the sandbox (boolean) | +
NAMECHEAP_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Name.com.
+namedotcom
Here is an example bash command using the Name.com provider:
+NAMECOM_USERNAME=foo.bar \
+NAMECOM_API_TOKEN=a379a6f6eeafb9a55e378c118034e2751e682fab \
+lego --email you@example.com --dns namedotcom -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NAMECOM_API_TOKEN |
+API token | +
NAMECOM_USERNAME |
+Username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NAMECOM_HTTP_TIMEOUT |
+API request timeout | +
NAMECOM_POLLING_INTERVAL |
+Time between DNS propagation check | +
NAMECOM_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
NAMECOM_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Namesilo.
+namesilo
Here is an example bash command using the Namesilo provider:
+NAMESILO_API_KEY=b9841238feb177a84330febba8a83208921177bffe733 \
+lego --email you@example.com --dns namesilo -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NAMESILO_API_KEY |
+Client ID | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NAMESILO_POLLING_INTERVAL |
+Time between DNS propagation check | +
NAMESILO_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation, it is better to set larger than 15m | +
NAMESILO_TTL |
+The TTL of the TXT record used for the DNS challenge, should be in [3600, 2592000] | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for NearlyFreeSpeech.NET.
+nearlyfreespeech
Here is an example bash command using the NearlyFreeSpeech.NET provider:
+NEARLYFREESPEECH_API_KEY=xxxxxx \
+NEARLYFREESPEECH_LOGIN=xxxx \
+lego --email you@example.com --dns nearlyfreespeech -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NEARLYFREESPEECH_API_KEY |
+API Key for API requests | +
NEARLYFREESPEECH_LOGIN |
+Username for API requests | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NEARLYFREESPEECH_HTTP_TIMEOUT |
+API request timeout | +
NEARLYFREESPEECH_POLLING_INTERVAL |
+Time between DNS propagation check | +
NEARLYFREESPEECH_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
NEARLYFREESPEECH_SEQUENCE_INTERVAL |
+Time between sequential requests | +
NEARLYFREESPEECH_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Netcup.
+netcup
Here is an example bash command using the Netcup provider:
+NETCUP_CUSTOMER_NUMBER=xxxx \
+NETCUP_API_KEY=yyyy \
+NETCUP_API_PASSWORD=zzzz \
+lego --email you@example.com --dns netcup -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NETCUP_API_KEY |
+API key | +
NETCUP_API_PASSWORD |
+API password | +
NETCUP_CUSTOMER_NUMBER |
+Customer number | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NETCUP_HTTP_TIMEOUT |
+API request timeout | +
NETCUP_POLLING_INTERVAL |
+Time between DNS propagation check | +
NETCUP_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
NETCUP_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Netlify.
+netlify
Here is an example bash command using the Netlify provider:
+NETLIFY_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
+lego --email you@example.com --dns netlify -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NETLIFY_TOKEN |
+Token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NETLIFY_HTTP_TIMEOUT |
+API request timeout | +
NETLIFY_POLLING_INTERVAL |
+Time between DNS propagation check | +
NETLIFY_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
NETLIFY_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Nicmanager.
+nicmanager
Here is an example bash command using the Nicmanager provider:
+## Login using email
+
+NICMANAGER_API_EMAIL = "you@example.com" \
+NICMANAGER_API_PASSWORD = "password" \
+
+# Optionally, if your account has TOTP enabled, set the secret here
+NICMANAGER_API_OTP = "long-secret" \
+
+lego --email you@example.com --dns nicmanager -d '*.example.com' -d example.com run
+
+## Login using account name + username
+
+NICMANAGER_API_LOGIN = "myaccount" \
+NICMANAGER_API_USERNAME = "myuser" \
+NICMANAGER_API_PASSWORD = "password" \
+
+# Optionally, if your account has TOTP enabled, set the secret here
+NICMANAGER_API_OTP = "long-secret" \
+
+lego --email you@example.com --dns nicmanager -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NICMANAGER_API_EMAIL |
+Email-based login | +
NICMANAGER_API_LOGIN |
+Login, used for Username-based login | +
NICMANAGER_API_PASSWORD |
+Password, always required | +
NICMANAGER_API_USERNAME |
+Username, used for Username-based login | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NICMANAGER_API_MODE |
+mode: ‘anycast’ or ‘zone’ (default: ‘anycast’) | +
NICMANAGER_API_OTP |
+TOTP Secret (optional) | +
NICMANAGER_HTTP_TIMEOUT |
+API request timeout | +
NICMANAGER_POLLING_INTERVAL |
+Time between DNS propagation check | +
NICMANAGER_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
NICMANAGER_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
You can log in using your account name + username or using your email address.
+Optionally if TOTP is configured for your account, set NICMANAGER_API_OTP
.
Configuration for NIFCloud.
+nifcloud
Here is an example bash command using the NIFCloud provider:
+NIFCLOUD_ACCESS_KEY_ID=xxxx \
+NIFCLOUD_SECRET_ACCESS_KEY=yyyy \
+lego --email you@example.com --dns nifcloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NIFCLOUD_ACCESS_KEY_ID |
+Access key | +
NIFCLOUD_SECRET_ACCESS_KEY |
+Secret access key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NIFCLOUD_HTTP_TIMEOUT |
+API request timeout | +
NIFCLOUD_POLLING_INTERVAL |
+Time between DNS propagation check | +
NIFCLOUD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
NIFCLOUD_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Njalla.
+njalla
Here is an example bash command using the Njalla provider:
+NJALLA_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxx \
+lego --email you@example.com --dns njalla -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NJALLA_TOKEN |
+API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NJALLA_HTTP_TIMEOUT |
+API request timeout | +
NJALLA_POLLING_INTERVAL |
+Time between DNS propagation check | +
NJALLA_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
NJALLA_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Nodion.
+nodion
Here is an example bash command using the Nodion provider:
+NODION_API_TOKEN="xxxxxxxxxxxxxxxxxxxxx" \
+lego --email you@example.com --dns nodion -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NODION_API_TOKEN |
+The API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NODION_HTTP_TIMEOUT |
+API request timeout | +
NODION_POLLING_INTERVAL |
+Time between DNS propagation check | +
NODION_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
NODION_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for NS1.
+ns1
Here is an example bash command using the NS1 provider:
+NS1_API_KEY=xxxx \
+lego --email you@example.com --dns ns1 -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
NS1_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
NS1_HTTP_TIMEOUT |
+API request timeout | +
NS1_POLLING_INTERVAL |
+Time between DNS propagation check | +
NS1_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
NS1_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Oracle Cloud.
+oraclecloud
Here is an example bash command using the Oracle Cloud provider:
+OCI_PRIVKEY_FILE="~/.oci/oci_api_key.pem" \
+OCI_PRIVKEY_PASS="secret" \
+OCI_TENANCY_OCID="ocid1.tenancy.oc1..secret" \
+OCI_USER_OCID="ocid1.user.oc1..secret" \
+OCI_PUBKEY_FINGERPRINT="00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" \
+OCI_REGION="us-phoenix-1" \
+OCI_COMPARTMENT_OCID="ocid1.tenancy.oc1..secret" \
+lego --email you@example.com --dns oraclecloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
OCI_COMPARTMENT_OCID |
+Compartment OCID | +
OCI_PRIVKEY_FILE |
+Private key file | +
OCI_PRIVKEY_PASS |
+Private key password | +
OCI_PUBKEY_FINGERPRINT |
+Public key fingerprint | +
OCI_REGION |
+Region | +
OCI_TENANCY_OCID |
+Tenancy OCID | +
OCI_USER_OCID |
+User OCID | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
OCI_POLLING_INTERVAL |
+Time between DNS propagation check | +
OCI_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
OCI_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Open Telekom Cloud.
+otc
Please contribute by adding a CLI example.
+Environment Variable Name | +Description | +
---|---|
OTC_DOMAIN_NAME |
+Domain name | +
OTC_IDENTITY_ENDPOINT |
+Identity endpoint URL | +
OTC_PASSWORD |
+Password | +
OTC_PROJECT_NAME |
+Project name | +
OTC_USER_NAME |
+User name | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
OTC_HTTP_TIMEOUT |
+API request timeout | +
OTC_POLLING_INTERVAL |
+Time between DNS propagation check | +
OTC_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
OTC_SEQUENCE_INTERVAL |
+Time between sequential requests | +
OTC_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for OVH.
+ovh
Here is an example bash command using the OVH provider:
+# Application Key authentication:
+
+OVH_APPLICATION_KEY=1234567898765432 \
+OVH_APPLICATION_SECRET=b9841238feb177a84330febba8a832089 \
+OVH_CONSUMER_KEY=256vfsd347245sdfg \
+OVH_ENDPOINT=ovh-eu \
+lego --email you@example.com --dns ovh -d '*.example.com' -d example.com run
+
+# Or Access Token:
+
+OVH_ACCESS_TOKEN=xxx \
+OVH_ENDPOINT=ovh-eu \
+lego --email you@example.com --dns ovh -d '*.example.com' -d example.com run
+
+# Or OAuth2:
+
+OVH_CLIENT_ID=yyy \
+OVH_CLIENT_SECRET=xxx \
+OVH_ENDPOINT=ovh-eu \
+lego --email you@example.com --dns ovh -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
OVH_ACCESS_TOKEN |
+Access token | +
OVH_APPLICATION_KEY |
+Application key (Application Key authentication) | +
OVH_APPLICATION_SECRET |
+Application secret (Application Key authentication) | +
OVH_CLIENT_ID |
+Client ID (OAuth2) | +
OVH_CLIENT_SECRET |
+Client secret (OAuth2) | +
OVH_CONSUMER_KEY |
+Consumer key (Application Key authentication) | +
OVH_ENDPOINT |
+Endpoint URL (ovh-eu or ovh-ca) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
OVH_HTTP_TIMEOUT |
+API request timeout | +
OVH_POLLING_INTERVAL |
+Time between DNS propagation check | +
OVH_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
OVH_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Application key and secret can be created by following the OVH guide.
+When requesting the consumer key, the following configuration can be used to define access rights:
+{
+ "accessRules": [
+ {
+ "method": "POST",
+ "path": "/domain/zone/*"
+ },
+ {
+ "method": "DELETE",
+ "path": "/domain/zone/*"
+ }
+ ]
+}
Another method for authentication is by using OAuth2 client credentials.
+An IAM policy and service account can be created by following the OVH guide.
+Following IAM policies need to be authorized for the affected domain:
+Both authentication methods cannot be used at the same time.
+Configuration for PowerDNS.
