From dd1da2ac44a7eab89e9a17135367aa0915efad0b Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 30 Nov 2016 22:07:09 +0100 Subject: typo --- config/lacme-accountd.conf | 4 ++-- config/lacme-certs.conf | 2 +- config/lacme.conf | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'config') diff --git a/config/lacme-accountd.conf b/config/lacme-accountd.conf index 0a8b81a..443b4f1 100644 --- a/config/lacme-accountd.conf +++ b/config/lacme-accountd.conf @@ -11,11 +11,11 @@ # gpg(1) to use, as well as some default options. Default: "gpg # --quiet". # -#gpg = gpg2 --quiet --no-auto-check-trustdb +#gpg = gpg --quiet --no-auto-check-trustdb # The value of "socket" specifies the UNIX-domain socket to bind against # for signature requests from the ACME client. An error is raised if -# the path exists exists or if its parent directory is writable by other +# the path exists or if its parent directory is writable by other # users. # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR # environment variable is set. diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf index fbce5e2..9b9df2f 100644 --- a/config/lacme-certs.conf +++ b/config/lacme-certs.conf @@ -32,7 +32,7 @@ # required. #subject = /CN=example.org -# Comma-separated list of Subject Alternative Names. +# Comma-separated list of Subject Alternative Names. #subjectAltName = DNS:example.org,DNS:www.example.org # username[:groupname] to chown the issued certificate and diff --git a/config/lacme.conf b/config/lacme.conf index c5c643d..d64276c 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -1,7 +1,7 @@ # For certificate issuance (new-cert command), specify the certificate # configuration file to use # -#config-certs = config/lacme-certs.conf +#config-certs = /etc/lacme/lacme-certs.conf [client] # The value of "socket" specifies the lacme-accountd(1) UNIX-domain @@ -29,7 +29,7 @@ #command = /usr/lib/lacme/client # Root URI of the ACME server. NOTE: Use the staging server for testing -# as it has relaxed ratelimit. +# as it has relaxed rate-limiting. # #server = https://acme-v01.api.letsencrypt.org/ #server = https://acme-staging.api.letsencrypt.org/ @@ -72,7 +72,7 @@ # and also setting the list of supplementary gids to that single group). # Preserve root privileges if the value is empty (not recommended). # -#user = www-data +#group = www-data # Path to the ACME webserver executable. #command = /usr/lib/lacme/webserver -- cgit v1.2.3 From 27788fd4a399642eddbdb1934ccaa13f7fd00124 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 1 Dec 2016 00:16:18 +0100 Subject: Make lacme able to spawn lacme-accountd. --- config/lacme.conf | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) (limited to 'config') diff --git a/config/lacme.conf b/config/lacme.conf index d64276c..23313c7 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -4,12 +4,15 @@ #config-certs = /etc/lacme/lacme-certs.conf [client] -# The value of "socket" specifies the lacme-accountd(1) UNIX-domain -# socket to connect to for signature requests from the ACME client. -# lacme(1) aborts if the socket is readable or writable by other users, -# or if its parent directory is writable by other users. +# The value of "socket" specifies the path to the lacme-accountd(1) +# UNIX-domain socket to connect to for signature requests from the ACME +# client. lacme(1) aborts if the socket is readable or writable by +# other users, or if its parent directory is writable by other users. # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment # variable is set. +# This option is ignored when lacme-accountd(1) is spawned by lacme(1), +# since the two processes communicate through a socket pair. See the +# "accountd" section below for details. # #socket = /run/user/1000/S.lacme @@ -83,4 +86,34 @@ # #iptables = Yes + +# lacme-accound(1) section. Comment out the following section to make +# lacme(1) connect to an existing UNIX-domain socket bound by a running +# acme-accountd(1). +[accountd] + +# username to drop privileges to (setting both effective and real uid). +# Preserve root privileges if the value is empty. +# +#user = root + +# groupname to drop privileges to (setting both effective and real gid, +# and also setting the list of supplementary gids to that single group). +# Preserve root privileges if the value is empty. +# +#group = root + +# Path to the lacme-accountd(1) executable. +#command = /usr/bin/lacme-accountd + +# Path to the lacme-accountd(1) configuration file. +#config = /etc/lacme/lacme-accountd.conf + +# The (private) account key to use for signing requests. See +# lacme-accountd(1) for details. +#privkey = file:/path/to/account.key + +# Be quiet. +#quiet = Yes + ; vim:ft=dosini -- cgit v1.2.3 From 458acba80be362c9f59e976a62b9749a7809c4aa Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 1 Dec 2016 00:19:11 +0100 Subject: wibble --- config/lacme.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/lacme.conf b/config/lacme.conf index 23313c7..39cfd36 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -89,7 +89,7 @@ # lacme-accound(1) section. Comment out the following section to make # lacme(1) connect to an existing UNIX-domain socket bound by a running -# acme-accountd(1). +# acme-accountd(1) process. [accountd] # username to drop privileges to (setting both effective and real uid). -- cgit v1.2.3 From aa514ea28e997765a40f5efdebbf24e9a6e83cef Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 1 Dec 2016 00:23:01 +0100 Subject: s/priv.key/account.key/ --- config/lacme-accountd.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/lacme-accountd.conf b/config/lacme-accountd.conf index 443b4f1..94d2556 100644 --- a/config/lacme-accountd.conf +++ b/config/lacme-accountd.conf @@ -4,8 +4,8 @@ # - file:FILE, to specify an encrypted private key (in PEM format) # - gpg:FILE, to specify a gpg-encrypted private key (in PEM format) # -#privkey = gpg:/path/to/encrypted/priv.key.gpg -#privkey = file:/path/to/priv.key +#privkey = gpg:/path/to/encrypted/account.key.gpg +#privkey = file:/path/to/account.key # For a gpg-encrypted private account key, "gpg" specifies the binary # gpg(1) to use, as well as some default options. Default: "gpg -- cgit v1.2.3