aboutsummaryrefslogtreecommitdiffstats
path: root/config/letsencrypt-certs.conf
blob: 2ee9b20a9e466da58fbd562c5238fc297f5fb51a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Each non-default section denotes a separate certificate issuance.
# Options in the default section apply to each sections.

# Message digest to sign the Certificate Signing Request with.
#hash = sha512

# Comma-separated list of Key Usages, see x509v3_config(5ssl).
#keyUsage = digitalSignature, keyEncipherment

#[www]

# Where to store the issued certificate (in PEM format).
#certificate = /etc/nginx/ssl/srv.pem

# Where to store the issued certificate, concatenated with the content
# of the file specified specified with the CAfile option (in PEM format).
#certificate-chain = /etc/nginx/ssl/srv.chain.pem

# Path the service's private key.  This option is required.
#certificate-key = /etc/nginx/ssl/srv.key

# For an existing certificate, the minimum number of days before its
# expiration date the section is considered for re-issuance.
#min-days = 10

# Path to the issuer's certificate.  This is used for certificate-chain
# and to verify the validity of each issued certificate.  Specifying an
# empty value skip certificate validation.
#CAfile = /usr/share/letsencrypt-tiny/lets-encrypt-x3-cross-signed.pem

# Subject field of the Certificate Signing Request.  This option is
# required.
#subject = /CN=example.org

# Comma-separated  list of Subject Alternative Names.
#subjectAltName = DNS:example.org,DNS:www.example.org

# username[:groupname] to chown the issued certificate and
# certificate-chain with.
#chown = root:root

# octal mode to chmod the issued certificate and certificate-chain with.
#chmod = 0644

# Command to pass the the system's command shell ("/bin/sh -c") after
# successful installation of the certificate and/or certificate-chain.
#notify = /bin/systemctl reload nginx


#[smtp]
#certificate-key = /etc/postfix/ssl/srv.key
#certificate-chain = /etc/postfix/ssl/srv.pem
#subject = /CN=smtp.example.org
#notify = /bin/systemctl reload postfix

; vim:ft=dosini