+pdns
Here is an example bash command using the PowerDNS provider:
+PDNS_API_URL=http://pdns-server:80/ \
+PDNS_API_KEY=xxxx \
+lego --email you@example.com --dns pdns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
PDNS_API_KEY |
+API key | +
PDNS_API_URL |
+API URL | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
PDNS_API_VERSION |
+Skip API version autodetection and use the provided version number. | +
PDNS_HTTP_TIMEOUT |
+API request timeout | +
PDNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
PDNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
PDNS_SERVER_NAME |
+Name of the server in the URL, ’localhost’ by default | +
PDNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Tested and confirmed to work with PowerDNS authoritative server 3.4.8 and 4.0.1. Refer to PowerDNS documentation instructions on how to enable the built-in API interface.
+PowerDNS Notes:
+_acme-challenge
record is added/modified via the API, set SOA-EDIT-API
to INCEPTION-INCREMENT
for the zone in the domainmetadata
tablePDNS_API_VERSION
.Configuration for plesk.com.
+plesk
Here is an example bash command using the plesk.com provider:
+PLESK_SERVER_BASE_URL="https://plesk.myserver.com:8443" \
+PLESK_USERNAME=xxxxxx \
+PLESK_PASSWORD=yyyyyy \
+lego --email you@example.com --dns plesk -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
PLESK_PASSWORD |
+API password | +
PLESK_SERVER_BASE_URL |
+Base URL of the server (ex: https://plesk.myserver.com:8443) | +
PLESK_USERNAME |
+API username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
PLESK_HTTP_TIMEOUT |
+API request timeout | +
PLESK_POLLING_INTERVAL |
+Time between DNS propagation check | +
PLESK_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
PLESK_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Porkbun.
+porkbun
Here is an example bash command using the Porkbun provider:
+PORKBUN_SECRET_API_KEY=xxxxxx \
+PORKBUN_API_KEY=yyyyyy \
+lego --email you@example.com --dns porkbun -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
PORKBUN_API_KEY |
+API key | +
PORKBUN_SECRET_API_KEY |
+secret API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
PORKBUN_HTTP_TIMEOUT |
+API request timeout | +
PORKBUN_POLLING_INTERVAL |
+Time between DNS propagation check | +
PORKBUN_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
PORKBUN_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Rackspace.
+rackspace
Here is an example bash command using the Rackspace provider:
+RACKSPACE_USER=xxxx \
+RACKSPACE_API_KEY=yyyy \
+lego --email you@example.com --dns rackspace -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
RACKSPACE_API_KEY |
+API key | +
RACKSPACE_USER |
+API user | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
RACKSPACE_HTTP_TIMEOUT |
+API request timeout | +
RACKSPACE_POLLING_INTERVAL |
+Time between DNS propagation check | +
RACKSPACE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
RACKSPACE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for RcodeZero.
+rcodezero
Here is an example bash command using the RcodeZero provider:
+RCODEZERO_API_TOKEN=<mytoken> \
+lego --email you@example.com --dns rcodezero -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
RCODEZERO_API_TOKEN |
+API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
RCODEZERO_HTTP_TIMEOUT |
+API request timeout | +
RCODEZERO_POLLING_INTERVAL |
+Time between DNS propagation check | +
RCODEZERO_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
RCODEZERO_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Generate your API Token via https://my.rcodezero.at with the ACME
permissions.
+These are special tokens with limited access for ACME requests only.
RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.
+Configuration for Regfish.
+regfish
Here is an example bash command using the Regfish provider:
+REGFISH_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+lego --email you@example.com --dns regfish -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
REGFISH_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
REGFISH_HTTP_TIMEOUT |
+API request timeout | +
REGFISH_POLLING_INTERVAL |
+Time between DNS propagation check | +
REGFISH_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
REGFISH_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for reg.ru.
+regru
Here is an example bash command using the reg.ru provider:
+REGRU_USERNAME=xxxxxx \
+REGRU_PASSWORD=yyyyyy \
+lego --email you@example.com --dns regru -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
REGRU_PASSWORD |
+API password | +
REGRU_USERNAME |
+API username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
REGRU_HTTP_TIMEOUT |
+API request timeout | +
REGRU_POLLING_INTERVAL |
+Time between DNS propagation check | +
REGRU_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
REGRU_TLS_CERT |
+authentication certificate | +
REGRU_TLS_KEY |
+authentication private key | +
REGRU_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for RFC2136.
+rfc2136
Here is an example bash command using the RFC2136 provider:
+RFC2136_NAMESERVER=127.0.0.1 \
+RFC2136_TSIG_KEY=example.com \
+RFC2136_TSIG_ALGORITHM=hmac-sha256. \
+RFC2136_TSIG_SECRET=YWJjZGVmZGdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU= \
+lego --email you@example.com --dns rfc2136 -d '*.example.com' -d example.com run
+
+## ---
+
+keyname=example.com; keyfile=example.com.key; tsig-keygen $keyname > $keyfile
+
+RFC2136_NAMESERVER=127.0.0.1 \
+RFC2136_TSIG_FILE="$keyfile" \
+lego --email you@example.com --dns rfc2136 -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
RFC2136_NAMESERVER |
+Network address in the form “host” or “host:port” | +
RFC2136_TSIG_ALGORITHM |
+TSIG algorithm. See miekg/dns#tsig.go for supported values. To disable TSIG authentication, leave the RFC2136_TSIG_KEY or RFC2136_TSIG_SECRET variables unset. |
+
RFC2136_TSIG_KEY |
+Name of the secret key as defined in DNS server configuration. To disable TSIG authentication, leave the RFC2136_TSIG_KEY variable unset. |
+
RFC2136_TSIG_SECRET |
+Secret key payload. To disable TSIG authentication, leave the RFC2136_TSIG_SECRET variable unset. |
+
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
RFC2136_DNS_TIMEOUT |
+API request timeout | +
RFC2136_POLLING_INTERVAL |
+Time between DNS propagation check | +
RFC2136_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
RFC2136_SEQUENCE_INTERVAL |
+Time between sequential requests | +
RFC2136_TSIG_FILE |
+Path to a key file generated by tsig-keygen | +
RFC2136_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for RimuHosting.
+rimuhosting
Here is an example bash command using the RimuHosting provider:
+RIMUHOSTING_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
+lego --email you@example.com --dns rimuhosting -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
RIMUHOSTING_API_KEY |
+User API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
RIMUHOSTING_HTTP_TIMEOUT |
+API request timeout | +
RIMUHOSTING_POLLING_INTERVAL |
+Time between DNS propagation check | +
RIMUHOSTING_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
RIMUHOSTING_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Amazon Route 53.
+route53
Here is an example bash command using the Amazon Route 53 provider:
+AWS_ACCESS_KEY_ID=your_key_id \
+AWS_SECRET_ACCESS_KEY=your_secret_access_key \
+AWS_REGION=aws-region \
+AWS_HOSTED_ZONE_ID=your_hosted_zone_id \
+lego --email you@example.com --dns route53 -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
AWS_ACCESS_KEY_ID |
+Managed by the AWS client. Access key ID (AWS_ACCESS_KEY_ID_FILE is not supported, use AWS_SHARED_CREDENTIALS_FILE instead) |
+
AWS_ASSUME_ROLE_ARN |
+Managed by the AWS Role ARN (AWS_ASSUME_ROLE_ARN_FILE is not supported) |
+
AWS_EXTERNAL_ID |
+Managed by STS AssumeRole API operation (AWS_EXTERNAL_ID_FILE is not supported) |
+
AWS_HOSTED_ZONE_ID |
+Override the hosted zone ID. | +
AWS_PROFILE |
+Managed by the AWS client (AWS_PROFILE_FILE is not supported) |
+
AWS_REGION |
+Managed by the AWS client (AWS_REGION_FILE is not supported) |
+
AWS_SDK_LOAD_CONFIG |
+Managed by the AWS client. Retrieve the region from the CLI config file (AWS_SDK_LOAD_CONFIG_FILE is not supported) |
+
AWS_SECRET_ACCESS_KEY |
+Managed by the AWS client. Secret access key (AWS_SECRET_ACCESS_KEY_FILE is not supported, use AWS_SHARED_CREDENTIALS_FILE instead) |
+
AWS_WAIT_FOR_RECORD_SETS_CHANGED |
+Wait for changes to be INSYNC (it can be unstable) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
AWS_MAX_RETRIES |
+The number of maximum returns the service will use to make an individual API request | +
AWS_POLLING_INTERVAL |
+Time between DNS propagation check | +
AWS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
AWS_SHARED_CREDENTIALS_FILE |
+Managed by the AWS client. Shared credentials file. | +
AWS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
AWS Credentials are automatically detected in the following locations and prioritized in the following order:
+AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
, [AWS_SESSION_TOKEN
]~/.aws/credentials
, profiles can be specified using AWS_PROFILE
)The AWS Region is automatically detected in the following locations and prioritized in the following order:
+AWS_REGION
AWS_SDK_LOAD_CONFIG
is set (defaults to ~/.aws/config
, profiles can be specified using AWS_PROFILE
)If AWS_HOSTED_ZONE_ID
is not set, Lego tries to determine the correct public hosted zone via the FQDN.
See also:
+ +The following IAM policy document grants access to the required APIs needed by lego to complete the DNS challenge. +A word of caution: +These permissions grant write access to any DNS record in any hosted zone, +so it is recommended to narrow them down as much as possible if you are using this policy in production.
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "route53:GetChange",
+ "route53:ChangeResourceRecordSets",
+ "route53:ListResourceRecordSets"
+ ],
+ "Resource": [
+ "arn:aws:route53:::hostedzone/*",
+ "arn:aws:route53:::change/*"
+ ]
+ },
+ {
+ "Effect": "Allow",
+ "Action": "route53:ListHostedZonesByName",
+ "Resource": "*"
+ }
+ ]
+}
The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
+Write access is limited to a specified hosted zone’s DNS TXT records with a key of _acme-challenge.example.com
.
+Replace Z11111112222222333333
with your hosted zone ID and example.com
with your domain name to use this policy.
{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": "route53:GetChange",
+ "Resource": "arn:aws:route53:::change/*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": "route53:ListHostedZonesByName",
+ "Resource": "*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "route53:ListResourceRecordSets"
+ ],
+ "Resource": [
+ "arn:aws:route53:::hostedzone/Z11111112222222333333"
+ ]
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "route53:ChangeResourceRecordSets"
+ ],
+ "Resource": [
+ "arn:aws:route53:::hostedzone/Z11111112222222333333"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "route53:ChangeResourceRecordSetsNormalizedRecordNames": [
+ "_acme-challenge.example.com"
+ ],
+ "route53:ChangeResourceRecordSetsRecordTypes": [
+ "TXT"
+ ]
+ }
+ }
+ }
+ ]
+}
Configuration for UKFast SafeDNS.
