v.25.11Experimental Feature

Support TLS certificates retrieval from ACME providers

Official CH changelog text
Support TLS certificates retrieval from ACME providers, RFC 8555, such as Let's Encrypt. This allows the autoconfiguration of TLS on distributed clusters. #66315 (Konstantin Bogdanov).
ClickHouse now supports automatic retrieval of TLS certificates from ACME providers, such as Let's Encrypt, enabling seamless TLS autoconfiguration for distributed clusters.

Why it matters

This feature addresses the challenge of manually managing TLS certificates in distributed ClickHouse clusters by automating certificate issuance and renewal through ACME protocol (RFC 8555). This enhances security and simplifies cluster setup and maintenance for users.

How to use it

Users can enable this feature by configuring ClickHouse to use an ACME provider for TLS certificates in the server configuration. This involves specifying ACME settings such as the provider, domain names, and any required credentials in the <code>tls_acme</code> section of the configuration file, allowing automatic certificate management and renewal.

Related resources

PreviousNext