diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2016-06-14 01:12:08 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2016-06-14 01:12:08 +0200 |
commit | efde1af7077cff081a3dd9cb28b5896e6e9ed25a (patch) | |
tree | 4657dc076b8844a9e8960789177bb9cd584e3599 /config/lacme.conf | |
parent | 76b9e800da0c7dd88a55fa9dac153c513e6e7748 (diff) | |
parent | c0849fb8b99216e9b2e20132296253f1ee905193 (diff) |
Merge branch 'master' into debian
Diffstat (limited to 'config/lacme.conf')
-rw-r--r-- | config/lacme.conf | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/config/lacme.conf b/config/lacme.conf new file mode 100644 index 0000000..edcbbb0 --- /dev/null +++ b/config/lacme.conf @@ -0,0 +1,86 @@ +# For certificate issuance (new-cert command), specify the certificate +# configuration file to use +# +#config-certs = config/lacme-certs.conf + +[client] +# The value of "socket" specifies the lacme-accountd(1) UNIX-domain +# socket to connect to for signature requests from the ACME client. +# lacme aborts if the socket is readable or writable by other users, or +# if its parent directory is writable by other users. +# Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment +# variable is set. +# +#socket = /run/user/1000/S.lacme + +# username to drop privileges to (setting both effective and real uid). +# Preserve root privileges if the value is empty (not recommended). +# Default: "nobody". +# +#user = lacme + +# groupname to drop privileges to (setting both effective and real gid, +# and also setting the list of supplementary gids to that single group). +# Preserve root privileges if the value is empty (not recommended). +# +#group = nogroup + +# Path to the ACME client executable. +#command = /usr/lib/lacme/client + +# Root URI of the ACME server. NOTE: Use the staging server for testing +# as it has relaxed ratelimit. +# +#server = https://acme-v01.api.letsencrypt.org/ +#server = https://acme-staging.api.letsencrypt.org/ + +# Timeout in seconds after which the client stops polling the ACME +# server and considers the request failed. +# +#timeout = 10 + +# Whether to verify the server certificate chain. +#SSL_verify = yes + +# Specify the version of the SSL protocol used to transmit data. +#SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2 + +# Specify the cipher list for the connection. +#SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL + + +[webserver] + +# Specify the local address to listen on, in the form ADDRESS[:PORT]. +# +#listen = 0.0.0.0:80 +#listen = [::]:80 + +# If a webserver is already running, specify a non-existent directory +# under which the webserver is configured to serve GET requests for +# challenge files under "/.well-known/acme-challenge/" (for each virtual +# hosts requiring authorization) as static files. +# +#challenge-directory = /var/www/acme-challenge + +# username to drop privileges to (setting both effective and real uid). +# Preserve root privileges if the value is empty (not recommended). +# +#user = www-data + +# groupname to drop privileges to (setting both effective and real gid, +# and also setting the list of supplementary gids to that single group). +# Preserve root privileges if the value is empty (not recommended). +# +#user = www-data + +# Path to the ACME webserver executable. +#command = /usr/lib/lacme/webserver + +# Whether to automatically install iptables(1) rules to open the +# ADDRESS[:PORT] specified with listen. Theses rules are automatically +# removed once lacme(1) exits. +# +#iptables = Yes + +; vim:ft=dosini |