+safedns
Here is an example bash command using the UKFast SafeDNS provider:
+SAFEDNS_AUTH_TOKEN=xxxxxx \
+lego --email you@example.com --dns safedns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SAFEDNS_AUTH_TOKEN |
+Authentication token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SAFEDNS_HTTP_TIMEOUT |
+API request timeout | +
SAFEDNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
SAFEDNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SAFEDNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Sakura Cloud.
+sakuracloud
Here is an example bash command using the Sakura Cloud provider:
+SAKURACLOUD_ACCESS_TOKEN=xxxxx \
+SAKURACLOUD_ACCESS_TOKEN_SECRET=yyyyy \
+lego --email you@example.com --dns sakuracloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SAKURACLOUD_ACCESS_TOKEN |
+Access token | +
SAKURACLOUD_ACCESS_TOKEN_SECRET |
+Access token secret | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SAKURACLOUD_HTTP_TIMEOUT |
+API request timeout | +
SAKURACLOUD_POLLING_INTERVAL |
+Time between DNS propagation check | +
SAKURACLOUD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SAKURACLOUD_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Scaleway.
+scaleway
Here is an example bash command using the Scaleway provider:
+SCW_SECRET_KEY=xxxxxxx-xxxxx-xxxx-xxx-xxxxxx \
+lego --email you@example.com --dns scaleway -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SCW_PROJECT_ID |
+Project to use (optional) | +
SCW_SECRET_KEY |
+Secret key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SCW_ACCESS_KEY |
+Access key | +
SCW_POLLING_INTERVAL |
+Time between DNS propagation check | +
SCW_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SCW_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Selectel.
+selectel
Here is an example bash command using the Selectel provider:
+SELECTEL_API_TOKEN=xxxxx \
+lego --email you@example.com --dns selectel -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SELECTEL_API_TOKEN |
+API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SELECTEL_BASE_URL |
+API endpoint URL | +
SELECTEL_HTTP_TIMEOUT |
+API request timeout | +
SELECTEL_POLLING_INTERVAL |
+Time between DNS propagation check | +
SELECTEL_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SELECTEL_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Selectel v2.
+selectelv2
Here is an example bash command using the Selectel v2 provider:
+SELECTELV2_USERNAME=trex \
+SELECTELV2_PASSWORD=xxxxx \
+SELECTELV2_ACCOUNT_ID=1234567 \
+SELECTELV2_PROJECT_ID=111a11111aaa11aa1a11aaa11111aa1a \
+lego --email you@example.com --dns selectelv2 -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SELECTELV2_ACCOUNT_ID |
+Selectel account ID (INT) | +
SELECTELV2_PASSWORD |
+Openstack username’s password | +
SELECTELV2_PROJECT_ID |
+Cloud project ID (UUID) | +
SELECTELV2_USERNAME |
+Openstack username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SELECTELV2_BASE_URL |
+API endpoint URL | +
SELECTELV2_HTTP_TIMEOUT |
+API request timeout | +
SELECTELV2_POLLING_INTERVAL |
+Time between DNS propagation check | +
SELECTELV2_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SELECTELV2_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for SelfHost.(de|eu).
+selfhostde
Here is an example bash command using the SelfHost.(de|eu) provider:
+SELFHOSTDE_USERNAME=xxx \
+SELFHOSTDE_PASSWORD=yyy \
+SELFHOSTDE_RECORDS_MAPPING=my.example.com:123 \
+lego --email you@example.com --dns selfhostde -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SELFHOSTDE_PASSWORD |
+Password | +
SELFHOSTDE_RECORDS_MAPPING |
+Record IDs mapping with domains (ex: example.com:123:456,example.org:789,foo.example.com:147) | +
SELFHOSTDE_USERNAME |
+Username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SELFHOSTDE_HTTP_TIMEOUT |
+API request timeout | +
SELFHOSTDE_POLLING_INTERVAL |
+Time between DNS propagation check | +
SELFHOSTDE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SELFHOSTDE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
SelfHost.de doesn’t have an API to create or delete TXT records, +there is only an “unofficial” and undocumented endpoint to update an existing TXT record.
+So, before using lego to request a certificate for a given domain or wildcard (such as my.example.org
or *.my.example.org
),
+you must create:
_acme-challenge.my.example.org
if you are not using wildcard for this domain._acme-challenge.my.example.org
if you are using wildcard for this domain.After that you must edit the TXT record(s) to get the ID(s).
+You then must prepare the SELFHOSTDE_RECORDS_MAPPING
environment variable with the following format:
<domain_A>:<record_id_A1>:<record_id_A2>,<domain_B>:<record_id_B1>:<record_id_B2>,<domain_C>:<record_id_C1>:<record_id_C2>
where each group of domain + record ID(s) is separated with a comma (,
),
+and the domain and record ID(s) are separated with a colon (:
).
For example, if you want to create or renew a certificate for my.example.org
, *.my.example.org
, and other.example.org
,
+you would need:
_acme-challenge.my.example.org
_acme-challenge.other.example.org
The resulting environment variable would then be: SELFHOSTDE_RECORDS_MAPPING=my.example.com:123:456,other.example.com:789
Configuration for Servercow.
+servercow
Here is an example bash command using the Servercow provider:
+SERVERCOW_USERNAME=xxxxxxxx \
+SERVERCOW_PASSWORD=xxxxxxxx \
+lego --email you@example.com --dns servercow -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SERVERCOW_PASSWORD |
+API password | +
SERVERCOW_USERNAME |
+API username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SERVERCOW_HTTP_TIMEOUT |
+API request timeout | +
SERVERCOW_POLLING_INTERVAL |
+Time between DNS propagation check | +
SERVERCOW_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SERVERCOW_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Shellrent.
+shellrent
Here is an example bash command using the Shellrent provider:
+SHELLRENT_USERNAME=xxxx \
+SHELLRENT_TOKEN=yyyy \
+lego --email you@example.com --dns shellrent -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SHELLRENT_TOKEN |
+Token | +
SHELLRENT_USERNAME |
+Username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SHELLRENT_HTTP_TIMEOUT |
+API request timeout | +
SHELLRENT_POLLING_INTERVAL |
+Time between DNS propagation check | +
SHELLRENT_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SHELLRENT_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Simply.com.
+simply
Here is an example bash command using the Simply.com provider:
+SIMPLY_ACCOUNT_NAME=xxxxxx \
+SIMPLY_API_KEY=yyyyyy \
+lego --email you@example.com --dns simply -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SIMPLY_ACCOUNT_NAME |
+Account name | +
SIMPLY_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SIMPLY_HTTP_TIMEOUT |
+API request timeout | +
SIMPLY_POLLING_INTERVAL |
+Time between DNS propagation check | +
SIMPLY_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SIMPLY_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Sonic.
+sonic
Here is an example bash command using the Sonic provider:
+SONIC_USER_ID=12345 \
+SONIC_API_KEY=4d6fbf2f9ab0fa11697470918d37625851fc0c51 \
+lego --email you@example.com --dns sonic -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
SONIC_API_KEY |
+API Key | +
SONIC_USER_ID |
+User ID | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
SONIC_HTTP_TIMEOUT |
+API request timeout | +
SONIC_POLLING_INTERVAL |
+Time between DNS propagation check | +
SONIC_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
SONIC_SEQUENCE_INTERVAL |
+Time between sequential requests | +
SONIC_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
The API keys must be generated by calling the dyndns/api_key
endpoint.
Example:
+$ curl -X POST -H "Content-Type: application/json" --data '{"username":"notarealuser","password":"notarealpassword","hostname":"example.com"}' https://public-api.sonic.net/dyndns/api_key
+{"userid":"12345","apikey":"4d6fbf2f9ab0fa11697470918d37625851fc0c51","result":200,"message":"OK"}
See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional details.
+This userid
and apikey
combo allow modifications to any DNS entries connected to the managed domain (hostname).
Hostname should be the toplevel domain managed e.g. example.com
not www.example.com
.
Configuration for Stackpath.
+stackpath
Here is an example bash command using the Stackpath provider:
+STACKPATH_CLIENT_ID=xxxxx \
+STACKPATH_CLIENT_SECRET=yyyyy \
+STACKPATH_STACK_ID=zzzzz \
+lego --email you@example.com --dns stackpath -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
STACKPATH_CLIENT_ID |
+Client ID | +
STACKPATH_CLIENT_SECRET |
+Client secret | +
STACKPATH_STACK_ID |
+Stack ID | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
STACKPATH_POLLING_INTERVAL |
+Time between DNS propagation check | +
STACKPATH_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
STACKPATH_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Technitium.
+technitium
Here is an example bash command using the Technitium provider:
+TECHNITIUM_SERVER_BASE_URL="https://localhost:5380" \
+TECHNITIUM_API_TOKEN="xxxxxxxxxxxxxxxxxxxxx" \
+lego --email you@example.com --dns technitium -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
TECHNITIUM_API_TOKEN |
+API token | +
TECHNITIUM_SERVER_BASE_URL |
+Server base URL | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
TECHNITIUM_HTTP_TIMEOUT |
+API request timeout | +
TECHNITIUM_POLLING_INTERVAL |
+Time between DNS propagation check | +
TECHNITIUM_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
TECHNITIUM_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Technitium DNS Server supports Dynamic Updates (RFC2136) for primary zones, +so you can also use the RFC2136 provider.
+RFC2136 provider is much better compared to the HTTP API option from security perspective. +Technitium recommends to use it in production over the HTTP API.
+Configuration for Tencent Cloud DNS.
+tencentcloud
Here is an example bash command using the Tencent Cloud DNS provider:
+TENCENTCLOUD_SECRET_ID=abcdefghijklmnopqrstuvwx \
+TENCENTCLOUD_SECRET_KEY=your-secret-key \
+lego --email you@example.com --dns tencentcloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
TENCENTCLOUD_SECRET_ID |
+Access key ID | +
TENCENTCLOUD_SECRET_KEY |
+Access Key secret | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
TENCENTCLOUD_HTTP_TIMEOUT |
+API request timeout | +
TENCENTCLOUD_POLLING_INTERVAL |
+Time between DNS propagation check | +
TENCENTCLOUD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
TENCENTCLOUD_REGION |
+Region | +
TENCENTCLOUD_SESSION_TOKEN |
+Access Key token | +
TENCENTCLOUD_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Timeweb Cloud.
+timewebcloud
Here is an example bash command using the Timeweb Cloud provider:
+TIMEWEBCLOUD_AUTH_TOKEN=xxxxxx \
+lego --email you@example.com --dns timewebcloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
TIMEWEBCLOUD_AUTH_TOKEN |
+Authentication token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
TIMEWEBCLOUD_HTTP_TIMEOUT |
+API request timeout | +
TIMEWEBCLOUD_POLLING_INTERVAL |
+Time between DNS propagation check | +
TIMEWEBCLOUD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for TransIP.
