How to renew Letsecncrypt certificates with the same public key

谁说胖子不能爱 提交于 2020-06-29 05:21:39

问题


To use Traefik 1.7 on APIs for serving mobile apps that require the use of certificate pinning on the public key, it's necessary to configure the acme section on the toml file to reuse the same private/public key pair when renewing the certificates, but I don't find anywhere in the docs how I can do it.

So I am looking for the same behavior that I believe the --reuse-key in certbot gives:

--reuse-key           When renewing, use the same private key as the existing certificate. (default: False)

NOTE:

I know I can configure Traefik with the paths to the certificates that I would generate/renew with certbot, but that is not the solution I am asking for, because I already know how to implement it, but this approach does not give the seamlessly experience of the acme implementation, that only requires me to add some labels to the docker container I want to secure with TLS.

traefik.toml:

debug = false

logLevel = "ERROR"
defaultEntryPoints = ["https","http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"

  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false

[acme]
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

docker-compose.yml:

version: '2.3'

services:
  traefik:
    image: traefik:1.7
    restart: always
    ports:
      - 80:80
      - 443:443
    networks:
      - traefik
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.toml:/traefik.toml
      - ./acme.json:/acme.json
    container_name: traefik
    labels:
      - "traefik.acme.email=${TRAEFIK_ACME_EMAIL:? Missing TRAEFIK_ACME_EMAIL env var.}"
      - "traefik.docker.domain=${TRAEFIK_DOCKER_DOMAIN:? Missing TRAEFIK_DOCKER_DOMAIN env var.}"
networks:
  traefik:
    external: true

来源:https://stackoverflow.com/questions/62006529/how-to-renew-letsecncrypt-certificates-with-the-same-public-key

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!