ACME Overview
Automated TLS certificate issuance and renewal via ACME DNS-01 — CA providers, ACME accounts, DNS credentials, and version-scoped Envoy secrets.
CA Providers & EAB
Choosing a Certificate Authority, listing supported CA providers and environments, and supplying External Account Binding (EAB) credentials.
DNS Credentials
Storing DNS provider API tokens that authorize the ACME DNS-01 challenge — supported providers, creating, testing, and rotating credentials.
Multi-Version Secrets
The version-scoped certificate model — how one ACME certificate is written to per-Envoy-version secrets, adding versions, and duplicating.
Renewal & Troubleshooting
DNS-01 verification, manual verify and retry, manual and automatic renewal, changing the DNS credential, and diagnosing stuck verifications.