+transip
Here is an example bash command using the TransIP provider:
+TRANSIP_ACCOUNT_NAME = "Account name" \
+TRANSIP_PRIVATE_KEY_PATH = "transip.key" \
+lego --email you@example.com --dns transip -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
TRANSIP_ACCOUNT_NAME |
+Account name | +
TRANSIP_PRIVATE_KEY_PATH |
+Private key path | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
TRANSIP_POLLING_INTERVAL |
+Time between DNS propagation check | +
TRANSIP_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
TRANSIP_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Ultradns.
+ultradns
Here is an example bash command using the Ultradns provider:
+ULTRADNS_USERNAME=username \
+ULTRADNS_PASSWORD=password \
+lego --email you@example.com --dns ultradns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
ULTRADNS_PASSWORD |
+API Password | +
ULTRADNS_USERNAME |
+API Username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
ULTRADNS_ENDPOINT |
+API endpoint URL, defaults to https://api.ultradns.com/ | +
ULTRADNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
ULTRADNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
ULTRADNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Variomedia.
+variomedia
Here is an example bash command using the Variomedia provider:
+VARIOMEDIA_API_TOKEN=xxxx \
+lego --email you@example.com --dns variomedia -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
VARIOMEDIA_API_TOKEN |
+API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
VARIOMEDIA_HTTP_TIMEOUT |
+API request timeout | +
VARIOMEDIA_POLLING_INTERVAL |
+Time between DNS propagation check | +
VARIOMEDIA_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
VARIOMEDIA_SEQUENCE_INTERVAL |
+Time between sequential requests | +
VARIOMEDIA_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for VegaDNS.
+vegadns
Please contribute by adding a CLI example.
+Environment Variable Name | +Description | +
---|---|
SECRET_VEGADNS_KEY |
+API key | +
SECRET_VEGADNS_SECRET |
+API secret | +
VEGADNS_URL |
+API endpoint URL | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
VEGADNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
VEGADNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
VEGADNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Vercel.
+vercel
Here is an example bash command using the Vercel provider:
+VERCEL_API_TOKEN=xxxxxx \
+lego --email you@example.com --dns vercel -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
VERCEL_API_TOKEN |
+Authentication token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
VERCEL_HTTP_TIMEOUT |
+API request timeout | +
VERCEL_POLLING_INTERVAL |
+Time between DNS propagation check | +
VERCEL_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
VERCEL_TEAM_ID |
+Team ID (ex: team_xxxxxxxxxxxxxxxxxxxxxxxx) | +
VERCEL_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Versio.[nl|eu|uk].
+versio
Here is an example bash command using the Versio.[nl|eu|uk] provider:
+VERSIO_USERNAME=<your login> \
+VERSIO_PASSWORD=<your password> \
+lego --email you@example.com --dns versio -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
VERSIO_PASSWORD |
+Basic authentication password | +
VERSIO_USERNAME |
+Basic authentication username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
VERSIO_ENDPOINT |
+The endpoint URL of the API Server | +
VERSIO_HTTP_TIMEOUT |
+API request timeout | +
VERSIO_POLLING_INTERVAL |
+Time between DNS propagation check | +
VERSIO_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
VERSIO_SEQUENCE_INTERVAL |
+Time between sequential requests, default 60s | +
VERSIO_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
To test with the sandbox environment set VERSIO_ENDPOINT=https://www.versio.nl/testapi/v1/
Configuration for VinylDNS.
+vinyldns
Here is an example bash command using the VinylDNS provider:
+VINYLDNS_ACCESS_KEY=xxxxxx \
+VINYLDNS_SECRET_KEY=yyyyy \
+VINYLDNS_HOST=https://api.vinyldns.example.org:9443 \
+lego --email you@example.com --dns vinyldns -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
VINYLDNS_ACCESS_KEY |
+The VinylDNS API key | +
VINYLDNS_HOST |
+The VinylDNS API URL | +
VINYLDNS_SECRET_KEY |
+The VinylDNS API Secret key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
VINYLDNS_POLLING_INTERVAL |
+Time between DNS propagation check | +
VINYLDNS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
VINYLDNS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
The vinyldns integration makes use of dotted hostnames to ease permission management. +Users are required to have DELETE ACL level or zone admin permissions on the VinylDNS zone containing the target host.
+Configuration for VK Cloud.
+vkcloud
Here is an example bash command using the VK Cloud provider:
+VK_CLOUD_PROJECT_ID="<your_project_id>" \
+VK_CLOUD_USERNAME="<your_email>" \
+VK_CLOUD_PASSWORD="<your_password>" \
+lego --email you@example.com --dns vkcloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
VK_CLOUD_PASSWORD |
+Password for VK Cloud account | +
VK_CLOUD_PROJECT_ID |
+String ID of project in VK Cloud | +
VK_CLOUD_USERNAME |
+Email of VK Cloud account | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
VK_CLOUD_DNS_ENDPOINT |
+URL of DNS API. Defaults to https://mcs.mail.ru/public-dns but can be changed for usage with private clouds | +
VK_CLOUD_DOMAIN_NAME |
+Openstack users domain name. Defaults to users but can be changed for usage with private clouds |
+
VK_CLOUD_IDENTITY_ENDPOINT |
+URL of OpenStack Auth API, Defaults to https://infra.mail.ru:35357/v3/ but can be changed for usage with private clouds | +
VK_CLOUD_POLLING_INTERVAL |
+Time between DNS propagation check | +
VK_CLOUD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
VK_CLOUD_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
You can find all required and additional information on “Project/Keys” page of your cloud.
+ENV Variable | +Parameter from page | +
---|---|
VK_CLOUD_PROJECT_ID | +Project ID | +
VK_CLOUD_USERNAME | +Username | +
VK_CLOUD_DOMAIN_NAME | +User Domain Name | +
VK_CLOUD_IDENTITY_ENDPOINT | +Identity endpoint | +
Configuration for Volcano Engine/火山引擎.
+volcengine
Here is an example bash command using the Volcano Engine/火山引擎 provider:
+VOLC_ACCESSKEY=xxx \
+VOLC_SECRETKEY=yyy \
+lego --email you@example.com --dns volcengine -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
VOLC_ACCESSKEY |
+Access Key ID (AK) | +
VOLC_SECRETKEY |
+Secret Access Key (SK) | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
VOLC_HOST |
+API host | +
VOLC_HTTP_TIMEOUT |
+API request timeout | +
VOLC_POLLING_INTERVAL |
+Time between DNS propagation check | +
VOLC_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
VOLC_REGION |
+Region | +
VOLC_SCHEME |
+API scheme | +
VOLC_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Vscale.
+vscale
Here is an example bash command using the Vscale provider:
+VSCALE_API_TOKEN=xxxxx \
+lego --email you@example.com --dns vscale -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
VSCALE_API_TOKEN |
+API token | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
VSCALE_BASE_URL |
+API endpoint URL | +
VSCALE_HTTP_TIMEOUT |
+API request timeout | +
VSCALE_POLLING_INTERVAL |
+Time between DNS propagation check | +
VSCALE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
VSCALE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Vultr.
+vultr
Here is an example bash command using the Vultr provider:
+VULTR_API_KEY=xxxxx \
+lego --email you@example.com --dns vultr -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
VULTR_API_KEY |
+API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
VULTR_HTTP_TIMEOUT |
+API request timeout | +
VULTR_POLLING_INTERVAL |
+Time between DNS propagation check | +
VULTR_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
VULTR_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Webnames.
+webnames
Here is an example bash command using the Webnames provider:
+WEBNAMES_API_KEY=xxxxxx \
+lego --email you@example.com --dns webnames -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
WEBNAMES_API_KEY |
+Domain API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
WEBNAMES_HTTP_TIMEOUT |
+API request timeout | +
WEBNAMES_POLLING_INTERVAL |
+Time between DNS propagation check | +
WEBNAMES_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
WEBNAMES_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
To obtain the key, you need to change the DNS server to *.nameself.com
: Personal account / My domains and services / Select the required domain / DNS servers
The API key can be found: Personal account / My domains and services / Select the required domain / Zone management / acme.sh or certbot settings
+Configuration for Websupport.
+websupport
Here is an example bash command using the Websupport provider:
+WEBSUPPORT_API_KEY="xxxxxxxxxxxxxxxxxxxxx" \
+WEBSUPPORT_SECRET="yyyyyyyyyyyyyyyyyyyyy" \
+lego --email you@example.com --dns websupport -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
WEBSUPPORT_API_KEY |
+API key | +
WEBSUPPORT_SECRET |
+API secret | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
WEBSUPPORT_HTTP_TIMEOUT |
+API request timeout | +
WEBSUPPORT_POLLING_INTERVAL |
+Time between DNS propagation check | +
WEBSUPPORT_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
WEBSUPPORT_SEQUENCE_INTERVAL |
+Time between sequential requests | +
WEBSUPPORT_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for WEDOS.
+wedos
Here is an example bash command using the WEDOS provider:
+WEDOS_USERNAME=xxxxxxxx \
+WEDOS_WAPI_PASSWORD=xxxxxxxx \
+lego --email you@example.com --dns wedos -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
WEDOS_USERNAME |
+Username is the same as for the admin account | +
WEDOS_WAPI_PASSWORD |
+Password needs to be generated and IP allowed in the admin interface | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
WEDOS_HTTP_TIMEOUT |
+API request timeout | +
WEDOS_POLLING_INTERVAL |
+Time between DNS propagation check | +
WEDOS_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
WEDOS_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Yandex PDD.
+yandex
Here is an example bash command using the Yandex PDD provider:
+YANDEX_PDD_TOKEN=<your PDD Token> \
+lego --email you@example.com --dns yandex -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
YANDEX_PDD_TOKEN |
+Basic authentication username | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
YANDEX_HTTP_TIMEOUT |
+API request timeout | +
YANDEX_POLLING_INTERVAL |
+Time between DNS propagation check | +
YANDEX_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
YANDEX_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Yandex 360.
+yandex360
Here is an example bash command using the Yandex 360 provider:
+YANDEX360_OAUTH_TOKEN=<your OAuth Token> \
+YANDEX360_ORG_ID=<your organization ID> \
+lego --email you@example.com --dns yandex360 -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
YANDEX360_OAUTH_TOKEN |
+The OAuth Token | +
YANDEX360_ORG_ID |
+The organization ID | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
YANDEX360_HTTP_TIMEOUT |
+API request timeout | +
YANDEX360_POLLING_INTERVAL |
+Time between DNS propagation check | +
YANDEX360_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
YANDEX360_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Yandex Cloud.
