mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-01-13 15:13:33 +01:00
Support CLI arguments for contact e-mail address, EAB_KID and EAB_HMAC_KEY #642
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @GTAXL on GitHub (May 18, 2025).
Hello, a user may want to register to multiple CAs. You have to modify these parameters in the dehydrated config file, which are only really necessary during the registration process. EAB_KID and EAB_HMAC_KEY are unique for each CA account. I think it makes more sense as a CLI argument. Other ACME clients like acme.sh pass EAB as CLI arguments.
Contact e-mail: A user may want to use a different e-mail address for a particular CA. For example for Google Trust Services you'll probably want to use your gmail address that is tied to your Google Cloud account, and for Let's Encrypt a different e-mail.
EAB_KID and EAB_HMAC_KEY: These are fine in the config file if you just use one CA, but they are only really necessary one time, during registration. As I'm aware? If a user wishes to register with additional CAs, they'll have to keep manually updating the config file to reflect the new keys.