aboutsummaryrefslogtreecommitdiffstats
path: root/config/letsencrypt-certs.conf
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-03-02 18:19:04 +0100
committerGuilhem Moulin <guilhem@fripost.org>2016-03-02 18:19:04 +0100
commit97369c2e6dce66881d673ba308acd069c08a8776 (patch)
tree3946b0216071d0b2e47b805ac2a19bef685a6c38 /config/letsencrypt-certs.conf
parentc4db1e4a18a13f7db04dbbd10663f0edba7d206d (diff)
parent63633fd91bcc97217f2ac45ba602d752e8fbaafd (diff)
Merge branch 'master' into debian
Diffstat (limited to 'config/letsencrypt-certs.conf')
-rw-r--r--config/letsencrypt-certs.conf56
1 files changed, 56 insertions, 0 deletions
diff --git a/config/letsencrypt-certs.conf b/config/letsencrypt-certs.conf
new file mode 100644
index 0000000..5613ef6
--- /dev/null
+++ b/config/letsencrypt-certs.conf
@@ -0,0 +1,56 @@
+# Each non-default section denotes a separate certificate issuance.
+# Options in the default section apply to each sections.
+
+# Message digest to sign the Certificate Signing Request with.
+#hash = sha512
+
+# Comma-separated list of Key Usages, see x509v3_config(5ssl).
+#keyUsage = digitalSignature, keyEncipherment
+
+#[www]
+
+# Where to store the issued certificate (in PEM format).
+#certificate = /etc/nginx/ssl/srv.pem
+
+# Where to store the issued certificate, concatenated with the content
+# of the file specified specified with the CAfile option (in PEM format).
+#certificate-chain = /etc/nginx/ssl/srv.chain.pem
+
+# Path the service's private key. This option is required.
+#certificate-key = /etc/nginx/ssl/srv.key
+
+# For an existing certificate, the minimum number of days before its
+# expiration date the section is considered for re-issuance.
+#min-days = 10
+
+# Path to the issuer's certificate. This is used for certificate-chain
+# and to verify the validity of each issued certificate. Specifying an
+# empty value skip certificate validation.
+#CAfile = /usr/share/letsencrypt-tiny/lets-encrypt-x1-cross-signed.pem
+
+# Subject field of the Certificate Signing Request. This option is
+# required.
+#subject = /CN=example.org
+
+# Comma-separated list of Subject Alternative Names.
+#subjectAltName = DNS:example.org,DNS:www.example.org
+
+# username[:groupname] to chown the issued certificate and
+# certificate-chain with.
+#chown = root:root
+
+# octal mode to chmod the issued certificate and certificate-chain with.
+#chmod = 0644
+
+# Command to pass the the system's command shell ("/bin/sh -c") after
+# successful installation of the certificate and/or certificate-chain.
+#notify = /bin/systemctl restart nginx
+
+
+#[smtp]
+#certificate-key = /etc/postfix/ssl/srv.key
+#certificate-chain = /etc/postfix/ssl/srv.pem
+#subject = /CN=smtp.example.org
+#notify = /bin/systemctl restart postfix
+
+; vim:ft=dosini