+yandexcloud
Here is an example bash command using the Yandex Cloud provider:
+YANDEX_CLOUD_IAM_TOKEN=<base64_IAM_token> \
+YANDEX_CLOUD_FOLDER_ID=<folder/project_id> \
+lego --email you@example.com --dns yandexcloud -d '*.example.com' -d example.com run
+
+# ---
+
+YANDEX_CLOUD_IAM_TOKEN=$(echo '{ \
+ "id": "<string id>", \
+ "service_account_id": "<string id>", \
+ "created_at": "<datetime>", \
+ "key_algorithm": "RSA_2048", \
+ "public_key": "-----BEGIN PUBLIC KEY-----<rsa public key>-----END PUBLIC KEY-----", \
+ "private_key": "-----BEGIN PRIVATE KEY-----<rsa private key>-----END PRIVATE KEY-----" \
+}' | base64) \
+YANDEX_CLOUD_FOLDER_ID=<yandex cloud folder(project) id> \
+lego --email you@example.com --dns yandexcloud -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
YANDEX_CLOUD_FOLDER_ID |
+The string id of folder (aka project) in Yandex Cloud | +
YANDEX_CLOUD_IAM_TOKEN |
+The base64 encoded json which contains information about iam token of service account with dns.admin permissions |
+
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
YANDEX_CLOUD_POLLING_INTERVAL |
+Time between DNS propagation check | +
YANDEX_CLOUD_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
YANDEX_CLOUD_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
The simplest way to retrieve IAM access token is usage of yc-cli, +follow docs to get it
+yc iam key create --service-account-name my-robot --output key.json
+cat key.json | base64
Configuration for Zone.ee.
+zoneee
Here is an example bash command using the Zone.ee provider:
+ZONEEE_API_USER=xxxxx \
+ZONEEE_API_KEY=yyyyy \
+lego --email you@example.com --dns zoneee -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
ZONEEE_API_KEY |
+API key | +
ZONEEE_API_USER |
+API user | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
ZONEEE_ENDPOINT |
+API endpoint URL | +
ZONEEE_HTTP_TIMEOUT |
+API request timeout | +
ZONEEE_POLLING_INTERVAL |
+Time between DNS propagation check | +
ZONEEE_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
ZONEEE_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Configuration for Zonomi.
+zonomi
Here is an example bash command using the Zonomi provider:
+ZONOMI_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
+lego --email you@example.com --dns zonomi -d '*.example.com' -d example.com run
Environment Variable Name | +Description | +
---|---|
ZONOMI_API_KEY |
+User API key | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Environment Variable Name | +Description | +
---|---|
ZONOMI_HTTP_TIMEOUT |
+API request timeout | +
ZONOMI_POLLING_INTERVAL |
+Time between DNS propagation check | +
ZONOMI_PROPAGATION_TIMEOUT |
+Maximum waiting time for DNS propagation | +
ZONOMI_TTL |
+The TTL of the TXT record used for the DNS challenge | +
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
+More information here.
Let’s Encrypt client and ACME library written in Go.
+To get the binary just download the latest release for your OS/Arch from the release page and put the binary somewhere convenient. +lego does not assume anything about the location you run it from.
+docker run goacme/lego -h
ArchLinux (official):
+pacman -S lego
ArchLinux (AUR) (official):
+yay -S lego-bin
Snap (official):
+sudo snap install lego
Note: The snap can only write to the /var/snap/lego/common/.lego
directory.
FreeBSD (Ports) (unofficial):
+pkg install lego
Gentoo (unofficial):
+You can enable GURU repository and then:
+emerge app-crypt/lego
Homebrew (unofficial):
+brew install lego
or
+pkg install lego
OpenBSD (Ports) (unofficial):
+pkg_add lego
Requirements:
+GO111MODULE=on
To install the latest version from sources, just run:
+go install github.com/go-acme/lego/v4/cmd/lego@latest
or
+git clone git@github.com:go-acme/lego.git
+cd lego
+make # tests + doc + build
+make build # only build
p&&(p=e.lineIndent),J(a))f++;else{if(e.lineIndent
0){for(r=a,o=0;r>0;r--)(a=ee(l=e.input.charCodeAt(++e.position)))>=0?o=(o<<4)+a:ce(e,"expected hexadecimal character");e.result+=ne(o),e.position++}else ce(e,"unknown escape sequence");n=i=e.position}else J(l)?(pe(e,n,i,!0),ye(e,ge(e,!1,t)),n=i=e.position):e.position===e.lineStart&&me(e)?ce(e,"unexpected end of the document within a double quoted scalar"):(e.position++,i=e.position)}ce(e,"unexpected end of the stream within a double quoted scalar")}(e,d)?y=!0:!function(e){var t,n,i;if(42!==(i=e.input.charCodeAt(e.position)))return!1;for(i=e.input.charCodeAt(++e.position),t=e.position;0!==i&&!z(i)&&!X(i);)i=e.input.charCodeAt(++e.position);return e.position===t&&ce(e,"name of an alias node must contain at least one character"),n=e.input.slice(t,e.position),P.call(e.anchorMap,n)||ce(e,'unidentified alias "'+n+'"'),e.result=e.anchorMap[n],ge(e,!0,-1),!0}(e)?function(e,t,n){var i,r,o,a,l,c,s,u,p=e.kind,f=e.result;if(z(u=e.input.charCodeAt(e.position))||X(u)||35===u||38===u||42===u||33===u||124===u||62===u||39===u||34===u||37===u||64===u||96===u)return!1;if((63===u||45===u)&&(z(i=e.input.charCodeAt(e.position+1))||n&&X(i)))return!1;for(e.kind="scalar",e.result="",r=o=e.position,a=!1;0!==u;){if(58===u){if(z(i=e.input.charCodeAt(e.position+1))||n&&X(i))break}else if(35===u){if(z(e.input.charCodeAt(e.position-1)))break}else{if(e.position===e.lineStart&&me(e)||n&&X(u))break;if(J(u)){if(l=e.line,c=e.lineStart,s=e.lineIndent,ge(e,!1,-1),e.lineIndent>=t){a=!0,u=e.input.charCodeAt(e.position);continue}e.position=o,e.line=l,e.lineStart=c,e.lineIndent=s;break}}a&&(pe(e,r,o,!1),ye(e,e.line-l),r=o=e.position,a=!1),Q(u)||(o=e.position+1),u=e.input.charCodeAt(++e.position)}return pe(e,r,o,!1),!!e.result||(e.kind=p,e.result=f,!1)}(e,d,1===i)&&(y=!0,null===e.tag&&(e.tag="?")):(y=!0,null===e.tag&&null===e.anchor||ce(e,"alias node should not have any properties")),null!==e.anchor&&(e.anchorMap[e.anchor]=e.result)):0===g&&(y=c&&be(e,h))),null===e.tag)null!==e.anchor&&(e.anchorMap[e.anchor]=e.result);else if("?"===e.tag){for(null!==e.result&&"scalar"!==e.kind&&ce(e,'unacceptable node kind for !> tag; it should be "scalar", not "'+e.kind+'"'),s=0,u=e.implicitTypes.length;s"),null!==e.result&&f.kind!==e.kind&&ce(e,"unacceptable node kind for !<"+e.tag+'> tag; it should be "'+f.kind+'", not "'+e.kind+'"'),f.resolve(e.result,e.tag)?(e.result=f.construct(e.result,e.tag),null!==e.anchor&&(e.anchorMap[e.anchor]=e.result)):ce(e,"cannot resolve a node with !<"+e.tag+"> explicit tag")}return null!==e.listener&&e.listener("close",e),null!==e.tag||null!==e.anchor||y}function ke(e){var t,n,i,r,o=e.position,a=!1;for(e.version=null,e.checkLineBreaks=e.legacy,e.tagMap=Object.create(null),e.anchorMap=Object.create(null);0!==(r=e.input.charCodeAt(e.position))&&(ge(e,!0,-1),r=e.input.charCodeAt(e.position),!(e.lineIndent>0||37!==r));){for(a=!0,r=e.input.charCodeAt(++e.position),t=e.position;0!==r&&!z(r);)r=e.input.charCodeAt(++e.position);for(i=[],(n=e.input.slice(t,e.position)).length<1&&ce(e,"directive name must not be less than one character in length");0!==r;){for(;Q(r);)r=e.input.charCodeAt(++e.position);if(35===r){do{r=e.input.charCodeAt(++e.position)}while(0!==r&&!J(r));break}if(J(r))break;for(t=e.position;0!==r&&!z(r);)r=e.input.charCodeAt(++e.position);i.push(e.input.slice(t,e.position))}0!==r&&he(e),P.call(ue,n)?ue[n](e,n,i):se(e,'unknown document directive "'+n+'"')}ge(e,!0,-1),0===e.lineIndent&&45===e.input.charCodeAt(e.position)&&45===e.input.charCodeAt(e.position+1)&&45===e.input.charCodeAt(e.position+2)?