diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2016-12-05 16:52:52 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2016-12-05 16:52:52 +0100 |
commit | 47ff80f540e71229832c972dcc2653958a0d7b56 (patch) | |
tree | 331a34f4848f216382067ede028e84a484c2d8eb /config/lacme-certs.conf | |
parent | 94a72b73a2b7e4309a7bc6434e85dfba8b1c8a7d (diff) | |
parent | 0eb9f40182299b2615f5ac0190d40429f5f64ed7 (diff) |
Merge tag 'upstream/0.2' into debian
Upstream version 0.2
Diffstat (limited to 'config/lacme-certs.conf')
-rw-r--r-- | config/lacme-certs.conf | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf index 9b9df2f..12fcd54 100644 --- a/config/lacme-certs.conf +++ b/config/lacme-certs.conf @@ -1,49 +1,62 @@ -# Each non-default section denotes a separate certificate issuance. -# Options in the default section apply to each sections. +# Each non-default section refer to separate certificate issuance +# requests. Options in the default section apply to each sections. # Message digest to sign the Certificate Signing Request with. +# #hash = sha512 # Comma-separated list of Key Usages, see x509v3_config(5ssl). +# #keyUsage = digitalSignature, keyEncipherment + #[www] +# Path the service's private key. This option is required. +# +#certificate-key = /etc/nginx/ssl/srv.key + # Where to store the issued certificate (in PEM format). +# #certificate = /etc/nginx/ssl/srv.pem # Where to store the issued certificate, concatenated with the content # of the file specified specified with the CAfile option (in PEM format). +# #certificate-chain = /etc/nginx/ssl/srv.chain.pem -# Path the service's private key. This option is required. -#certificate-key = /etc/nginx/ssl/srv.key - # For an existing certificate, the minimum number of days before its # expiration date the section is considered for re-issuance. +# #min-days = 10 # Path to the issuer's certificate. This is used for certificate-chain # and to verify the validity of each issued certificate. Specifying an # empty value skip certificate validation. +# #CAfile = /usr/share/lacme/lets-encrypt-x3-cross-signed.pem # Subject field of the Certificate Signing Request. This option is # required. +# #subject = /CN=example.org # Comma-separated list of Subject Alternative Names. +# #subjectAltName = DNS:example.org,DNS:www.example.org # username[:groupname] to chown the issued certificate and # certificate-chain with. +# #chown = root:root -# octal mode to chmod the issued certificate and certificate-chain with. +# Octal mode to chmod the issued certificate and certificate-chain with. +# #chmod = 0644 # Command to pass the the system's command shell ("/bin/sh -c") after # successful installation of the certificate and/or certificate-chain. +# #notify = /bin/systemctl reload nginx |