- Environmental Variable:
- Config File Key:
Turning on autocert allows Pomerium to automatically retrieve, manage, and renew public facing TLS certificates from Let's Encrypt which includes managed routes and the authenticate service. Autocert Directory must be used with Autocert must have a place to persist, and share certificate data between services. Note that autocert also provides OCSP stapling.
This setting can be useful in situations where you may not have Pomerium behind a TLS terminating ingress or proxy that is already handling your public certificates on your behalf.
Autocert requires that ports
443 be accessible from the internet in order to complete a TLS-ALPN-01 challenge.