(e.position+=3,ge(e,!0,-1)):a&&ce(e,"directives end mark is expected"),we(e,e.lineIndent-1,4,!1,!0),ge(e,!0,-1),e.checkLineBreaks&&H.test(e.input.slice(o,e.position))&&se(e,"non-ASCII line breaks are interpreted as content"),e.documents.push(e.result),e.position===e.lineStart&&me(e)?46===e.input.charCodeAt(e.position)&&(e.position+=3,ge(e,!0,-1)):e.position=q){if(s=W.limit_backward,W.limit_backward=q,W.ket=W.cursor,e=W.find_among_b(P,7))switch(W.bra=W.cursor,e){case 1:if(l()){if(i=W.limit-W.cursor,!W.eq_s_b(1,"s")&&(W.cursor=W.limit-i,!W.eq_s_b(1,"t")))break;W.slice_del()}break;case 2:W.slice_from("i");break;case 3:W.slice_del();break;case 4:W.eq_s_b(2,"gu")&&W.slice_del()}W.limit_backward=s}}function b(){var e=W.limit-W.cursor;W.find_among_b(U,5)&&(W.cursor=W.limit-e,W.ket=W.cursor,W.cursor>W.limit_backward&&(W.cursor--,W.bra=W.cursor,W.slice_del()))}function d(){for(var e,r=1;W.out_grouping_b(F,97,251);)r--;if(r<=0){if(W.ket=W.cursor,e=W.limit-W.cursor,!W.eq_s_b(1,"é")&&(W.cursor=W.limit-e,!W.eq_s_b(1,"è")))return;W.bra=W.cursor,W.slice_from("e")}}function k(){if(!w()&&(W.cursor=W.limit,!f()&&(W.cursor=W.limit,!m())))return W.cursor=W.limit,void _();W.cursor=W.limit,W.ket=W.cursor,W.eq_s_b(1,"Y")?(W.bra=W.cursor,W.slice_from("i")):(W.cursor=W.limit,W.eq_s_b(1,"ç")&&(W.bra=W.cursor,W.slice_from("c")))}var p,g,q,v=[new r("col",-1,-1),new r("par",-1,-1),new r("tap",-1,-1)],h=[new r("",-1,4),new r("I",0,1),new r("U",0,2),new r("Y",0,3)],z=[new r("iqU",-1,3),new r("abl",-1,3),new r("Ièr",-1,4),new r("ièr",-1,4),new r("eus",-1,2),new r("iv",-1,1)],y=[new r("ic",-1,2),new r("abil",-1,1),new r("iv",-1,3)],C=[new r("iqUe",-1,1),new r("atrice",-1,2),new r("ance",-1,1),new r("ence",-1,5),new r("logie",-1,3),new r("able",-1,1),new r("isme",-1,1),new r("euse",-1,11),new r("iste",-1,1),new r("ive",-1,8),new r("if",-1,8),new r("usion",-1,4),new r("ation",-1,2),new r("ution",-1,4),new r("ateur",-1,2),new r("iqUes",-1,1),new r("atrices",-1,2),new r("ances",-1,1),new r("ences",-1,5),new r("logies",-1,3),new r("ables",-1,1),new r("ismes",-1,1),new r("euses",-1,11),new r("istes",-1,1),new r("ives",-1,8),new r("ifs",-1,8),new r("usions",-1,4),new r("ations",-1,2),new r("utions",-1,4),new r("ateurs",-1,2),new r("ments",-1,15),new r("ements",30,6),new r("issements",31,12),new r("ités",-1,7),new r("ment",-1,15),new r("ement",34,6),new r("issement",35,12),new r("amment",34,13),new r("emment",34,14),new r("aux",-1,10),new r("eaux",39,9),new r("eux",-1,1),new r("ité",-1,7)],x=[new r("ira",-1,1),new r("ie",-1,1),new r("isse",-1,1),new r("issante",-1,1),new r("i",-1,1),new r("irai",4,1),new r("ir",-1,1),new r("iras",-1,1),new r("ies",-1,1),new r("îmes",-1,1),new r("isses",-1,1),new r("issantes",-1,1),new r("îtes",-1,1),new r("is",-1,1),new r("irais",13,1),new r("issais",13,1),new r("irions",-1,1),new r("issions",-1,1),new r("irons",-1,1),new r("issons",-1,1),new r("issants",-1,1),new r("it",-1,1),new r("irait",21,1),new r("issait",21,1),new r("issant",-1,1),new r("iraIent",-1,1),new r("issaIent",-1,1),new r("irent",-1,1),new r("issent",-1,1),new r("iront",-1,1),new r("ît",-1,1),new r("iriez",-1,1),new r("issiez",-1,1),new r("irez",-1,1),new r("issez",-1,1)],I=[new r("a",-1,3),new r("era",0,2),new r("asse",-1,3),new r("ante",-1,3),new r("ée",-1,2),new r("ai",-1,3),new r("erai",5,2),new r("er",-1,2),new r("as",-1,3),new r("eras",8,2),new r("âmes",-1,3),new r("asses",-1,3),new r("antes",-1,3),new r("âtes",-1,3),new r("ées",-1,2),new r("ais",-1,3),new r("erais",15,2),new r("ions",-1,1),new r("erions",17,2),new r("assions",17,3),new r("erons",-1,2),new r("ants",-1,3),new r("és",-1,2),new r("ait",-1,3),new r("erait",23,2),new r("ant",-1,3),new r("aIent",-1,3),new r("eraIent",26,2),new r("èrent",-1,2),new r("assent",-1,3),new r("eront",-1,2),new r("ât",-1,3),new r("ez",-1,2),new r("iez",32,2),new r("eriez",33,2),new r("assiez",33,3),new r("erez",32,2),new r("é",-1,2)],P=[new r("e",-1,3),new r("Ière",0,2),new r("ière",0,2),new r("ion",-1,1),new r("Ier",-1,2),new r("ier",-1,2),new r("ë",-1,4)],U=[new r("ell",-1,-1),new r("eill",-1,-1),new r("enn",-1,-1),new r("onn",-1,-1),new r("ett",-1,-1)],F=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,128,130,103,8,5],S=[1,65,20,0,0,0,0,0,0,0,0,0,0,0,0,0,128],W=new s;this.setCurrent=function(e){W.setCurrent(e)},this.getCurrent=function(){return W.getCurrent()},this.stem=function(){var e=W.cursor;return n(),W.cursor=e,u(),W.limit_backward=e,W.cursor=W.limit,k(),W.cursor=W.limit,b(),W.cursor=W.limit,d(),W.cursor=W.limit_backward,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return i.setCurrent(e),i.stem(),i.getCurrent()}):(i.setCurrent(e),i.stem(),i.getCurrent())}}(),e.Pipeline.registerFunction(e.fr.stemmer,"stemmer-fr"),e.fr.stopWordFilter=e.generateStopWordFilter("ai aie aient aies ait as au aura aurai auraient aurais aurait auras aurez auriez aurions aurons auront aux avaient avais avait avec avez aviez avions avons ayant ayez ayons c ce ceci celà ces cet cette d dans de des du elle en es est et eu eue eues eurent eus eusse eussent eusses eussiez eussions eut eux eûmes eût eûtes furent fus fusse fussent fusses fussiez fussions fut fûmes fût fûtes ici il ils j je l la le les leur leurs lui m ma mais me mes moi mon même n ne nos notre nous on ont ou par pas pour qu que quel quelle quelles quels qui s sa sans se sera serai seraient serais serait seras serez seriez serions serons seront ses soi soient sois soit sommes son sont soyez soyons suis sur t ta te tes toi ton tu un une vos votre vous y à étaient étais était étant étiez étions été étée étées étés êtes".split(" ")),e.Pipeline.registerFunction(e.fr.stopWordFilter,"stopWordFilter-fr")}});
\ No newline at end of file
diff --git a/js/lunr/lunr.hi.min.js b/js/lunr/lunr.hi.min.js
new file mode 100644
index 0000000000..7dbc41402c
--- /dev/null
+++ b/js/lunr/lunr.hi.min.js
@@ -0,0 +1 @@
+!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.hi=function(){this.pipeline.reset(),this.pipeline.add(e.hi.trimmer,e.hi.stopWordFilter,e.hi.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.hi.stemmer))},e.hi.wordCharacters="ऀ-ःऄ-एऐ-टठ-यर-िी-ॏॐ-य़ॠ-९॰-ॿa-zA-Za-zA-Z0-90-9",e.hi.trimmer=e.trimmerSupport.generateTrimmer(e.hi.wordCharacters),e.Pipeline.registerFunction(e.hi.trimmer,"trimmer-hi"),e.hi.stopWordFilter=e.generateStopWordFilter("अत अपना अपनी अपने अभी अंदर आदि आप इत्यादि इन इनका इन्हीं इन्हें इन्हों इस इसका इसकी इसके इसमें इसी इसे उन उनका उनकी उनके उनको उन्हीं उन्हें उन्हों उस उसके उसी उसे एक एवं एस ऐसे और कई कर करता करते करना करने करें कहते कहा का काफ़ी कि कितना किन्हें किन्हों किया किर किस किसी किसे की कुछ कुल के को कोई कौन कौनसा गया घर जब जहाँ जा जितना जिन जिन्हें जिन्हों जिस जिसे जीधर जैसा जैसे जो तक तब तरह तिन तिन्हें तिन्हों तिस तिसे तो था थी थे दबारा दिया दुसरा दूसरे दो द्वारा न नके नहीं ना निहायत नीचे ने पर पहले पूरा पे फिर बनी बही बहुत बाद बाला बिलकुल भी भीतर मगर मानो मे में यदि यह यहाँ यही या यिह ये रखें रहा रहे ऱ्वासा लिए लिये लेकिन व वग़ैरह वर्ग वह वहाँ वहीं वाले वुह वे वो सकता सकते सबसे सभी साथ साबुत साभ सारा से सो संग ही हुआ हुई हुए है हैं हो होता होती होते होना होने".split(" ")),e.hi.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var r=e.wordcut;r.init(),e.hi.tokenizer=function(i){if(!arguments.length||null==i||void 0==i)return[];if(Array.isArray(i))return i.map(function(r){return isLunr2?new e.Token(r.toLowerCase()):r.toLowerCase()});var t=i.toString().toLowerCase().replace(/^\s+/,"");return r.cut(t).split("|")},e.Pipeline.registerFunction(e.hi.stemmer,"stemmer-hi"),e.Pipeline.registerFunction(e.hi.stopWordFilter,"stopWordFilter-hi")}});
\ No newline at end of file
diff --git a/js/lunr/lunr.hu.min.js b/js/lunr/lunr.hu.min.js
new file mode 100644
index 0000000000..ed9d909f73
--- /dev/null
+++ b/js/lunr/lunr.hu.min.js
@@ -0,0 +1,18 @@
+/*!
+ * Lunr languages, `Hungarian` language
+ * https://github.com/MihaiValentin/lunr-languages
+ *
+ * Copyright 2014, Mihai Valentin
+ * http://www.mozilla.org/MPL/
+ */
+/*!
