diff options
Diffstat (limited to 'config/lacme-certs.conf')
| -rw-r--r-- | config/lacme-certs.conf | 45 |
1 files changed, 25 insertions, 20 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf index 232c85b..5259690 100644 --- a/config/lacme-certs.conf +++ b/config/lacme-certs.conf @@ -1,41 +1,46 @@ # Each non-default section refer to separate certificate issuance -# requests. Options in the default section apply to each sections. +# requests. Settings in the default section apply to each sections. -# Message digest to sign the Certificate Signing Request with. +# Message digest to sign the Certificate Signing Request with, +# overriding the req(1ssl) default. # -#hash = sha512 +#hash = -# Comma-separated list of Key Usages, see x509v3_config(5ssl). +# Comma-separated list of Key Usages, for instance "digitalSignature, +# keyEncipherment", to include in the Certificate Signing Request. +# See x509v3_config(5ssl) for a list of possible values. Note that the +# ACME might override the value provided here. # -#keyUsage = digitalSignature, keyEncipherment +#keyUsage = + +# Path to the bundle of trusted issuer certificates. This is used for +# validating each certificate after issuance or renewal. Specifying an +# empty value skips certificate validation. +# +#CAfile = @@datadir@@/lacme/ca-certificates.crt + +# For an existing certificate, the minimum number of days before its +# expiration date the section is considered for re-issuance. +# +#min-days = 21 #[www] -# Path the service's private key. This option is required. +# Path the service's private key. This setting is required. # #certificate-key = /etc/nginx/ssl/srv.key # Where to store the issued certificate (in PEM format). # -#certificate = /etc/nginx/ssl/srv.pem +#certificate = /etc/nginx/ssl/srv.crt # Where to store the issued certificate along with its chain of trust # (in PEM format). # -#certificate-chain = /etc/nginx/ssl/srv.chain.pem - -# For an existing certificate, the minimum number of days before its -# expiration date the section is considered for re-issuance. -# -#min-days = 21 - -# Path to trusted issuer certificates, used for validating each issued -# certificate. Specifying an empty value skips certificate validation. -# -#CAfile = @@datadir@@/lacme/ca-certificates.crt +#certificate-chain = /etc/nginx/ssl/srv.chain.crt -# Subject field of the Certificate Signing Request. This option is +# Subject field of the Certificate Signing Request. This setting is # required. # #subject = /CN=example.org @@ -61,7 +66,7 @@ #[smtp] #certificate-key = /etc/postfix/ssl/srv.key -#certificate-chain = /etc/postfix/ssl/srv.pem +#certificate-chain = /etc/postfix/ssl/srv.crt #subject = /CN=smtp.example.org #notify = /bin/systemctl reload postfix |