Hi,
I went through docs on ACME in PKI secrets engine but I can’t find anywhere information on how one can limit the types of challenges used by the Vault ACME server. For example I’d like to disable HTTP-01 and TLS-ALPN-01 and only allow DNS-01.
Are there any options that one can tune on the mount point. Example:
> $ vault read sys/mounts/guardanet_corp/v1/ica2/v1/acme
> Key Value
> --- -----
> accessor pki_561b1add
> config map[allowed_response_headers:[Last-Modified Location Replay-Nonce Link] default_lease_ttl:129600 force_no_cache:false max_lease_ttl:31536000 passthrough_request_headers:[If-Modified-Since]]
> deprecation_status supported
> description PKI engine hosting Guardanet's Issuing CA2 for ACME - v1
> external_entropy_access false
> local false
> options map[allowed-response-headers:Link passthrough-request-headers:If-Modified-Since]
> plugin_version n/a
> running_plugin_version v1.16.2+builtin.vault
> running_sha256 n/a
> seal_wrap false
> type pki
> uuid 800e6143-bda8-601d-0c99-73fb0d787bc5
or options that can be set in the acme configuration of a pki mount, ex
$ vault read guardanet_corp/v1/ica2/v1/config/acme
Key Value
--- -----
allow_role_ext_key_usage false
allowed_issuers [*]
allowed_roles [*]
default_directory_policy sign-verbatim
dns_resolver n/a
eab_policy not-required
enabled true
Thank you in advance for your help