github-repos/acme.sh
1
0
Fork 0
mirror of https://github.com/acmesh-official/acme.sh.git synced 2025-03-08 14:40:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Further simplification

Jean-Tiare Le Bigot 2017-05-22 15:41:14 +02:00
parent 609fc57528
commit 3a49869c2d
1 changed files with 13 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
How-to-use-OVH-domain-api.md

@ -1,61 +1,27 @@
# Quick-Start
## 1. Create application key, secret and consumer
It is a good security practice to limit the power of individual credentials to limit the damage in case anything goes wrong. acme.sh only requires access to the domain API to deal with the dns-01 challenge.
- OVH Europe: https://api.ovh.com/createToken/?GET=/domain/zone/*&POST=/domain/zone/*&PUT=/domain/zone/*
- OVH Canada: https://ca.api.ovh.com/createToken/?GET=/domain/zone/*&POST=/domain/zone/*&PUT=/domain/zone/*
**If you plan to manage SSL certificates for multiple/any zones:**
In the page, please select "Unlimited" for the Validity.
https://api.ovh.com/createToken/?GET=/domain/zone/*&POST=/domain/zone/*&PUT=/domain/zone/*
**If you plan to manage SSL certificates for a specif zone:**
https://api.ovh.com/createToken/?GET=/domain/zone/mydomain.com/*&POST=/domain/zone/mydomain.com/*&PUT=/domain/zone/mydomain.com/*&GET=/domain/zone/mydomain.com
In the page, please select "Unlimited" for the Validity and replace ``mydomain.com`` by the zone you need to manage
## 2. Set API key and API secret.
## 2. Profite!
```
# application key
# Credentials
export OVH_AK="your application key"
# application secret
export OVH_AS="your application secret"
# consumer key
export OVH_CK="your consumer key"
acme.sh --issue -d mydomain.com --dns dns_ovh
# Generate your certificate
acme.sh --issue -d mydomain.com --dns dns_ovh
```
## 3. OVH api support OVH, kimsufi, soyoustart and runabove.
The default is using ovh-eu region.
# Security
if you are using ovh-ca region,
It is a good security practice to limit what a given API key can in the event it is lost, stolen or anything wrong happens to limit the potential damages. OVH API keys can be limited to a specific domain zone using a simple pattern mechanism. For example, to restrict an OVH API key to manage "mydomain.com", you may use the following settings. Of course this can easily be customized to support any or multiple domains:
Create app key here: https://ca.api.ovh.com/createToken/
Then please specify the region in the first step:
```
export OVH_END_POINT=ovh-ca
export OVH_AK="your application key"
export OVH_AS="your application secret"
export OVH_CK="your consumer key"
acme.sh --issue -d mydomain.com --dns dns_ovh
```
Supported regions:
```
#'ovh-eu' (default)
#'ovh-ca':
#'kimsufi-eu'
#'kimsufi-ca'
#'soyoustart-eu'
#'soyoustart-ca'
#'runabove-ca'
```
- OVH Europe: https://api.ovh.com/createToken/?GET=/domain/zone/mydomain.com/*&POST=/domain/zone/mydomain.com/*&PUT=/domain/zone/mydomain.com/*&GET=/domain/zone/mydomain.com
- OVH Canada: https://ca.api.ovh.com/createToken/?GET=/domain/zone/mydomain.com/*&POST=/domain/zone/mydomain.com/*&PUT=/domain/zone/mydomain.com/*&GET=/domain/zone/mydomain.com