From 08d9f95505bb11c3d1b6a8c649362ede7dab4138 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 13 Jun 2016 23:14:00 +0200 Subject: =?UTF-8?q?Rename=20=E2=80=98letsencrypt-tiny=E2=80=99=20to=20?= =?UTF-8?q?=E2=80=98lacme=E2=80=99.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/lacme-accountd.conf | 29 ++++++++++++++ config/lacme-certs.conf | 56 ++++++++++++++++++++++++++ config/lacme.conf | 86 ++++++++++++++++++++++++++++++++++++++++ config/letsencrypt-accountd.conf | 29 -------------- config/letsencrypt-certs.conf | 56 -------------------------- config/letsencrypt.conf | 86 ---------------------------------------- 6 files changed, 171 insertions(+), 171 deletions(-) create mode 100644 config/lacme-accountd.conf create mode 100644 config/lacme-certs.conf create mode 100644 config/lacme.conf delete mode 100644 config/letsencrypt-accountd.conf delete mode 100644 config/letsencrypt-certs.conf delete mode 100644 config/letsencrypt.conf (limited to 'config') diff --git a/config/lacme-accountd.conf b/config/lacme-accountd.conf new file mode 100644 index 0000000..0a8b81a --- /dev/null +++ b/config/lacme-accountd.conf @@ -0,0 +1,29 @@ +# The value of "privkey" specifies the (private) account key to use +# for signing requests. Currently supported values are: +# +# - file:FILE, to specify an encrypted private key (in PEM format) +# - gpg:FILE, to specify a gpg-encrypted private key (in PEM format) +# +#privkey = gpg:/path/to/encrypted/priv.key.gpg +#privkey = file:/path/to/priv.key + +# For a gpg-encrypted private account key, "gpg" specifies the binary +# gpg(1) to use, as well as some default options. Default: "gpg +# --quiet". +# +#gpg = gpg2 --quiet --no-auto-check-trustdb + +# The value of "socket" specifies the UNIX-domain socket to bind against +# for signature requests from the ACME client. An error is raised if +# the path exists exists or if its parent directory is writable by other +# users. +# Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR +# environment variable is set. +# +#socket = /run/user/1000/S.lacme + +# Be quiet. Possible values: "Yes"/"No". +# +#quiet = Yes + +; vim:ft=dosini diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf new file mode 100644 index 0000000..fbce5e2 --- /dev/null +++ b/config/lacme-certs.conf @@ -0,0 +1,56 @@ +# Each non-default section denotes a separate certificate issuance. +# Options in the default section apply to each sections. + +# Message digest to sign the Certificate Signing Request with. +#hash = sha512 + +# Comma-separated list of Key Usages, see x509v3_config(5ssl). +#keyUsage = digitalSignature, keyEncipherment + +#[www] + +# Where to store the issued certificate (in PEM format). +#certificate = /etc/nginx/ssl/srv.pem + +# Where to store the issued certificate, concatenated with the content +# of the file specified specified with the CAfile option (in PEM format). +#certificate-chain = /etc/nginx/ssl/srv.chain.pem + +# Path the service's private key. This option is required. +#certificate-key = /etc/nginx/ssl/srv.key + +# For an existing certificate, the minimum number of days before its +# expiration date the section is considered for re-issuance. +#min-days = 10 + +# Path to the issuer's certificate. This is used for certificate-chain +# and to verify the validity of each issued certificate. Specifying an +# empty value skip certificate validation. +#CAfile = /usr/share/lacme/lets-encrypt-x3-cross-signed.pem + +# Subject field of the Certificate Signing Request. This option is +# required. +#subject = /CN=example.org + +# Comma-separated list of Subject Alternative Names. +#subjectAltName = DNS:example.org,DNS:www.example.org + +# username[:groupname] to chown the issued certificate and +# certificate-chain with. +#chown = root:root + +# octal mode to chmod the issued certificate and certificate-chain with. +#chmod = 0644 + +# Command to pass the the system's command shell ("/bin/sh -c") after +# successful installation of the certificate and/or certificate-chain. +#notify = /bin/systemctl reload nginx + + +#[smtp] +#certificate-key = /etc/postfix/ssl/srv.key +#certificate-chain = /etc/postfix/ssl/srv.pem +#subject = /CN=smtp.example.org +#notify = /bin/systemctl reload postfix + +; vim:ft=dosini diff --git a/config/lacme.conf b/config/lacme.conf new file mode 100644 index 0000000..edcbbb0 --- /dev/null +++ b/config/lacme.conf @@ -0,0 +1,86 @@ +# For certificate issuance (new-cert command), specify the certificate +# configuration file to use +# +#config-certs = config/lacme-certs.conf + +[client] +# The