diff options
Diffstat (limited to 'config/lacme.conf')
| -rw-r--r-- | config/lacme.conf | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/config/lacme.conf b/config/lacme.conf index 39cfd36..c5efb03 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -1,9 +1,11 @@ -# For certificate issuance (new-cert command), specify the certificate -# configuration file to use +# For certificate issuance (new-cert command), specify a space-separated +# certificate configuration files or directories to use # -#config-certs = /etc/lacme/lacme-certs.conf +#config-certs = lacme-certs.conf lacme-certs.conf.d/ + [client] + # The value of "socket" specifies the path to the lacme-accountd(1) # UNIX-domain socket to connect to for signature requests from the ACME # client. lacme(1) aborts if the socket is readable or writable by @@ -25,10 +27,12 @@ # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). # Preserve root privileges if the value is empty (not recommended). +# Default: "nogroup". # #group = nogroup # Path to the ACME client executable. +# #command = /usr/lib/lacme/client # Root URI of the ACME server. NOTE: Use the staging server for testing @@ -43,12 +47,15 @@ #timeout = 10 # Whether to verify the server certificate chain. +# #SSL_verify = yes # Specify the version of the SSL protocol used to transmit data. +# #SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2 # Specify the cipher list for the connection. +# #SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL @@ -78,6 +85,7 @@ #group = www-data # Path to the ACME webserver executable. +# #command = /usr/lib/lacme/webserver # Whether to automatically install iptables(8) rules to open the @@ -87,10 +95,10 @@ #iptables = Yes -# lacme-accound(1) section. Comment out the following section to make -# lacme(1) connect to an existing UNIX-domain socket bound by a running -# acme-accountd(1) process. [accountd] +# lacme-accound(1) section. Comment out this section (including its +# header) to make lacme(1) connect to an existing UNIX-domain socket +# bound by a running acme-accountd(1) process. # username to drop privileges to (setting both effective and real uid). # Preserve root privileges if the value is empty. @@ -104,16 +112,20 @@ #group = root # Path to the lacme-accountd(1) executable. +# #command = /usr/bin/lacme-accountd # Path to the lacme-accountd(1) configuration file. +# #config = /etc/lacme/lacme-accountd.conf # The (private) account key to use for signing requests. See # lacme-accountd(1) for details. +# #privkey = file:/path/to/account.key # Be quiet. +# #quiet = Yes ; vim:ft=dosini |