Hi Ronny, thank you for diving into the DNS-01 challenge!
To avoid modifying the .service unit, the latest update includes a special gift: Install custom CA certificate in Traefik · Issue #7300 · NethServer/dev · GitHub
The solution for issue 7300 is not limited to custom CA certificates. You can pass any environment variable to Traefik with it, including the provider’s token. And this is exactly what we need to make DNS-01 work.
- Create a file
dns01.envwith:INFOMANIAK_ACCESS_TOKEN=*** - Pass the
.envfile to Podman:runagent -m traefik1 python3 -c 'import agent ; agent.set_env("PODMAN_RUN_OPTS", "--env-file=dns01.env")'
This approach is better than exposing the token in the container command line.
If this works, somebody could write a complete Howto post with detailed steps.
From the API point of view (set-acme-server/get-acme-server), we probably need to handle the DNS-01 challenge beside HTTP-01 and the new default, TLS-ALPN-01.