value of "socket" specifies the lacme-accountd(1) UNIX-domain +# socket to connect to for signature requests from the ACME client. +# lacme aborts if the socket is readable or writable by other users, or +# if its parent directory is writable by other users. +# Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment +# variable is set. +# +#socket = /run/user/1000/S.lacme + +# username to drop privileges to (setting both effective and real uid). +# Preserve root privileges if the value is empty (not recommended). +# Default: "nobody". +# +#user = lacme + +# groupname to drop privileges to (setting both effective and real gid, +# and also setting the list of supplementary gids to that single group). +# Preserve root privileges if the value is empty (not recommended). +# +#group = nogroup + +# Path to the ACME client executable. +#command = /usr/lib/lacme/client + +# Root URI of the ACME server. NOTE: Use the staging server for testing +# as it has relaxed ratelimit. +# +#server = https://acme-v01.api.letsencrypt.org/ +#server = https://acme-staging.api.letsencrypt.org/ + +# Timeout in seconds after which the client stops polling the ACME +# server and considers the request failed. +# +#timeout = 10 + +# Whether to verify the server certificate chain. +#SSL_verify = yes + +# Specify the version of the SSL protocol used to transmit data. +#SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2 + +# Specify the cipher list for the connection. +#SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL + + +[webserver] + +# Specify the local address to listen on, in the form ADDRESS[:PORT]. +# +#listen = 0.0.0.0:80 +#listen = [::]:80 + +# If a webserver is already running, specify a non-existent directory +# under which the webserver is configured to serve GET requests for +# challenge files under "/.well-known/acme-challenge/" (for each virtual +# hosts requiring authorization) as static files. +# +#challenge-directory = /var/www/acme-challenge + +# username to drop privileges to (setting both effective and real uid). +# Preserve root privileges if the value is empty (not recommended). +# +#user = www-data + +# groupname to drop privileges to (setting both effective and real gid, +# and also setting the list of supplementary gids to that single group). +# Preserve root privileges if the value is empty (not recommended). +# +#user = www-data + +# Path to the ACME webserver executable. +#command = /usr/lib/lacme/webserver + +# Whether to automatically install iptables(1) rules to open the +# ADDRESS[:PORT] specified with listen. Theses rules are automatically +# removed once lacme(1) exits. +# +#iptables = Yes + +; vim:ft=dosini diff --git a/config/letsencrypt-accountd.conf b/config/letsencrypt-accountd.conf deleted file mode 100644 index c372190..0000000 --- a/config/letsencrypt-accountd.conf +++ /dev/null @@ -1,29 +0,0 @@ -# The value of "privkey" specifies the (private) account key to use -# for signing requests. Currently supported values are: -# -# - file:FILE, to specify an encrypted private key (in PEM format) -# - gpg:FILE, to specify a gpg-encrypted private key (in PEM format) -# -#privkey = gpg:/path/to/encrypted/priv.key.gpg -#privkey = file:/path/to/priv.key - -# For a gpg-encrypted private account key, "gpg" specifies the binary -# gpg(1) to use, as well as some default options. Default: "gpg -# --quiet". -# -#gpg = gpg2 --quiet --no-auto-check-trustdb - -# The value of "socket" specifies the UNIX-domain socket to bind against -# for signature requests from the ACME client. An error is raised if -# the path exists exists or if its parent directory is writable by other -# users. -# Default: "$XDG_RUNTIME_DIR/S.letsencrypt" if the XDG_RUNTIME_DIR -# environment variable is set. -# -#socket = /run/user/1000/S.letsencrypt - -# Be quiet. Possible values: "Yes"/"No". -# -#quiet = Yes - -; vim:ft=dosini diff --git a/config/letsencrypt-certs.conf b/config/letsencrypt-certs.conf deleted file mode 100644 index 2ee9b20..0000000 --- a/config/letsencrypt-certs.conf +++ /dev/null @@ -1,56 +0,0 @@ -# Each non-default section denotes a separate certificate issuance. -# Options in the default section apply to each sections. - -# Message digest to sign the Certificate Signing Request with. -#hash = sha512 - -# Comma-separated list of Key Usages, see x509v3_config(5ssl). -#keyUsage = digitalSignature, keyEncipherment - -#[www] - -# Where to store the issued certificate (in PEM format). -#certificate = /etc/nginx/ssl/srv.pem - -# Where to store the issued certificate, concatenated