docs/guide/config-cert.md
string>= v2.0.0-beta.37When applying for a Let's Encrypt certificate, we use the default CA address of Let's Encrypt. If you need to debug or obtain certificates from other providers, you can set CADir to their address.
::: tip
Please note that the address provided by
CADir needs to comply with the RFC 8555 standard.
:::
>= v2.0.0-beta.37[]string8.8.8.8:53,1.1.1.1:53This option is used to set the recursive nameservers used by Nginx UI in the DNS challenge step of applying for a certificate. If this option is not configured, Nginx UI will use the nameservers settings of the operating system.
>= v2.0.0-beta.37int7This option is used to set the automatic renewal interval of the Let's Encrypt certificate. By default, Nginx UI will automatically renew the certificate every 7 days.
>= v2.0.0-beta.37int9180This option is used to set the port for backend listening in the HTTP01 challenge mode when obtaining Let's Encrypt certificates. The HTTP01 challenge is a domain validation method used by Let's Encrypt to verify that you control the domain for which you're requesting a certificate.
When importing deployed certificates, automatic discovery scans the configured Nginx ssl directory for directories
that contain separate certificate and private key files, such as fullchain.pem and privkey.pem.
Combined certificate and private key single-PEM files are not auto-detected. Split them into separate certificate and key files before using discovery.
>= v2.2.2You can now register DNS domains inside Nginx-UI (Certificates → DNS Domains) and bind them to an existing DNS Credential. For every registered domain the UI exposes a full DNS record management experience (list, create, update, delete) that talks directly to the provider's API. This allows you to verify domains for certificate issuance and perform day-to-day DNS maintenance without leaving the dashboard.
Make sure the selected DNS Credential contains the API tokens and permissions required by the provider to edit DNS records.