+ * based on
+ * Snowball JavaScript Library v0.3
+ * http://code.google.com/p/urim/
+ * http://snowball.tartarus.org/
+ *
+ * Copyright 2010, Oleg Mazko
+ * http://www.mozilla.org/MPL/
+ */
+
+!function(e,n){"function"==typeof define&&define.amd?define(n):"object"==typeof exports?module.exports=n():n()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.hu=function(){this.pipeline.reset(),this.pipeline.add(e.hu.trimmer,e.hu.stopWordFilter,e.hu.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.hu.stemmer))},e.hu.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.hu.trimmer=e.trimmerSupport.generateTrimmer(e.hu.wordCharacters),e.Pipeline.registerFunction(e.hu.trimmer,"trimmer-hu"),e.hu.stemmer=function(){var n=e.stemmerSupport.Among,r=e.stemmerSupport.SnowballProgram,i=new function(){function e(){var e,n=L.cursor;if(d=L.limit,L.in_grouping(W,97,252))for(;;){if(e=L.cursor,L.out_grouping(W,97,252))return L.cursor=e,L.find_among(g,8)||(L.cursor=e,e
=e;t--){var r=this.uncheckedNodes[t],i=r.child.toString();i in this.minimizedNodes?r.parent.edges[r["char"]]=this.minimizedNodes[i]:(r.child._str=i,this.minimizedNodes[i]=r.child),this.uncheckedNodes.pop()}},e.Index=function(e){this.invertedIndex=e.invertedIndex,this.fieldVectors=e.fieldVectors,this.tokenSet=e.tokenSet,this.fields=e.fields,this.pipeline=e.pipeline},e.Index.prototype.search=function(t){return this.query(function(r){var i=new e.QueryParser(t,r);i.parse()})},e.Index.prototype.query=function(t){for(var r=new e.Query(this.fields),i=Object.create(null),n=Object.create(null),s=Object.create(null),o=Object.create(null),a=Object.create(null),u=0;u=a&&(r=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,e=w.find_among_b(m,29),w.limit_backward=r,e))switch(w.bra=w.cursor,e){case 1:w.slice_del();break;case 2:n=w.limit-w.cursor,w.in_grouping_b(c,98,122)?w.slice_del():(w.cursor=w.limit-n,w.eq_s_b(1,"k")&&w.out_grouping_b(d,97,248)&&w.slice_del());break;case 3:w.slice_from("er")}}function t(){var e,r=w.limit-w.cursor;w.cursor>=a&&(e=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,w.find_among_b(u,2)?(w.bra=w.cursor,w.limit_backward=e,w.cursor=w.limit-r,w.cursor>w.limit_backward&&(w.cursor--,w.bra=w.cursor,w.slice_del())):w.limit_backward=e)}function o(){var e,r;w.cursor>=a&&(r=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,e=w.find_among_b(l,11),e?(w.bra=w.cursor,w.limit_backward=r,1==e&&w.slice_del()):w.limit_backward=r)}var s,a,m=[new r("a",-1,1),new r("e",-1,1),new r("ede",1,1),new r("ande",1,1),new r("ende",1,1),new r("ane",1,1),new r("ene",1,1),new r("hetene",6,1),new r("erte",1,3),new r("en",-1,1),new r("heten",9,1),new r("ar",-1,1),new r("er",-1,1),new r("heter",12,1),new r("s",-1,2),new r("as",14,1),new r("es",14,1),new r("edes",16,1),new r("endes",16,1),new r("enes",16,1),new r("hetenes",19,1),new r("ens",14,1),new r("hetens",21,1),new r("ers",14,1),new r("ets",14,1),new r("et",-1,1),new r("het",25,1),new r("ert",-1,3),new r("ast",-1,1)],u=[new r("dt",-1,-1),new r("vt",-1,-1)],l=[new r("leg",-1,1),new r("eleg",0,1),new r("ig",-1,1),new r("eig",2,1),new r("lig",2,1),new r("elig",4,1),new r("els",-1,1),new r("lov",-1,1),new r("elov",7,1),new r("slov",7,1),new r("hetslov",9,1)],d=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,48,0,128],c=[119,125,149,1],w=new n;this.setCurrent=function(e){w.setCurrent(e)},this.getCurrent=function(){return w.getCurrent()},this.stem=function(){var r=w.cursor;return e(),w.limit_backward=r,w.cursor=w.limit,i(),w.cursor=w.limit,t(),w.cursor=w.limit,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return i.setCurrent(e),i.stem(),i.getCurrent()}):(i.setCurrent(e),i.stem(),i.getCurrent())}}(),e.Pipeline.registerFunction(e.no.stemmer,"stemmer-no"),e.no.stopWordFilter=e.generateStopWordFilter("alle at av bare begge ble blei bli blir blitt både båe da de deg dei deim deira deires dem den denne der dere deres det dette di din disse ditt du dykk dykkar då eg ein eit eitt eller elles en enn er et ett etter for fordi fra før ha hadde han hans har hennar henne hennes her hjå ho hoe honom hoss hossen hun hva hvem hver hvilke hvilken hvis hvor hvordan hvorfor i ikke ikkje ikkje ingen ingi inkje inn inni ja jeg kan kom korleis korso kun kunne kva kvar kvarhelst kven kvi kvifor man mange me med medan meg meget mellom men mi min mine mitt mot mykje ned no noe noen noka noko nokon nokor nokre nå når og også om opp oss over på samme seg selv si si sia sidan siden sin sine sitt sjøl skal skulle slik so som som somme somt så sånn til um upp ut uten var vart varte ved vere verte vi vil ville vore vors vort vår være være vært å".split(" ")),e.Pipeline.registerFunction(e.no.stopWordFilter,"stopWordFilter-no")}});
\ No newline at end of file
diff --git a/js/lunr/lunr.pt.min.js b/js/lunr/lunr.pt.min.js
new file mode 100644
index 0000000000..6c16996d65
--- /dev/null
+++ b/js/lunr/lunr.pt.min.js
@@ -0,0 +1,18 @@
+/*!
+ * Lunr languages, `Portuguese` language
+ * https://github.com/MihaiValentin/lunr-languages
+ *
+ * Copyright 2014, Mihai Valentin
+ * http://www.mozilla.org/MPL/
+ */
+/*!
+ * based on
+ * Snowball JavaScript Library v0.3
+ * http://code.google.com/p/urim/
+ * http://snowball.tartarus.org/
+ *
+ * Copyright 2010, Oleg Mazko
+ * http://www.mozilla.org/MPL/
+ */
+
+!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.pt=function(){this.pipeline.reset(),this.pipeline.add(e.pt.trimmer,e.pt.stopWordFilter,e.pt.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.pt.stemmer))},e.pt.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.pt.trimmer=e.trimmerSupport.generateTrimmer(e.pt.wordCharacters),e.Pipeline.registerFunction(e.pt.trimmer,"trimmer-pt"),e.pt.stemmer=function(){var r=e.stemmerSupport.Among,s=e.stemmerSupport.SnowballProgram,n=new function(){function e(){for(var e;;){if(z.bra=z.cursor,e=z.find_among(k,3))switch(z.ket=z.cursor,e){case 1:z.slice_from("a~");continue;case 2:z.slice_from("o~");continue;case 3:if(z.cursor>=z.limit)break;z.cursor++;continue}break}}function n(){if(z.out_grouping(y,97,250)){for(;!z.in_grouping(y,97,250);){if(z.cursor>=z.limit)return!0;z.cursor++}return!1}return!0}function i(){if(z.in_grouping(y,97,250))for(;!z.out_grouping(y,97,250);){if(z.cursor>=z.limit)return!1;z.cursor++}return g=z.cursor,!0}function o(){var e,r,s=z.cursor;if(z.in_grouping(y,97,250))if(e=z.cursor,n()){if(z.cursor=e,i())return}else g=z.cursor;if(z.cursor=s,z.out_grouping(y,97,250)){if(r=z.cursor,n()){if(z.cursor=r,!z.in_grouping(y,97,250)||z.cursor>=z.limit)return;z.cursor++}g=z.cursor}}function t(){for(;!z.in_grouping(y,97,250);){if(z.cursor>=z.limit)return!1;z.cursor++}for(;!z.out_grouping(y,97,250);){if(z.cursor>=z.limit)return!1;z.cursor++}return!0}function a(){var e=z.cursor;g=z.limit,b=g,h=g,o(),z.cursor=e,t()&&(b=z.cursor,t()&&(h=z.cursor))}function u(){for(var e;;){if(z.bra=z.cursor,e=z.find_among(q,3))switch(z.ket=z.cursor,e){case 1:z.slice_from("ã");continue;case 2:z.slice_from("õ");continue;case 3:if(z.cursor>=z.limit)break;z.cursor++;continue}break}}function w(){return g<=z.cursor}function m(){return b<=z.cursor}function c(){return h<=z.cursor}function l(){var e;if(z.ket=z.cursor,!(e=z.find_among_b(F,45)))return!1;switch(z.bra=z.cursor,e){case 1:if(!c())return!1;z.slice_del();break;case 2:if(!c())return!1;z.slice_from("log");break;case 3:if(!c())return!1;z.slice_from("u");break;case 4:if(!c())return!1;z.slice_from("ente");break;case 5:if(!m())return!1;z.slice_del(),z.ket=z.cursor,e=z.find_among_b(j,4),e&&(z.bra=z.cursor,c()&&(z.slice_del(),1==e&&(z.ket=z.cursor,z.eq_s_b(2,"at")&&(z.bra=z.cursor,c()&&z.slice_del()))));break;case 6:if(!c())return!1;z.slice_del(),z.ket=z.cursor,e=z.find_among_b(C,3),e&&(z.bra=z.cursor,1==e&&c()&&z.slice_del());break;case 7:if(!c())return!1;z.slice_del(),z.ket=z.cursor,e=z.find_among_b(P,3),e&&(z.bra=z.cursor,1==e&&c()&&z.slice_del());break;case 8:if(!c())return!1;z.slice_del(),z.ket=z.cursor,z.eq_s_b(2,"at")&&(z.bra=z.cursor,c()&&z.slice_del());break;case 9:if(!w()||!z.eq_s_b(1,"e"))return!1;z.slice_from("ir")}return!0}function f(){var e,r;if(z.cursor>=g){if(r=z.limit_backward,z.limit_backward=g,z.ket=z.cursor,e=z.find_among_b(S,120))return z.bra=z.cursor,1==e&&z.slice_del(),z.limit_backward=r,!0;z.limit_backward=r}return!1}function d(){var e;z.ket=z.cursor,(e=z.find_among_b(W,7))&&(z.bra=z.cursor,1==e&&w()&&z.slice_del())}function v(e,r){if(z.eq_s_b(1,e)){z.bra=z.cursor;var s=z.limit-z.cursor;if(z.eq_s_b(1,r))return z.cursor=z.limit-s,w()&&z.slice_del(),!1}return!0}function p(){var e;if(z.ket=z.cursor,e=z.find_among_b(L,4))switch(z.bra=z.cursor,e){case 1:w()&&(z.slice_del(),z.ket=z.cursor,z.limit-z.cursor,v("u","g")&&v("i","c"));break;case 