aboutsummaryrefslogtreecommitdiffstats
path: root/config/lacme-certs.conf
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-12-05 16:52:52 +0100
committerGuilhem Moulin <guilhem@fripost.org>2016-12-05 16:52:52 +0100
commit47ff80f540e71229832c972dcc2653958a0d7b56 (patch)
tree331a34f4848f216382067ede028e84a484c2d8eb /config/lacme-certs.conf
parent94a72b73a2b7e4309a7bc6434e85dfba8b1c8a7d (diff)
parent0eb9f40182299b2615f5ac0190d40429f5f64ed7 (diff)
Merge tag 'upstream/0.2' into debian
Upstream version 0.2
Diffstat (limited to 'config/lacme-certs.conf')
-rw-r--r--config/lacme-certs.conf25
1 files changed, 19 insertions, 6 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf
index 9b9df2f..12fcd54 100644
--- a/config/lacme-certs.conf
+++ b/config/lacme-certs.conf
@@ -1,49 +1,62 @@
-# Each non-default section denotes a separate certificate issuance.
-# Options in the default section apply to each sections.
+# Each non-default section refer to separate certificate issuance
+# requests. Options in the default section apply to each sections.
# Message digest to sign the Certificate Signing Request with.
+#
#hash = sha512
# Comma-separated list of Key Usages, see x509v3_config(5ssl).
+#
#keyUsage = digitalSignature, keyEncipherment
+
#[www]
+# Path the service's private key. This option is required.
+#
+#certificate-key = /etc/nginx/ssl/srv.key
+
# Where to store the issued certificate (in PEM format).
+#
#certificate = /etc/nginx/ssl/srv.pem
# Where to store the issued certificate, concatenated with the content
# of the file specified specified with the CAfile option (in PEM format).
+#
#certificate-chain = /etc/nginx/ssl/srv.chain.pem
-# Path the service's private key. This option is required.
-#certificate-key = /etc/nginx/ssl/srv.key
-
# For an existing certificate, the minimum number of days before its
# expiration date the section is considered for re-issuance.
+#
#min-days = 10
# Path to the issuer's certificate. This is used for certificate-chain
# and to verify the validity of each issued certificate. Specifying an
# empty value skip certificate validation.
+#
#CAfile = /usr/share/lacme/lets-encrypt-x3-cross-signed.pem
# Subject field of the Certificate Signing Request. This option is
# required.
+#
#subject = /CN=example.org
# Comma-separated list of Subject Alternative Names.
+#
#subjectAltName = DNS:example.org,DNS:www.example.org
# username[:groupname] to chown the issued certificate and
# certificate-chain with.
+#
#chown = root:root
-# octal mode to chmod the issued certificate and certificate-chain with.
+# Octal mode to chmod the issued certificate and certificate-chain with.
+#
#chmod = 0644
# Command to pass the the system's command shell ("/bin/sh -c") after
# successful installation of the certificate and/or certificate-chain.
+#
#notify = /bin/systemctl reload nginx