aboutsummaryrefslogtreecommitdiffstats
path: root/config/lacme-certs.conf
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-12-01 13:59:25 +0100
committerGuilhem Moulin <guilhem@fripost.org>2016-12-01 13:59:25 +0100
commitac0362fb5a5e83b0ed6c1e31c2c1f3d1dfbc1ced (patch)
treef18552f5dad6638d7921a207234c3be26b109c8e /config/lacme-certs.conf
parentd39ec1c01a622996b5470ec6ce359be254f5274e (diff)
Improve formatting of config files.
Diffstat (limited to 'config/lacme-certs.conf')
-rw-r--r--config/lacme-certs.conf16
1 files changed, 14 insertions, 2 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf
index 45c46a8..12fcd54 100644
--- a/config/lacme-certs.conf
+++ b/config/lacme-certs.conf
@@ -1,50 +1,62 @@
-# Each non-default section denotes a separate certificate issuance.
-# Options in the default section apply to each sections.
+# Each non-default section refer to separate certificate issuance
+# requests. Options in the default section apply to each sections.
# Message digest to sign the Certificate Signing Request with.
+#
#hash = sha512
# Comma-separated list of Key Usages, see x509v3_config(5ssl).
+#
#keyUsage = digitalSignature, keyEncipherment
#[www]
# Path the service's private key. This option is required.
+#
#certificate-key = /etc/nginx/ssl/srv.key
# Where to store the issued certificate (in PEM format).
+#
#certificate = /etc/nginx/ssl/srv.pem
# Where to store the issued certificate, concatenated with the content
# of the file specified specified with the CAfile option (in PEM format).
+#
#certificate-chain = /etc/nginx/ssl/srv.chain.pem
# For an existing certificate, the minimum number of days before its
# expiration date the section is considered for re-issuance.
+#
#min-days = 10
# Path to the issuer's certificate. This is used for certificate-chain
# and to verify the validity of each issued certificate. Specifying an
# empty value skip certificate validation.
+#
#CAfile = /usr/share/lacme/lets-encrypt-x3-cross-signed.pem
# Subject field of the Certificate Signing Request. This option is
# required.
+#
#subject = /CN=example.org
# Comma-separated list of Subject Alternative Names.
+#
#subjectAltName = DNS:example.org,DNS:www.example.org
# username[:groupname] to chown the issued certificate and
# certificate-chain with.
+#
#chown = root:root
# Octal mode to chmod the issued certificate and certificate-chain with.
+#
#chmod = 0644
# Command to pass the the system's command shell ("/bin/sh -c") after
# successful installation of the certificate and/or certificate-chain.
+#
#notify = /bin/systemctl reload nginx