blob: 3faed2b914ce0d8bbebb59f8e90a41337540a4b6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
# For certificate issuance (newOrder command), specify a space-separated
# certificate configuration files or directories to use
#
#config-certs = lacme-certs.conf lacme-certs.conf.d/
[client]
# The value of "socket" specifies the path to the lacme-accountd(1)
# UNIX-domain socket to connect to for signature requests from the ACME
# client. lacme(8) aborts if the socket is readable or writable by
# other users, or if its parent directory is writable by other users.
# Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment
# variable is set.
# This option is ignored when lacme-accountd(1) is spawned by lacme(8),
# since the two processes communicate through a socket pair. See the
# "accountd" section below for details.
#
#socket =
# username to drop privileges to (setting both effective and real uid).
# Skip privilege drop if the value is empty (not recommended).
#
#user = @@lacme_client_user@@
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Skip privilege drop if the value is empty (not recommended).
#
#group = @@lacme_client_group@@
# ACME client command.
#
#command = @@libexecdir@@/lacme/client
# URI of the ACME server's directory. NOTE: Use the staging server
# <https://acme-staging-v02.api.letsencrypt.org/directory> for testing
# as it has relaxed rate-limiting.
#
#server = https://acme-v02.api.letsencrypt.org/directory
# Timeout in seconds after which the client stops polling the ACME
# server and considers the request failed.
#
#timeout = 30
# Whether to verify the server certificate chain.
#
#SSL_verify = yes
# Specify the version of the SSL protocol used to transmit data.
#
#SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2
# Specify the cipher list for the connection.
#
#SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
[webserver]
# Comma- or space-separated list of addresses to listen on, for instance
# "0.0.0.0:80 [::]:80".
#
#listen = @@runstatedir@@/lacme-www.socket
# Directory under which an external HTTP daemon is configured to serve
# GET requests for challenge files under "/.well-known/acme-challenge/"
# (for each virtual host requiring authorization) as static files.
# NOTE: the directory must exist and be writable by the lacme client
# user.
#
#challenge-directory =
# username to drop privileges to (setting both effective and real uid).
# Skip privilege drop if the value is empty (not recommended).
#
#user = @@lacme_www_user@@
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Skip privilege drop if the value is empty (not recommended).
#
#group = @@lacme_www_group@@
# ACME webserver command.
#
#command = @@libexecdir@@/lacme/webserver
# Whether to automatically install iptables(8) rules to open the
# ADDRESS[:PORT] specified with listen. Theses rules are automatically
# removed once lacme(8) exits.
#
#iptables = No
[accountd]
# lacme-accound(1) section. Comment out this section (including its
# header), or use the --socket= CLI option, to make lacme(8) connect to
# an existing lacme-accountd(1) process via a UNIX-domain socket.
# username to drop privileges to (setting both effective and real uid).
# Skip privilege drop if the value is empty.
#
#user =
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Skip privilege drop if the value is empty.
#
#group =
# lacme-accountd(1) command.
#
#command = @@bindir@@/lacme-accountd
# Path to the lacme-accountd(1) configuration file.
#
#config = @@sysconfdir@@/lacme/lacme-accountd.conf
# The (private) account key to use for signing requests. See
# lacme-accountd(1) for details.
#
#privkey = file:/path/to/account.key
# Be quiet.
#
#quiet = Yes
; vim:ft=dosini
|