2:z.slice_from("c")}}function _(){if(!l()&&(z.cursor=z.limit,!f()))return z.cursor=z.limit,void d();z.cursor=z.limit,z.ket=z.cursor,z.eq_s_b(1,"i")&&(z.bra=z.cursor,z.eq_s_b(1,"c")&&(z.cursor=z.limit,w()&&z.slice_del()))}var h,b,g,k=[new r("",-1,3),new r("ã",0,1),new r("õ",0,2)],q=[new r("",-1,3),new r("a~",0,1),new r("o~",0,2)],j=[new r("ic",-1,-1),new r("ad",-1,-1),new r("os",-1,-1),new r("iv",-1,1)],C=[new r("ante",-1,1),new r("avel",-1,1),new r("ível",-1,1)],P=[new r("ic",-1,1),new r("abil",-1,1),new r("iv",-1,1)],F=[new r("ica",-1,1),new r("ância",-1,1),new r("ência",-1,4),new r("ira",-1,9),new r("adora",-1,1),new r("osa",-1,1),new r("ista",-1,1),new r("iva",-1,8),new r("eza",-1,1),new r("logía",-1,2),new r("idade",-1,7),new r("ante",-1,1),new r("mente",-1,6),new r("amente",12,5),new r("ável",-1,1),new r("ível",-1,1),new r("ución",-1,3),new r("ico",-1,1),new r("ismo",-1,1),new r("oso",-1,1),new r("amento",-1,1),new r("imento",-1,1),new r("ivo",-1,8),new r("aça~o",-1,1),new r("ador",-1,1),new r("icas",-1,1),new r("ências",-1,4),new r("iras",-1,9),new r("adoras",-1,1),new r("osas",-1,1),new r("istas",-1,1),new r("ivas",-1,8),new r("ezas",-1,1),new r("logías",-1,2),new r("idades",-1,7),new r("uciones",-1,3),new r("adores",-1,1),new r("antes",-1,1),new r("aço~es",-1,1),new r("icos",-1,1),new r("ismos",-1,1),new r("osos",-1,1),new r("amentos",-1,1),new r("imentos",-1,1),new r("ivos",-1,8)],S=[new r("ada",-1,1),new r("ida",-1,1),new r("ia",-1,1),new r("aria",2,1),new r("eria",2,1),new r("iria",2,1),new r("ara",-1,1),new r("era",-1,1),new r("ira",-1,1),new r("ava",-1,1),new r("asse",-1,1),new r("esse",-1,1),new r("isse",-1,1),new r("aste",-1,1),new r("este",-1,1),new r("iste",-1,1),new r("ei",-1,1),new r("arei",16,1),new r("erei",16,1),new r("irei",16,1),new r("am",-1,1),new r("iam",20,1),new r("ariam",21,1),new r("eriam",21,1),new r("iriam",21,1),new r("aram",20,1),new r("eram",20,1),new r("iram",20,1),new r("avam",20,1),new r("em",-1,1),new r("arem",29,1),new r("erem",29,1),new r("irem",29,1),new r("assem",29,1),new r("essem",29,1),new r("issem",29,1),new r("ado",-1,1),new r("ido",-1,1),new r("ando",-1,1),new r("endo",-1,1),new r("indo",-1,1),new r("ara~o",-1,1),new r("era~o",-1,1),new r("ira~o",-1,1),new r("ar",-1,1),new r("er",-1,1),new r("ir",-1,1),new r("as",-1,1),new r("adas",47,1),new r("idas",47,1),new r("ias",47,1),new r("arias",50,1),new r("erias",50,1),new r("irias",50,1),new r("aras",47,1),new r("eras",47,1),new r("iras",47,1),new r("avas",47,1),new r("es",-1,1),new r("ardes",58,1),new r("erdes",58,1),new r("irdes",58,1),new r("ares",58,1),new r("eres",58,1),new r("ires",58,1),new r("asses",58,1),new r("esses",58,1),new r("isses",58,1),new r("astes",58,1),new r("estes",58,1),new r("istes",58,1),new r("is",-1,1),new r("ais",71,1),new r("eis",71,1),new r("areis",73,1),new r("ereis",73,1),new r("ireis",73,1),new r("áreis",73,1),new r("éreis",73,1),new r("íreis",73,1),new r("ásseis",73,1),new r("ésseis",73,1),new r("ísseis",73,1),new r("áveis",73,1),new r("íeis",73,1),new r("aríeis",84,1),new r("eríeis",84,1),new r("iríeis",84,1),new r("ados",-1,1),new r("idos",-1,1),new r("amos",-1,1),new r("áramos",90,1),new r("éramos",90,1),new r("íramos",90,1),new r("ávamos",90,1),new r("íamos",90,1),new r("aríamos",95,1),new r("eríamos",95,1),new r("iríamos",95,1),new r("emos",-1,1),new r("aremos",99,1),new r("eremos",99,1),new r("iremos",99,1),new r("ássemos",99,1),new r("êssemos",99,1),new r("íssemos",99,1),new r("imos",-1,1),new r("armos",-1,1),new r("ermos",-1,1),new r("irmos",-1,1),new r("ámos",-1,1),new r("arás",-1,1),new r("erás",-1,1),new r("irás",-1,1),new r("eu",-1,1),new r("iu",-1,1),new r("ou",-1,1),new r("ará",-1,1),new r("erá",-1,1),new r("irá",-1,1)],W=[new r("a",-1,1),new r("i",-1,1),new r("o",-1,1),new r("os",-1,1),new r("á",-1,1),new r("í",-1,1),new r("ó",-1,1)],L=[new r("e",-1,1),new r("ç",-1,2),new r("é",-1,1),new r("ê",-1,1)],y=[17,65,16,0,0,0,0,0,0,0,0,0,0,0,0,0,3,19,12,2],z=new s;this.setCurrent=function(e){z.setCurrent(e)},this.getCurrent=function(){return z.getCurrent()},this.stem=function(){var r=z.cursor;return e(),z.cursor=r,a(),z.limit_backward=r,z.cursor=z.limit,_(),z.cursor=z.limit,p(),z.cursor=z.limit_backward,u(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return n.setCurrent(e),n.stem(),n.getCurrent()}):(n.setCurrent(e),n.stem(),n.getCurrent())}}(),e.Pipeline.registerFunction(e.pt.stemmer,"stemmer-pt"),e.pt.stopWordFilter=e.generateStopWordFilter("a ao aos aquela aquelas aquele aqueles aquilo as até com como da das de dela delas dele deles depois do dos e ela elas ele eles em entre era eram essa essas esse esses esta estamos estas estava estavam este esteja estejam estejamos estes esteve estive estivemos estiver estivera estiveram estiverem estivermos estivesse estivessem estivéramos estivéssemos estou está estávamos estão eu foi fomos for fora foram forem formos fosse fossem fui fôramos fôssemos haja hajam hajamos havemos hei houve houvemos houver houvera houveram houverei houverem houveremos houveria houveriam houvermos houverá houverão houveríamos houvesse houvessem houvéramos houvéssemos há hão isso isto já lhe lhes mais mas me mesmo meu meus minha minhas muito na nas nem no nos nossa nossas nosso nossos num numa não nós o os ou para pela pelas pelo pelos por qual quando que quem se seja sejam sejamos sem serei seremos seria seriam será serão seríamos seu seus somos sou sua suas são só também te tem temos tenha tenham tenhamos tenho terei teremos teria teriam terá terão teríamos teu teus teve tinha tinham tive tivemos tiver tivera tiveram tiverem tivermos tivesse tivessem tivéramos tivéssemos tu tua tuas tém tínhamos um uma você vocês vos à às éramos".split(" ")),e.Pipeline.registerFunction(e.pt.stopWordFilter,"stopWordFilter-pt")}});
\ No newline at end of file
diff --git a/js/lunr/lunr.ro.min.js b/js/lunr/lunr.ro.min.js
new file mode 100644
index 0000000000..7277140181
--- /dev/null
+++ b/js/lunr/lunr.ro.min.js
@@ -0,0 +1,18 @@
+/*!
+ * Lunr languages, `Romanian` language
+ * https://github.com/MihaiValentin/lunr-languages
+ *
+ * Copyright 2014, Mihai Valentin
+ * http://www.mozilla.org/MPL/
+ */
+/*!
+ * based on
+ * Snowball JavaScript Library v0.3
+ * http://code.google.com/p/urim/
+ * http://snowball.tartarus.org/
+ *
+ * Copyright 2010, Oleg Mazko
+ * http://www.mozilla.org/MPL/
+ */
+
+!function(e,i){"function"==typeof define&&define.amd?define(i):"object"==typeof exports?module.exports=i():i()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.ro=function(){this.pipeline.reset(),this.pipeline.add(e.ro.trimmer,e.ro.stopWordFilter,e.ro.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.ro.stemmer))},e.ro.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.ro.trimmer=e.trimmerSupport.generateTrimmer(e.ro.wordCharacters),e.Pipeline.registerFunction(e.ro.trimmer,"trimmer-ro"),e.ro.stemmer=function(){var i=e.stemmerSupport.Among,r=e.stemmerSupport.SnowballProgram,n=new function(){function e(e,i){L.eq_s(1,e)&&(L.ket=L.cursor,L.in_grouping(W,97,259)&&L.slice_from(i))}function n(){for(var i,r;;){if(i=L.cursor,L.in_grouping(W,97,259)&&(r=L.cursor,L.bra=r,e("u","U"),L.cursor=r,e("i","I")),L.cursor=i,L.cursor>=L.limit)break;L.cursor++}}function t(){if(L.out_grouping(W,97,259)){for(;!L.in_grouping(W,97,259);){if(L.cursor>=L.limit)return!0;L.cursor++}return!1}return!0}function a(){if(L.in_grouping(W,97,259))for(;!L.out_grouping(W,97,259);){if(L.cursor>=L.limit)return!0;L.cursor++}return!1}function o(){var e,i,r=L.cursor;if(L.in_grouping(W,97,259)){if(e=L.cursor,!t())return void(h=L.cursor);if(L.cursor=e,!a())return void(h=L.cursor)}L.cursor=r,L.out_grouping(W,97,259)&&(i=L.cursor,t()&&(L.cursor=i,L.in_grouping(W,97,259)&&L.cursor0&&t<20&&n>0&&n<11}function _(e){return i.default.getInstance().style===e}function C(e){if(!e.hasAttribute("annotation"))return!1;const t=e.getAttribute("annotation");return!!/clearspeak:simple$|clearspeak:simple;/.exec(t)}function T(e){if(C(e))return!0;if("subscript"!==e.tagName)return!1;const t=e.childNodes[0].childNodes,n=t[1];return"identifier"===t[0].tagName&&(v(n)||"infixop"===n.tagName&&n.hasAttribute("role")&&"implicit"===n.getAttribute("role")&&O(n))}function v(e){return"number"===e.tagName&&e.hasAttribute("role")&&"integer"===e.getAttribute("role")}function O(e){return o.evalXPath("children/*",e).every((e=>v(e)||"identifier"===e.tagName))}function M(e){return"text"===e.type||"punctuated"===e.type&&"text"===e.role&&E(e.childNodes[0])&&I(e.childNodes.slice(1))||"identifier"===e.type&&"unit"===e.role||"infixop"===e.type&&("implicit"===e.role||"unit"===e.role)}function I(e){for(let t=0;t