aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/lacme-certs.conf32
1 files changed, 18 insertions, 14 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf
index 232c85b..3e7a577 100644
--- a/config/lacme-certs.conf
+++ b/config/lacme-certs.conf
@@ -1,13 +1,27 @@
# Each non-default section refer to separate certificate issuance
# requests. Options in the default section apply to each sections.
-# Message digest to sign the Certificate Signing Request with.
+# Message digest to sign the Certificate Signing Request with,
+# overriding the req(1ssl) default.
#
-#hash = sha512
+#hash =
-# Comma-separated list of Key Usages, see x509v3_config(5ssl).
+# Comma-separated list of Key Usages, for instance "digitalSignature,
+# keyEncipherment", to include in the Certificate Signing Request.
+# See x509v3_config(5ssl) for a list of possible values.
#
-#keyUsage = digitalSignature, keyEncipherment
+#keyUsage =
+
+# Path to the bundle of trusted issuer certificates. This is used for
+# validating each certificate after issuance or renewal. Specifying an
+# empty value skips certificate validation.
+#
+#CAfile = @@datadir@@/lacme/ca-certificates.crt
+
+# For an existing certificate, the minimum number of days before its
+# expiration date the section is considered for re-issuance.
+#
+#min-days = 21
#[www]
@@ -25,16 +39,6 @@
#
#certificate-chain = /etc/nginx/ssl/srv.chain.pem
-# For an existing certificate, the minimum number of days before its
-# expiration date the section is considered for re-issuance.
-#
-#min-days = 21
-
-# Path to trusted issuer certificates, used for validating each issued
-# certificate. Specifying an empty value skips certificate validation.
-#
-#CAfile = @@datadir@@/lacme/ca-certificates.crt
-
# Subject field of the Certificate Signing Request. This option is
# required.
#