Merge branch 'master' into debian

author: Guilhem Moulin <guilhem@fripost.org> 2016-12-01 10:42:23 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2016-12-01 10:42:23 +0100
commit: 39031bb2a02789a956bf1ab3cbe092e4f17e1758 (patch)
tree: 763d243d85aa9e60946b8c38f68248e7340d8f20 /config
parent: 5b8c13bf44f7f1235f2dd0cec1f7f7e2c1a13a9e (diff)
parent: 8faab5db6571972156f45b5838b23dbb0fadd5c4 (diff)
3 files changed, 45 insertions, 12 deletions
diff --git a/config/lacme-accountd.conf b/config/lacme-accountd.conf
index 0a8b81a..94d2556 100644
--- a/config/lacme-accountd.conf
+++ b/config/lacme-accountd.conf
@@ -4,18 +4,18 @@
 #   - file:FILE, to specify an encrypted private key (in PEM format)
 #   - gpg:FILE, to specify a gpg-encrypted private key (in PEM format)
 #
-#privkey = gpg:/path/to/encrypted/priv.key.gpg
-#privkey = file:/path/to/priv.key
+#privkey = gpg:/path/to/encrypted/account.key.gpg
+#privkey = file:/path/to/account.key
 
 # For a gpg-encrypted private account key, "gpg" specifies the binary
 # gpg(1) to use, as well as some default options.  Default: "gpg
 # --quiet".
 #
-#gpg = gpg2 --quiet --no-auto-check-trustdb
+#gpg = gpg --quiet --no-auto-check-trustdb
 
 # The value of "socket" specifies the UNIX-domain socket to bind against
 # for signature requests from the ACME client.  An error is raised if
-# the path exists exists or if its parent directory is writable by other
+# the path exists or if its parent directory is writable by other
 # users.
 # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR
 # environment variable is set.
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf
index fbce5e2..9b9df2f 100644
--- a/config/lacme-certs.conf
+++ b/config/lacme-certs.conf
@@ -32,7 +32,7 @@
 # required.
 #subject = /CN=example.org
 
-# Comma-separated  list of Subject Alternative Names.
+# Comma-separated list of Subject Alternative Names.
 #subjectAltName = DNS:example.org,DNS:www.example.org
 
 # username[:groupname] to chown the issued certificate and
diff --git a/config/lacme.conf b/config/lacme.conf
index c5c643d..39cfd36 100644
--- a/config/lacme.conf
+++ b/config/lacme.conf
@@ -1,15 +1,18 @@
 # For certificate issuance (new-cert command), specify the certificate
 # configuration file to use
 #
-#config-certs = config/lacme-certs.conf
+#config-certs = /etc/lacme/lacme-certs.conf
 
 [client]
-# The value of "socket" specifies the lacme-accountd(1) UNIX-domain
-# socket to connect to for signature requests from the ACME client.
-# lacme(1) aborts if the socket is readable or writable by other users,
-# or if its parent directory is writable by other users.
+# The value of "socket" specifies the path to the lacme-accountd(1)
+# UNIX-domain socket to connect to for signature requests from the ACME
+# client.  lacme(1) aborts if the socket is readable or writable by
+# other users, or if its parent directory is writable by other users.
 # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment
 # variable is set.
+# This option is ignored when lacme-accountd(1) is spawned by lacme(1),
+# since the two processes communicate through a socket pair.  See the
+# "accountd" section below for details.
 #
 #socket = /run/user/1000/S.lacme
 
@@ -29,7 +32,7 @@
 #command = /usr/lib/lacme/client
 
 # Root URI of the ACME server.  NOTE: Use the staging server for testing
-# as it has relaxed ratelimit.
+# as it has relaxed rate-limiting.
 #
 #server = https://acme-v01.api.letsencrypt.org/
 #server = https://acme-staging.api.letsencrypt.org/
@@ -72,7 +75,7 @@
 # and also setting the list of supplementary gids to that single group).
 # Preserve root privileges if the value is empty (not recommended).
 #
-#user = www-data
+#group = www-data
 
 # Path to the ACME webserver executable.
 #command = /usr/lib/lacme/webserver
@@ -83,4 +86,34 @@
 #
 #iptables = Yes
 
+
+# lacme-accound(1) section.  Comment out the following section to make
+# lacme(1) connect to an existing UNIX-domain socket bound by a running
+# acme-accountd(1) process.
+[accountd]
+
+# username to drop privileges to (setting both effective and real uid).
+# Preserve root privileges if the value is empty.
+#
+#user = root
+
+# groupname to drop privileges to (setting both effective and real gid,
+# and also setting the list of supplementary gids to that single group).
+# Preserve root privileges if the value is empty.
+#
+#group = root
+
+# Path to the lacme-accountd(1) executable.
+#command = /usr/bin/lacme-accountd
+
+# Path to the lacme-accountd(1) configuration file.
+#config = /etc/lacme/lacme-accountd.conf
+
+# The (private) account key to use for signing requests.  See
+# lacme-accountd(1) for details.
+#privkey = file:/path/to/account.key
+
+# Be quiet.
+#quiet = Yes
+
 ; vim:ft=dosini
author	Guilhem Moulin <guilhem@fripost.org>	2016-12-01 10:42:23 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2016-12-01 10:42:23 +0100
commit	39031bb2a02789a956bf1ab3cbe092e4f17e1758 (patch)
tree	763d243d85aa9e60946b8c38f68248e7340d8f20 /config
parent	5b8c13bf44f7f1235f2dd0cec1f7f7e2c1a13a9e (diff)
parent	8faab5db6571972156f45b5838b23dbb0fadd5c4 (diff)