with the content -# of the file specified specified with the CAfile option (in PEM format). -#certificate-chain = /etc/nginx/ssl/srv.chain.pem - -# Path the service's private key. This option is required. -#certificate-key = /etc/nginx/ssl/srv.key - -# For an existing certificate, the minimum number of days before its -# expiration date the section is considered for re-issuance. -#min-days = 10 - -# Path to the issuer's certificate. This is used for certificate-chain -# and to verify the validity of each issued certificate. Specifying an -# empty value skip certificate validation. -#CAfile = /usr/share/letsencrypt-tiny/lets-encrypt-x3-cross-signed.pem - -# Subject field of the Certificate Signing Request. This option is -# required. -#subject = /CN=example.org - -# Comma-separated list of Subject Alternative Names. -#subjectAltName = DNS:example.org,DNS:www.example.org - -# username[:groupname] to chown the issued certificate and -# certificate-chain with. -#chown = root:root - -# octal mode to chmod the issued certificate and certificate-chain with. -#chmod = 0644 - -# Command to pass the the system's command shell ("/bin/sh -c") after -# successful installation of the certificate and/or certificate-chain. -#notify = /bin/systemctl reload nginx - - -#[smtp] -#certificate-key = /etc/postfix/ssl/srv.key -#certificate-chain = /etc/postfix/ssl/srv.pem -#subject = /CN=smtp.example.org -#notify = /bin/systemctl reload postfix - -; vim:ft=dosini diff --git a/config/letsencrypt.conf b/config/letsencrypt.conf deleted file mode 100644 index 1502020..0000000 --- a/config/letsencrypt.conf +++ /dev/null @@ -1,86 +0,0 @@ -# For certificate issuance (new-cert command), specify the certificate -# configuration file to use -# -#config-certs = config/letsencrypt-certs.conf - -[client] -# The value of "socket" specifies the letsencrypt-accountd(1) -# UNIX-domain socket to connect to for signature requests from the ACME -# client. letsencrypt aborts if the socket is readable or writable by -# other users, or if its parent directory is writable by other users. -# Default: "$XDG_RUNTIME_DIR/S.letsencrypt" if the XDG_RUNTIME_DIR -# environment variable is set. -# -#socket = /run/user/1000/S.letsencrypt - -# username to drop privileges to (setting both effective and real uid). -# Preserve root privileges if the value is empty (not recommended). -# Default: "nobody". -# -#user = letsencrypt - -# groupname to drop privileges to (setting both effective and real gid, -# and also setting the list of supplementary gids to that single group). -# Preserve root privileges if the value is empty (not recommended). -# -#group = nogroup - -# Path to the ACME client executable. -#command = /usr/lib/letsencrypt-tiny/client - -# Root URI of the ACME server. NOTE: Use the staging server for testing -# as it has relaxed ratelimit. -# -#server = https://acme-v01.api.letsencrypt.org/ -#server = https://acme-staging.api.letsencrypt.org/ - -# Timeout in seconds after which the client stops polling the ACME -# server and considers the request failed. -# -#timeout = 10 - -# Whether to verify the server certificate chain. -#SSL_verify = yes - -# Specify the version of the SSL protocol used to transmit data. -#SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2 - -# Specify the cipher list for the connection. -#SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL - - -[webserver] - -# Specify the local address to listen on, in the form ADDRESS[:PORT]. -# -#listen = 0.0.0.0:80 -#listen = [::]:80 - -# If a webserver is already running, specify a non-existent directory -# under which the webserver is configured to serve GET requests for -# challenge files under "/.well-known/acme-challenge/" (for each virtual -# hosts requiring authorization) as static files. -# -#challenge-directory = /var/www/acme-challenge - -# username to drop privileges to (setting both effective and real uid). -# Preserve root privileges if the value is empty (not recommended). -# -#user = www-data - -# groupname to drop privileges to (setting both effective and real gid, -# and also setting the list of supplementary gids to that single group). -# Preserve root privileges if the value is empty (not recommended). -# -#user = www-data - -# Path to the ACME webserver executable. -#command = /usr/lib/letsencrypt-tiny/webserver - -# Whether to automatically install iptables(1) rules to open the -# ADDRESS[:PORT] specified with listen. Theses rules are automatically -# removed once letsencrypt exits. -# -#iptables = Yes - -; vim:ft=dosini -- cgit v1.2.3