# For certificate issuance (newOrder command), specify a space-separated # certificate configuration files or directories to use # #config-certs = lacme-certs.conf lacme-certs.conf.d/ [client] # The value of "socket" specifies the path to the lacme-accountd(1) # UNIX-domain socket to connect to for signature requests from the ACME # client. lacme(8) aborts if the socket is readable or writable by # other users, or if its parent directory is writable by other users. # This setting is ignored when lacme-accountd(1) is spawned by lacme(8), # since the two processes communicate through a socket pair. See the # "accountd" section below for details. # #socket = %t/S.lacme # username to drop privileges to (setting both effective and real uid). # Skip privilege drop if the value is empty (not recommended). # #user = @@lacme_client_user@@ # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). # Skip privilege drop if the value is empty (not recommended). # #group = @@lacme_client_group@@ # ACME client command. # #command = @@libexecdir@@/lacme/client # URI of the ACME server's directory. NOTE: Use the staging server # for testing # as it has relaxed rate-limiting. # #server = @@acmeapi_server@@ # Timeout in seconds after which the client stops polling the ACME # server and considers the request failed. # #timeout = 30 # Whether to verify the server certificate chain. # #SSL_verify = yes # Specify the version of the SSL protocol used to transmit data. # #SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2 # Specify the cipher list for the connection. # #SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL [webserver] # Comma- or space-separated list of addresses to listen on, for instance # "0.0.0.0:80 [::]:80". # #listen = @@runstatedir@@/lacme-www.socket # Directory under which an external HTTP daemon is configured to serve # GET requests for challenge files under "/.well-known/acme-challenge/" # (for each virtual host requiring authorization) as static files. # NOTE: the directory must exist and be writable by the lacme client # user. # #challenge-directory = # username to drop privileges to (setting both effective and real uid). # Skip privilege drop if the value is empty (not recommended). # #user = @@lacme_www_user@@ # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). # Skip privilege drop if the value is empty (not recommended). # #group = @@lacme_www_group@@ # ACME webserver command. # #command = @@libexecdir@@/lacme/webserver # Whether to automatically install iptables(8) rules to open the # ADDRESS[:PORT] specified with listen. Theses rules are automatically # removed once lacme(8) exits. # #iptables = No [accountd] # lacme-accound(1) section. Comment out this section (including its # header), or use the --socket= CLI option, to make lacme(8) connect to # an existing lacme-accountd(1) process via a UNIX-domain socket. # username to drop privileges to (setting both effective and real uid). # Skip privilege drop if the value is empty. # #user = # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). # Skip privilege drop if the value is empty. # #group = # lacme-accountd(1) command. # #command = @@bindir@@/lacme-accountd # Path to the lacme-accountd(1) configuration file. # #config = # Be quiet. # #quiet = Yes ; vim:ft=dosini