matrix-docker-ansible-deploy/i18n/translation-templates/docs/configuring-playbook-ssl-certificates.pot

# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2018-2025, Slavi Pantaleev, Aine Etke, MDAD community members
# This file is distributed under the same license as the matrix-docker-ansible-deploy package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2025-11-06 23:09+0900\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#: ../../../docs/configuring-playbook-ssl-certificates.md:12
msgid "Adjusting SSL certificate retrieval (optional, advanced)"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:14
msgid "By default, the playbook retrieves and automatically renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) via [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) for the domains of the services it installs (e.g. `matrix.example.com` and others). Refer this guide if you want to modify settings about how it manages SSL certificates or have the Traefik server use yours."
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:16
msgid "**Notes**:"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:17
msgid "This guide is intended to be referred for configuring the integrated Traefik server with regard to SSL certificates retrieval. If you're using [your own webserver](configuring-playbook-own-webserver.md), consult its documentation about how to configure it."
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:18
msgid "Let's Encrypt ends the expiration notification email service on June 4, 2025 (see: [the official announcement](https://letsencrypt.org/2025/01/22/ending-expiration-emails/)), and it recommends using a third party service for those who want to receive expiration notifications. If you are looking for a self-hosting service, you may be interested in a monitoring tool such as [Update Kuma](https://github.com/louislam/uptime-kuma/)."
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:20
msgid "The [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook can be used to install and manage an Uptime Kuma instance. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/uptime-kuma.md) for the instruction to install it with the MASH playbook. If you are wondering how to use the MASH playbook for your Matrix server, refer [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md)."
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:22
msgid "Use staging Let's Encrypt certificates"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:24
msgid "For testing purposes, you may wish to use staging certificates provided by Let's Encrypt to avoid hitting [its rate limits](https://letsencrypt.org/docs/rate-limits/)."
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:26
msgid "To use ones, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:32
msgid "Disable SSL termination"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:34
msgid "For testing or other purposes, you may wish to install services without SSL termination and have services exposed to `http://` instead of `https://`."
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:36
msgid "To do so, add the following configuration to your `vars.yml` file:"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:42
msgid "Use self-signed SSL certificates"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:44
msgid "To use self-signed certificates, generate them and follow the documentation below about using your own certificates."
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:46
msgid "Use your own SSL certificates"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:48
msgid "To use your own certificates, prepare them and follow the steps below:"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:50
msgid "Disable [ACME](https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment) / [Let's Encrypt](https://letsencrypt.org/) support"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:51
msgid "Put a custom Traefik configuration file on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:52
msgid "Register your custom configuration file with Traefik, by adding an extra provider of type [file](https://doc.traefik.io/traefik/providers/file/)"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:53
msgid "Put the SSL files on the server, with the help of this Ansible playbook (via the [`aux` role](https://github.com/mother-of-all-self-hosting/ansible-role-aux)) or manually"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:55
msgid "For those steps, you can add the following configuration to your `vars.yml` file (adapt to your needs). If you will put the custom configuration files manually, make sure to remove the `aux_file_definitions` variable."
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:103
msgid "Use a DNS-01 ACME challenge type, instead of HTTP-01"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:105
msgid "You can configure Traefik to use the [DNS-01 challenge type](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) for Let's Encrypt. This is less commonly used than the default [HTTP-01 challenge type](https://letsencrypt.org/docs/challenge-types/#http-01-challenge), but can be helpful to:"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:107
msgid "hide your public IP from Let's Encrypt logs"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:108
msgid "allow you to obtain SSL certificates for servers which are not accessible (via HTTP) from the public internet (and for which the HTTP-01 challenge would fail)"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:110
msgid "Example: Cloudflare"
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:112
msgid "Here is an example for configurations on the `vars.yml` file for Cloudflare. Please adjust it as necessary before applying it."
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:127
msgid "Make sure to change the value of \"provider\" to your particular DNS solution, and provide the appropriate environment variables. The full list of supported providers is available [here](https://doc.traefik.io/traefik/https/acme/#providers)."
msgstr ""

#: ../../../docs/configuring-playbook-ssl-certificates.md:129
msgid "This example assumes you're using Cloudflare to manage your DNS zone. Note that it requires the use of two tokens: one for reading all zones (`CF_ZONE_API_TOKEN`) and another that must be able to edit the particular domain you're using (`CF_DNS_API_TOKEN`). For security, it's recommended that you create two fine-grained tokens for this purpose, but you might choose to use the same token for both."
msgstr ""