Providers (Challenge Solvers)
Providers AKA Challenge Solvers are how you prove to the ACME Server that you actually control the domain(s) you're requesting certificates for.
There are two main methods to accomplish this. One is http-01 and the other is dns-01.
The Providers page shows all current providers. It also allows adding,
editing, and deleting of providers.
Challenge Types
http-01
The http-01 method works by running an http server that provides a specfic reply to the ACME Server when it reaches out to the http server. The http response MUST be provided by the domain name you're requesting a certificate for and it must be served from internet facing port 80.
This tends to prove challenging for a number of reasons so most people use the dns-01 method instead. If you do want to use http-01, Cert Warden provides a built-in http server specifically for this purpose.
This method does NOT support wildcards.
dns-01
The dns-01 method works by provisioning a dns TXT record that the ACME Server checks for. Since no internet facing http service is required, this tends to be the preferred method, though it does have its own risks such as usually requiring API keys capable of adding and deleting dns records, which if compromised could be substantially harmful.
Cert Warden has a number of dns-01 options built-in, but the most common for users is likely to be the acme.sh method as it supports the most dns providers.
Configuration
Domains
You can add as many providers as you need. Each provider's configuration requires
a list of the domains the provider should be used for. If you only have one
provider or if you have a provider that handles most domains, you can configure
one wildcard provider using a single domain of * which directs Cert Warden to use
the provider for all domains that aren't explicitly defined on another provider.
Do not use wildcards here. The provider will be selected for all subdomains (including the wildcard subdomain) of the specified domains.
Provider Specific Options
Select your provider for more detailed configuration information.
📄️ dns-01 acme-dns
acme-dns is a simplified dns server that limits access to your main dns provider.
📄️ dns-01 acme.sh
acme.sh is a shell script that supports dozens of dns providers.
📄️ dns-01 Cloudflare
This is Cert Warden's native integration with Cloudflare as a dns provider.
📄️ dns-01 Manual Script
For unsupported dns providers, a script option is available.
📄️ dns-01 go-acme le-go
go-acme/le-go is a Go library that provides access to dozens of DNS providers.
📄️ http-01 Internal Server
This is Cert Warden's built-in http challenge server.