From: William Lallemand Date: Mon, 4 May 2026 12:40:20 +0000 (+0200) Subject: DOC: acme: document missing acme-vars and provider-name keywords X-Git-Tag: v3.4-dev11~67 X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=4153aae9325d5450f90a03a5bad451b9b5ef21cd;p=haproxy.git DOC: acme: document missing acme-vars and provider-name keywords Both keywords are used with dns-01 and dns-persist-01 challenges to pass information to an external DNS provisioning tool (e.g. the dataplaneAPI) via the "dpapi" sink. provider-name sets the DNS provider identifier and acme-vars passes arbitrary tool-specific variables. Thanks to @oliwer for reporting the issue. Must be backported to 3.2, however previous version don't have "dns-persist-01". --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 1ea7ed3ca..3316db7c9 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -32447,6 +32447,16 @@ account-key openssl ecparam -name secp384r1 -genkey -noout -out account.key +acme-vars + Pass arbitrary variables to the external DNS provisioning tool (e.g. the + dataplaneAPI) via the "dpapi" sink. The semantics are tool-specific; refer + to your DNS provisioning tool's documentation. + + This keyword is only meaningful when the challenge type is "dns-01" or + "dns-persist-01". + + See also: "challenge", "provider-name" + bits Configure the number of bits to generate an RSA certificate. Default to 2048. Setting a too high value can trigger a warning if your machine is not @@ -32596,6 +32606,16 @@ profile # Request short-lived certificates profile shortlived +provider-name + Set the DNS provider name passed to the external DNS provisioning tool (e.g. + the dataplaneAPI) via the "dpapi" sink. The accepted values are + tool-specific; refer to your DNS provisioning tool's documentation. + + This keyword is only meaningful when the challenge type is "dns-01" or + "dns-persist-01". + + See also: "challenge", "acme-vars" + reuse-key { on | off } If set to "on", HAProxy won't generate a new private key and will keep the previous one. Rotating private keys is recommended, when enabling this option