blob: f963128ee2ca78ca72ae55117401d25684b3e47c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
# For certificate issuance (new-cert command), specify a space-separated
# certificate configuration files or directories to use
#
#config-certs = lacme-certs.conf lacme-certs.d/
[client]
# The value of "socket" specifies the path to the lacme-accountd(1)
# UNIX-domain socket to connect to for signature requests from the ACME
# client. lacme(1) aborts if the socket is readable or writable by
# other users, or if its parent directory is writable by other users.
# Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment
# variable is set.
# This option is ignored when lacme-accountd(1) is spawned by lacme(1),
# since the two processes communicate through a socket pair. See the
# "accountd" section below for details.
#
#socket = /run/user/1000/S.lacme
# username to drop privileges to (setting both effective and real uid).
# Preserve root privileges if the value is empty (not recommended).
# Default: "nobody".
#
#user = lacme
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Preserve root privileges if the value is empty (not recommended).
# Default: "nogroup".
#
#group = nogroup
# Path to the ACME client executable.
#
#command = /usr/lib/lacme/client
# Root URI of the ACME server. NOTE: Use the staging server for testing
# as it has relaxed rate-limiting.
#
#server = https://acme-v01.api.letsencrypt.org/
#server = https://acme-staging.api.letsencrypt.org/
# Timeout in seconds after which the client stops polling the ACME
# server and considers the request failed.
#
#timeout = 10
# Whether to verify the server certificate chain.
#
#SSL_verify = yes
# Specify the version of the SSL protocol used to transmit data.
#
#SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2
# Specify the cipher list for the connection.
#
#SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
[webserver]
# Specify the local address to listen on, in the form ADDRESS[:PORT].
#
#listen = 0.0.0.0:80
#listen = [::]:80
# If a webserver is already running, specify a non-existent directory
# under which the webserver is configured to serve GET requests for
# challenge files under "/.well-known/acme-challenge/" (for each virtual
# hosts requiring authorization) as static files.
#
#challenge-directory = /var/www/acme-challenge
# username to drop privileges to (setting both effective and real uid).
# Preserve root privileges if the value is empty (not recommended).
#
#user = www-data
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Preserve root privileges if the value is empty (not recommended).
#
#group = www-data
# Path to the ACME webserver executable.
#command = /usr/lib/lacme/webserver
# Whether to automatically install iptables(8) rules to open the
# ADDRESS[:PORT] specified with listen. Theses rules are automatically
# removed once lacme(1) exits.
#
#iptables = Yes
[accountd]
# lacme-accound(1) section. Comment out this section (including its
# header) to make lacme(1) connect to an existing UNIX-domain socket
# bound by a running acme-accountd(1) process.
# username to drop privileges to (setting both effective and real uid).
# Preserve root privileges if the value is empty.
#
#user = root
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Preserve root privileges if the value is empty.
#
#group = root
# Path to the lacme-accountd(1) executable.
#
#command = /usr/bin/lacme-accountd
# Path to the lacme-accountd(1) configuration file.
#
#config = /etc/lacme/lacme-accountd.conf
# The (private) account key to use for signing requests. See
# lacme-accountd(1) for details.
#
#privkey = file:/path/to/account.key
# Be quiet.
#
#quiet = Yes
; vim:ft=dosini
|