github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-08 07:04:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

minor edits

Browse Source
This commit is contained in:
Tuan Dang
2025-12-11 20:32:15 -08:00
parent a60f6a50ae
commit 15d0b2715e
2 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/documentation/platform/pki/enrollment-methods/acme.mdx
View File

@@ -27,12 +27,14 @@ In the following steps, we explore how to issue a X.509 certificate using the AC
![pki acme config](/images/platform/pki/enrollment-methods/acme/acme-config.png)
<Note>
By default, when your ACME client attempts to get a certificate issued with the certificate profile, the Infisical ACME server will verify your domain ownership.
Currently only HTTP-01 is supported.
If you want to skip the domain validation process, please check the `Skip DNS Ownership Validation` checkbox.
However, please note that we can only skip the DNS validation for certificate issuance requests from your ACME client to our Infisical ACME server.
If you are using a third-party ACME external Certificate Authority as the source of certificate issuance, that external CA may still require domain ownership validation.
Please read the [document for external ACME CA](/documentation/platform/pki/ca/acme-ca) to learn more.
By default, when the ACME client requests a certificate against the certificate profile for a particular domain, Infisical will verify domain ownership using the [HTTP-01 challenge](https://letsencrypt.org/docs/challenge-types/#http-01-challenge) method prior to issuing a certificate back to the client.
If you want Infisical to skip domain ownership validation entirely, you can enable the **Skip DNS Ownership Validation** checkbox.
Note that skipping domain ownership validation for the ACME enrollment method is **not the same** as skipping validation for an [External ACME CA integration](/documentation/platform/pki/ca/acme-ca).
When using the ACME enrollment, the domain ownership check occurring between the ACME client and Infisical can be skipped. In contrast, External ACME CA integrations always require domain ownership validation, as Infisical must complete a DNS-01 challenge with the upstream ACME-compatible CA.
</Note>
</Step>

2
docs/documentation/platform/pki/k8s-cert-manager.mdx
View File

@@ -139,7 +139,7 @@ The following steps show how to install cert-manager (using `kubectl`) and obtai
```
<Note>
- Currently, the Infisical ACME server only supports the HTTP-01 challenge. Support for DNS-01 is planned for a future release. If domain ownership validation is not desired, you can disable it by enabling the `Skip DNS ownership validation` option in your ACME certificate profile configuration. Please read [the document for ACME certificate profile](/documentation/platform/pki/enrollment-methods/acme) to learn more.
- Currently, the [ACME enrollment method](/documentation/platform/pki/enrollment-methods/acme) only supports the [HTTP-01 challenge](https://letsencrypt.org/docs/challenge-types/#http-01-challenge) method. Support for the [DNS-01 challenge](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) method is planned for a future release. If domain ownership validation is not desired, you can disable it by enabling the **Skip DNS ownership validation** option in your ACME certificate profile configuration.
- An `Issuer` is namespace-scoped. Certificates can only be issued using an `Issuer` that exists in the same namespace as the `Certificate` resource.
- If you need to issue certificates across multiple namespaces with a single resource, create a `ClusterIssuer` instead. The configuration is identical except `kind: ClusterIssuer` and no `metadata.namespace`.
- More details: https://cert-manager.io/docs/configuration/acme/