ACME: ACME with Kong storage - Plugin

ACME with Kong storagev2.0+

Configure the ACME plugin with Kong Gateway as the storage backend.

Note: This option is not supported in Konnect or DB-less mode.

Prerequisites

A public IP and a resolvable DNS
Kong Gateway accepts proxy traffic on port 80

Environment variables

EMAIL: The account identifier.
KEY_ID: The kid of a Key.
KEY_SET: The name of a Key Set to associate the Key ID with.
DOMAIN: An array of strings representing hosts.

Set up the plugin

Add this section to your kong.yaml configuration file:

kong.yaml

Copied!

_format_version: "3.0"
plugins:
  - name: acme
    config:
      account_email: ${{ env "DECK_EMAIL" }}
      account_key:
        key_id: ${{ env "DECK_KEY_ID" }}
        key_set: ${{ env "DECK_KEY_SET" }}
      domains:
      - ${{ env "DECK_DOMAIN" }}
      tos_accepted: true
      storage: kong

Make the following request:

curl -i -X POST http://localhost:8001/plugins/ \
    --header "Accept: application/json" \
    --header "Content-Type: application/json" \
    --data '
    {
      "name": "acme",
      "config": {
        "account_email": "'$EMAIL'",
        "account_key": {
          "key_id": "'$KEY_ID'",
          "key_set": "'$KEY_SET'"
        },
        "domains": [
          "'$DOMAIN'"
        ],
        "tos_accepted": true,
        "storage": "kong"
      }
    }
    '

Copied!

echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
  name: acme
  namespace: kong
  annotations:
    kubernetes.io/ingress.class: kong
  labels:
    global: 'true'
config:
  account_email: '$EMAIL'
  account_key:
    key_id: '$KEY_ID'
    key_set: '$KEY_SET'
  domains:
  - '$DOMAIN'
  tos_accepted: true
  storage: kong
plugin: acme
" | kubectl apply -f -

Copied!

ACME

ACME with Kong storagev2.0+

Prerequisites

Environment variables

Set up the plugin

Did this doc help?

Help us make these docs great!

Still need help