The kore documentation found under https://docs.kore.io/
Commits | Files | Refs | README | git clone https://git.kore.io/kore-doc.git

commit 2b312c24c0295e34701ff9a72d56e8b0e651a09c
parent 97669887a0121501cd6ea957ed90a0efde7ad600
Author: Joris Vink <joris@coders.se>
Date:   Mon, 31 Aug 2020 13:23:20 +0200

Update ACME

applications/acme.md | 45+++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+), 0 deletions(-)

diff --git a/applications/acme.md b/applications/acme.md @@ -2,3 +2,48 @@ Kore can automatically provision certificates from ACME providers such as Let's Encrypt and others. + +## Enabling ACME on a domain + +Enabling ACME is quite straight forward. Make sure Kore was built with +the ACME=1 directive set at compile time. + +In your configuration, under the domain context you set the acme +configuration option to yes. + +``` +domain kore.io { + acme yes + accesslog /var/log/kore.log + route / serve_index +} +``` + +## ACME configuration + +There are a few ACME related configuration options. + +| Configuration option | Description | +| --- | --- | +| acme\_runas | The user the acme process will run as. If not set, the current user. | +| acme\_root | The root path for the acme process. If not set, inherited from the root option. | +| acme\_email | An email adress used for account registration. | +| acme\_provider | A URL to the directory for an ACME provider. Defaults to Let's Encrypt. | + +## ACME architecture + +When ACME is enabled, Kore will create a new acme process that stands +alone from your workers. It is this process that will talk to the +ACME servers and perform requests to them. + +The acme process will communicate when needed with the keymgr who holds +all your private keys (even the ACME account key is only held by keymgr). + +## ACME files + +All certificates and private keys are stored under the directory that +was configured via the **keymgr_root** configuration option. + +The RSA account key is stored as **account.pem** in the **keymgr_root** +directory while certificates and matching domain keys are stored under +the **certificates** and **keys** directories respectively.