diff options
Diffstat (limited to 'config/lacme-certs.conf')
| -rw-r--r-- | config/lacme-certs.conf | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf index 45c46a8..12fcd54 100644 --- a/config/lacme-certs.conf +++ b/config/lacme-certs.conf @@ -1,50 +1,62 @@ -# Each non-default section denotes a separate certificate issuance. -# Options in the default section apply to each sections. +# Each non-default section refer to separate certificate issuance +# requests. Options in the default section apply to each sections. # Message digest to sign the Certificate Signing Request with. +# #hash = sha512 # Comma-separated list of Key Usages, see x509v3_config(5ssl). +# #keyUsage = digitalSignature, keyEncipherment #[www] # Path the service's private key. This option is required. +# #certificate-key = /etc/nginx/ssl/srv.key # Where to store the issued certificate (in PEM format). +# #certificate = /etc/nginx/ssl/srv.pem # Where to store the issued certificate, concatenated with the content # of the file specified specified with the CAfile option (in PEM format). +# #certificate-chain = /etc/nginx/ssl/srv.chain.pem # For an existing certificate, the minimum number of days before its # expiration date the section is considered for re-issuance. +# #min-days = 10 # Path to the issuer's certificate. This is used for certificate-chain # and to verify the validity of each issued certificate. Specifying an # empty value skip certificate validation. +# #CAfile = /usr/share/lacme/lets-encrypt-x3-cross-signed.pem # Subject field of the Certificate Signing Request. This option is # required. +# #subject = /CN=example.org # Comma-separated list of Subject Alternative Names. +# #subjectAltName = DNS:example.org,DNS:www.example.org # username[:groupname] to chown the issued certificate and # certificate-chain with. +# #chown = root:root # Octal mode to chmod the issued certificate and certificate-chain with. +# #chmod = 0644 # Command to pass the the system's command shell ("/bin/sh -c") after # successful installation of the certificate and/or certificate-chain. +# #notify = /bin/systemctl reload nginx |