blob: 236d2039c0c7c1f6967ac6245e5f051827720afc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# For certificate issuance (newOrder command), specify a space-separated
# certificate configuration files or directories to use
#
#config-certs = lacme-certs.conf lacme-certs.conf.d/
[client]
# The value of "socket" specifies the path to the lacme-accountd(1)
# UNIX-domain socket to connect to for signature requests from the ACME
# client. lacme(8) aborts if the socket is readable or writable by
# other users, or if its parent directory is writable by other users.
# Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment
# variable is set.
# This option is ignored when lacme-accountd(1) is spawned by lacme(8),
# since the two processes communicate through a socket pair. See the
# "accountd" section below for details.
#
#socket =
# username to drop privileges to (setting both effective and real uid).
# Preserve root privileges if the value is empty (not recommended).
#
#user = nobody
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Preserve root privileges if the value is empty (not recommended).
#
#group = nogroup
# Path to the ACME client executable.
#
#command = /usr/libexec/lacme/client
# URI of the ACME server's directory. NOTE: Use the staging server
# <https://acme-staging-v02.api.letsencrypt.org/directory> for testing
# as it has relaxed rate-limiting.
#
#server = https://acme-v02.api.letsencrypt.org/directory
# Timeout in seconds after which the client stops polling the ACME
# server and considers the request failed.
#
#timeout = 10
# Whether to verify the server certificate chain.
#
#SSL_verify = yes
# Specify the version of the SSL protocol used to transmit data.
#
#SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2
# Specify the cipher list for the connection.
#
#SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
[webserver]
# Comma- or space-separated list of addresses to listen on, for instance
# "0.0.0.0:80 [::]:80".
#
#listen = /run/lacme-www.socket
# Non-existent directory under which an external HTTP daemon is
# configured to serve GET requests for challenge files under
# "/.well-known/acme-challenge/" (for each virtual host requiring
# authorization) as static files.
#
#challenge-directory =
# username to drop privileges to (setting both effective and real uid).
# Preserve root privileges if the value is empty (not recommended).
#
#user = www-data
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Preserve root privileges if the value is empty (not recommended).
#
#group = www-data
# Path to the ACME webserver executable.
#
#command = /usr/libexec/lacme/webserver
# Whether to automatically install iptables(8) rules to open the
# ADDRESS[:PORT] specified with listen. Theses rules are automatically
# removed once lacme(8) exits.
#
#iptables = No
[accountd]
# lacme-accound(1) section. Comment out this section (including its
# header) to make lacme(8) connect to an existing UNIX-domain socket
# bound by a running acme-accountd(1) process.
# username to drop privileges to (setting both effective and real uid).
# Preserve root privileges if the value is empty.
#
#user =
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Preserve root privileges if the value is empty.
#
#group =
# Path to the lacme-accountd(1) executable.
#
#command = /usr/bin/lacme-accountd
# Path to the lacme-accountd(1) configuration file.
#
#config = /etc/lacme/lacme-accountd.conf
# The (private) account key to use for signing requests. See
# lacme-accountd(1) for details.
#
#privkey = file:/path/to/account.key
# Be quiet.
#
#quiet = Yes
; vim:ft=dosini
|