blob: 3e7a577f45470839b905cb70de97cb7553cbbe34 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
# Each non-default section refer to separate certificate issuance
# requests. Options in the default section apply to each sections.
# Message digest to sign the Certificate Signing Request with,
# overriding the req(1ssl) default.
#
#hash =
# Comma-separated list of Key Usages, for instance "digitalSignature,
# keyEncipherment", to include in the Certificate Signing Request.
# See x509v3_config(5ssl) for a list of possible values.
#
#keyUsage =
# Path to the bundle of trusted issuer certificates. This is used for
# validating each certificate after issuance or renewal. Specifying an
# empty value skips certificate validation.
#
#CAfile = @@datadir@@/lacme/ca-certificates.crt
# For an existing certificate, the minimum number of days before its
# expiration date the section is considered for re-issuance.
#
#min-days = 21
#[www]
# Path the service's private key. This option is required.
#
#certificate-key = /etc/nginx/ssl/srv.key
# Where to store the issued certificate (in PEM format).
#
#certificate = /etc/nginx/ssl/srv.pem
# Where to store the issued certificate along with its chain of trust
# (in PEM format).
#
#certificate-chain = /etc/nginx/ssl/srv.chain.pem
# Subject field of the Certificate Signing Request. This option is
# required.
#
#subject = /CN=example.org
# Comma-separated list of Subject Alternative Names.
#
#subjectAltName = DNS:example.org,DNS:www.example.org
# username[:groupname] to chown the issued certificate and
# certificate-chain with.
#
#chown = root:root
# Octal mode to chmod the issued certificate and certificate-chain with.
#
#chmod = 0644
# Command to pass the the system's command shell ("/bin/sh -c") after
# successful installation of the certificate and/or certificate-chain.
#
#notify = /bin/systemctl reload nginx
#[smtp]
#certificate-key = /etc/postfix/ssl/srv.key
#certificate-chain = /etc/postfix/ssl/srv.pem
#subject = /CN=smtp.example.org
#notify = /bin/systemctl reload postfix
; vim:ft=dosini
|