aboutsummaryrefslogtreecommitdiffstats
path: root/config/lacme-certs.conf
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@debian.org>2021-02-22 03:30:32 +0100
committerGuilhem Moulin <guilhem@debian.org>2021-02-22 03:30:32 +0100
commitd1be19ea9484f4c48af2de54266465d49bb1281d (patch)
tree768da9388a9ea6ed42d8d818a6433a4871a1172e /config/lacme-certs.conf
parent847ae99fb1ed73fd77c6ffd30f2c554ab5892fde (diff)
parent3eba02ef820a393bd5781be9f8fcda1611ae7c3d (diff)
Merge tag 'v0.8.0' into debian/latest
Release version 0.8.0
Diffstat (limited to 'config/lacme-certs.conf')
-rw-r--r--config/lacme-certs.conf45
1 files changed, 25 insertions, 20 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf
index 232c85b..5259690 100644
--- a/config/lacme-certs.conf
+++ b/config/lacme-certs.conf
@@ -1,41 +1,46 @@
# Each non-default section refer to separate certificate issuance
-# requests. Options in the default section apply to each sections.
+# requests. Settings in the default section apply to each sections.
-# Message digest to sign the Certificate Signing Request with.
+# Message digest to sign the Certificate Signing Request with,
+# overriding the req(1ssl) default.
#
-#hash = sha512
+#hash =
-# Comma-separated list of Key Usages, see x509v3_config(5ssl).
+# Comma-separated list of Key Usages, for instance "digitalSignature,
+# keyEncipherment", to include in the Certificate Signing Request.
+# See x509v3_config(5ssl) for a list of possible values. Note that the
+# ACME might override the value provided here.
#
-#keyUsage = digitalSignature, keyEncipherment
+#keyUsage =
+
+# Path to the bundle of trusted issuer certificates. This is used for
+# validating each certificate after issuance or renewal. Specifying an
+# empty value skips certificate validation.
+#
+#CAfile = @@datadir@@/lacme/ca-certificates.crt
+
+# For an existing certificate, the minimum number of days before its
+# expiration date the section is considered for re-issuance.
+#
+#min-days = 21
#[www]
-# Path the service's private key. This option is required.
+# Path the service's private key. This setting is required.
#
#certificate-key = /etc/nginx/ssl/srv.key
# Where to store the issued certificate (in PEM format).
#
-#certificate = /etc/nginx/ssl/srv.pem
+#certificate = /etc/nginx/ssl/srv.crt
# Where to store the issued certificate along with its chain of trust
# (in PEM format).
#
-#certificate-chain = /etc/nginx/ssl/srv.chain.pem
-
-# For an existing certificate, the minimum number of days before its
-# expiration date the section is considered for re-issuance.
-#
-#min-days = 21
-
-# Path to trusted issuer certificates, used for validating each issued
-# certificate. Specifying an empty value skips certificate validation.
-#
-#CAfile = @@datadir@@/lacme/ca-certificates.crt
+#certificate-chain = /etc/nginx/ssl/srv.chain.crt
-# Subject field of the Certificate Signing Request. This option is
+# Subject field of the Certificate Signing Request. This setting is
# required.
#
#subject = /CN=example.org
@@ -61,7 +66,7 @@
#[smtp]
#certificate-key = /etc/postfix/ssl/srv.key
-#certificate-chain = /etc/postfix/ssl/srv.pem
+#certificate-chain = /etc/postfix/ssl/srv.crt
#subject = /CN=smtp.example.org
#notify = /bin/systemctl reload postfix