slawek/azure-acme-provisioner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add HTTP-01 challenge support

Browse Source
This commit is contained in:
Sławek Koszewski
2026-05-21 20:18:32 +02:00
parent fcf412b13b
commit a92bdabac3
11 changed files with 983 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+21
View File
@@ -55,8 +55,28 @@ Common options:
--dry-run Show what would be done without making changes
--log-level <level> debug | info | warn | error (default: info)
--output <format> table | json (scan and status commands)
--http <port> Use HTTP-01 challenge on the given port (run and renew only)
```
### Challenge methods
By default `run` and `renew` use **DNS-01** via Azure DNS (requires DNS Zone Contributor role).
Pass `--http <port>` to use **HTTP-01** instead. The provisioner starts a temporary Express HTTP server on the given port and shuts it down after each certificate is issued. The server must be reachable from the internet on that port for the ACME CA to validate ownership.
```sh
# DNS-01 (default)
azure-acme-provisioner run
# HTTP-01 on port 80
azure-acme-provisioner run --http 80
# HTTP-01 on a non-privileged port (useful behind a reverse proxy or NAT rule)
azure-acme-provisioner run --http 8080
```
> **Note:** Binding port 80 requires root privileges or `CAP_NET_BIND_SERVICE`. When running in Docker, map the host port to the container: `-p 80:8080` and pass `--http 8080`.
## Configuration
All configuration is via environment variables. CLI flags override env vars when both are provided.
@@ -79,6 +99,7 @@ All configuration is via environment variables. CLI flags override env vars when
| `ACME_RENEWAL_THRESHOLD_DAYS` | `30` | Renew certificates this many days before expiry |
| `ACME_DNS_PROPAGATION_WAIT` | `60` | Maximum seconds to wait for DNS TXT record propagation |
| `ACME_DNS_CHALLENGE_TTL` | `60` | TTL (seconds) for DNS-01 challenge TXT records |
| `ACME_HTTP_PORT` | unset | If set to a positive integer, use HTTP-01 challenge on that port instead of DNS-01 |
| `ACME_LOG_LEVEL` | `info` | Log level: `debug`, `info`, `warn`, `error` |
| `ACME_SCHEDULE` | `0 0 2 * * *` | Azure Function timer schedule (cron expression, 6-field format). Only used when deployed as an Azure Function. |