aboutsummaryrefslogtreecommitdiffstats
path: root/config/lacme.conf
Commit message (Collapse)AuthorAgeFiles
* Add %-specifiers support.Guilhem Moulin2021-02-201
| | | | | | | | | | | | | | | | lacme(8): for --config=, --socket=, --config-certs= (and ‘socket’/ ‘config-certs’/‘challenge-directory’ configuration options *before* privilege drop; and for the [accountd] section ‘command’/‘config’ configuration options *after* privilege drop). lacme-accountd(1): for --config=, --socket= and --privkey= (and ‘socket’/‘privkey’ configuration options). This also changes the default configuration file location. lacme(8) and lacme-accountd(1) now respectively use /etc/lacme/lacme.conf resp. /etc/lacme/lacme-accountd.conf when running as root, and $XDG_CONFIG_HOME/lacme/lacme.conf resp. $XDG_CONFIG_HOME/lacme/lacme-accountd.conf when running as a normal user. There is no fallback to /etc anymore.
* Wording: s/option/setting/.Guilhem Moulin2021-02-201
|
* Deprecate setting 'privkey' in [accountd] section of the lacme(8) ↵Guilhem Moulin2021-02-201
| | | | | | | configuration file. One need to use the lacme-accountd(1) configuration file for that instead.
* lacme(8)'s 'config' option in the [accountd] section no longer have a ↵Guilhem Moulin2021-02-201
| | | | | | | | default value. The previous default, namely /etc/lacme/lacme-accountd.conf, is still honored when there is the user running lacme doesn't have a ~/.config/lacme/lacme-account.conf configuration file.
* Split client/webserver/accountd commands on whitespace.Guilhem Moulin2021-02-181
| | | | This doesn't change the default behavior.
* challenge-directory now needs to be set to an *existing* directory.Guilhem Moulin2021-02-141
| | | | | | | Since lacme(8) spawns a builtin webserver by default the change doesn't affect default configurations. See https://bugs.debian.org/970800 for the rationale.
* lacme: allow direct use challenge-directory .well-known/acme-challengeBenjamin Tietz2021-02-141
|
* Raise client timeout from 10 to 30s.Guilhem Moulin2021-02-121
|
* Make unprivileged user/group for the internal client resp. webserver ↵Guilhem Moulin2020-12-091
| | | | configurable.
* Ignore [accountd] section from lacme.conf when the --socket option is defined.Guilhem Moulin2020-08-041
| | | | | This allows remotely-controlled lacme processes being controlled without modifying an config files. See https://bugs.debian.org/955767 .
* Makefile: Use variables for target directories etc.Guilhem Moulin2020-08-041
|
* Change default libexec dir from /usr/lib/lacme to /usr/libexec/lacme.Guilhem Moulin2020-08-031
|
* Install lacme manpage to section 8.Guilhem Moulin2020-08-031
| | | | As it's a system command, see hier(7) for details.
* Use /run for the listening socket of the webserver component.Guilhem Moulin2019-08-221
|
* Use ACME v2 endpointsGuilhem Moulin2018-04-271
| | | | https://tools.ietf.org/html/draft-ietf-acme-acme-12
* Bind webserver to /var/run/lacme-www.socket by default.Guilhem Moulin2017-07-081
|
* webserver: allow listening to multiple addresses.Guilhem Moulin2017-06-281
| | | | | | | | | | (Useful when dual-stack IPv4/IPv6 is not supported.) Also, change the default to listen to a UNIX-domain socket </var/run/lacme.socket>. Moreover temporary iptables rules are no longer installed. Hosts without a public HTTP daemon listening on port 80 need to set the 'listen' option to [::] and/or 0.0.0.0, and possibly set the 'iptables' option to Yes.
* s/lacme-certs.d/lacme-certs.conf.d/upstream/0.2Guilhem Moulin2016-12-051
|
* "config-certs" now points to a list of files or directories.Guilhem Moulin2016-12-051
|
* Improve formatting of config files.Guilhem Moulin2016-12-011
|
* lacme.conf: mention the default groupname for the ACME client.Guilhem Moulin2016-12-011
|
* wibbleGuilhem Moulin2016-12-011
|
* Make lacme able to spawn lacme-accountd.Guilhem Moulin2016-12-011
|
* typoGuilhem Moulin2016-11-301
|
* typoGuilhem Moulin2016-06-141
|
* Rename ‘letsencrypt-tiny’ to ‘lacme’.Guilhem Moulin2016-06-131