## Using a DNS-01 ACME challenge type, instead of HTTP-01
You can configure traefik to use the DNS-01 validation for Let's Encrypt. This is less frequent than using the normal HTTP challenge, but it can be helpful to hide your public IP from Let's Encrypt logs or if your matrix server is running behind a proxy that prevents the HTTP challenge to succeed. This is an example for how to edit the `vars.yml` file if you're using Cloudflare:
You can configure Traefik to use the [DNS-01 challenge type](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) for Let's Encrypt. This is less commonly used than the default [HTTP-01 challenge type](https://letsencrypt.org/docs/challenge-types/#http-01-challenge), but it can be helpful to:
- hide your public IP from Let's Encrypt logs
- allow you to obtain SSL certificates for servers which are not accessible (via HTTP) from the public internet (and for which the HTTP-01 challenge would fail)
This is an example for how to edit the `vars.yml` file if you're using Cloudflare:
Make sure to change the value of "provider" to your particular DNS solution, and provide the appropriate environment variables. The full list of supported providers is available here: https://doc.traefik.io/traefik/https/acme/#providers
Make sure to change the value of "provider" to your particular DNS solution, and provide the appropriate environment variables. The full list of supported providers is available [here](https://doc.traefik.io/traefik/https/acme/#providers).
This example assumes you're using Cloudflare to manage your DNS zone. Note that it requires the use of two tokens: one for reading all zones (`CF_ZONE_API_TOKEN`) and another that must be able to edit the particular domain you're using (`CF_DNS_API_TOKEN`). For security, it's recommended that you create two fine-grained tokens for this purpose, but you might choose to use the same token for both.
Slavi Pantaleev
1 год назад
GitHub