diff --git a/samples/standalone.yml b/samples/standalone.yml index e6d946f03..17050080d 100644 --- a/samples/standalone.yml +++ b/samples/standalone.yml @@ -74,6 +74,12 @@ env: ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate #LETSENCRYPT_ACCOUNT_EMAIL: me@example.com + ## To use DNS verification with letsencrypt uncomment below and add the relevant environment variables from: https://github.com/acmesh-official/acme.sh/wiki/dnsapi + # (cloudflare example) + #DISCOURSE_ACME_DNS_MODE: dns_cf + #CF_Key: 763eac4f1bcebd8b5c95e9fc50d010b4 + #CF_Email: user@example.com + ## The http or https CDN address for this Discourse instance (configured to pull) ## see https://meta.discourse.org/t/14857 for details #DISCOURSE_CDN_URL: https://discourse-cdn.example.com diff --git a/samples/web_only.yml b/samples/web_only.yml index c4753dde0..74d01eaa8 100644 --- a/samples/web_only.yml +++ b/samples/web_only.yml @@ -65,6 +65,12 @@ env: ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate #LETSENCRYPT_ACCOUNT_EMAIL: me@example.com + ## To use DNS verification with letsencrypt uncomment below and add the relevant environment variables from: https://github.com/acmesh-official/acme.sh/wiki/dnsapi + # (cloudflare example) + #DISCOURSE_ACME_DNS_MODE: dns_cf + #CF_Key: 763eac4f1bcebd8b5c95e9fc50d010b4 + #CF_Email: user@example.com + ## TODO: configure connectivity to the databases DISCOURSE_DB_SOCKET: '' #DISCOURSE_DB_USERNAME: discourse diff --git a/templates/web.letsencrypt.ssl.template.yml b/templates/web.letsencrypt.ssl.template.yml index ba5f55178..2a6b89aff 100644 --- a/templates/web.letsencrypt.ssl.template.yml +++ b/templates/web.letsencrypt.ssl.template.yml @@ -59,7 +59,11 @@ hooks: /usr/sbin/nginx -c /etc/nginx/letsencrypt.conf issue_cert() { - LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh --issue $2 -d $$ENV_DISCOURSE_HOSTNAME --keylength $1 -w /var/www/discourse/public + if [ -z $DISCOURSE_ACME_DNS_MODE ]; then + LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh --issue $2 -d $$ENV_DISCOURSE_HOSTNAME --keylength $1 -w /var/www/discourse/public + else + LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh --dns ${DISCOURSE_ACME_DNS_MODE} --issue $2 -d $$ENV_DISCOURSE_HOSTNAME --keylength $1 -w /var/www/discourse/public + fi } cert_exists() {