diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-12-05 16:52:52 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-12-05 16:52:52 +0100 |
| commit | 47ff80f540e71229832c972dcc2653958a0d7b56 (patch) | |
| tree | 331a34f4848f216382067ede028e84a484c2d8eb /lacme.md | |
| parent | 94a72b73a2b7e4309a7bc6434e85dfba8b1c8a7d (diff) | |
| parent | 0eb9f40182299b2615f5ac0190d40429f5f64ed7 (diff) | |
Merge tag 'upstream/0.2' into debian
Upstream version 0.2
Diffstat (limited to 'lacme.md')
| -rw-r--r-- | lacme.md | 33 |
1 files changed, 20 insertions, 13 deletions
@@ -115,9 +115,13 @@ Generic options : Use *path* as the [`lacme-accountd`(1)] UNIX-domain socket to connect to for signature requests from the [ACME] client. `lacme` aborts if `path` is readable or writable by other users, or if its - parent directory is writable by other users. This overrides the - *socket* option of the [`[client]` section](#client-section) of the - configuration file. + parent directory is writable by other users. + This command-line option overrides the *socket* option of the + [`[client]` section](#client-section) of the configuration file. + Moreover this option is ignored when the configuration file has an + [`[accountd]` section](#accountd-section); in that case `lacme` + spawns [`lacme-accountd`(1)], and the two processes communicate + through a socket pair. `-h`, `--help` @@ -147,9 +151,18 @@ Default section *config-certs* : For certificate issuances (`new-cert` command), specify the - certificate configuration file to use (see the **[certificate - configuration file](#certificate-configuration-file)** section below - for the configuration options). + space-separated list of certificate configuration files or + directories to use (see the **[certificate configuration + file](#certificate-configuration-file)** section below for the + configuration options). + + Paths not starting with `/` are relative to the directory name of + the **[configuration filename](#configuration-file)**. The list of + files and directories is processed in order, with the later items + taking precedence. Files in a directory are processed in + lexicographic order, only considering the ones with suffix `.conf`. + + Default: `lacme-certs.conf lacme-certs.conf.d/`. `[client]` section ------------------ @@ -299,12 +312,6 @@ Certificate configuration file For certificate issuances (`new-cert` command), a separate file is used to configure paths to the certificate and key, as well as the subject, subjectAltName, etc. to generate Certificate Signing Requests. -If `--config-certs=` is not given, and if the `config-certs` -configuration option is absent, then `lacme` uses the first existing -configuration file among *./lacme-certs.conf*, -*$XDG_CONFIG_HOME/lacme/lacme-certs.conf* (or -*~/.config/lacme/lacme-certs.conf* if the `XDG_CONFIG_HOME` environment -variable is not set), and */etc/lacme/lacme-certs.conf*. Each section denotes a separate certificate issuance. Valid options are: @@ -383,7 +390,7 @@ Examples ======== ~$ sudo lacme new-reg mailto:noreply@example.com - ~$ sudo lacme reg=/acme/reg/137760 --agreement-uri=https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf + ~$ sudo lacme reg=/acme/reg/123456 --agreement-uri=https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf ~$ sudo lacme new-cert ~$ sudo lacme revoke-cert /path/to/server/certificate.pem |