|
@ -10,6 +10,12 @@ |
|
|
# Default values of this config are in comments # |
|
|
# Default values of this config are in comments # |
|
|
######################################################## |
|
|
######################################################## |
|
|
|
|
|
|
|
|
|
|
|
# Which user should dehydrated run as? This will be implictly enforced when running as root |
|
|
|
|
|
#DEHYDRATED_USER= |
|
|
|
|
|
|
|
|
|
|
|
# Which group should dehydrated run as? This will be implictly enforced when running as root |
|
|
|
|
|
#DEHYDRATED_GROUP= |
|
|
|
|
|
|
|
|
# Resolve names to addresses of IP version only. (curl) |
|
|
# Resolve names to addresses of IP version only. (curl) |
|
|
# supported values: 4, 6 |
|
|
# supported values: 4, 6 |
|
|
# default: <unset> |
|
|
# default: <unset> |
|
@ -18,6 +24,13 @@ |
|
|
# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) |
|
|
# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) |
|
|
CA="https://acme-staging.api.letsencrypt.org/directory" |
|
|
CA="https://acme-staging.api.letsencrypt.org/directory" |
|
|
|
|
|
|
|
|
|
|
|
# Path to old certificate authority |
|
|
|
|
|
# Set this value to your old CA value when upgrading from ACMEv1 to ACMEv2 under a different endpoint. |
|
|
|
|
|
# If dehydrated detects an account-key for the old CA it will automatically reuse that key |
|
|
|
|
|
# instead of registering a new one. |
|
|
|
|
|
# default: https://acme-v01.api.letsencrypt.org/directory |
|
|
|
|
|
#OLDCA="https://acme-v01.api.letsencrypt.org/directory" |
|
|
|
|
|
|
|
|
# Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) |
|
|
# Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) |
|
|
#LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" |
|
|
#LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" |
|
|
|
|
|
|
|
@ -51,6 +64,12 @@ WELLKNOWN="/var/www/.well-known/acme-challenge" |
|
|
# Path to openssl config file (default: <unset> - tries to figure out system default) |
|
|
# Path to openssl config file (default: <unset> - tries to figure out system default) |
|
|
#OPENSSL_CNF= |
|
|
#OPENSSL_CNF= |
|
|
|
|
|
|
|
|
|
|
|
# Path to OpenSSL binary (default: "openssl") |
|
|
|
|
|
#OPENSSL="openssl" |
|
|
|
|
|
|
|
|
|
|
|
# Extra options passed to the curl binary (default: <unset>) |
|
|
|
|
|
#CURL_OPTS= |
|
|
|
|
|
|
|
|
# Program or function called in certain situations |
|
|
# Program or function called in certain situations |
|
|
# |
|
|
# |
|
|
# After generating the challenge-response, or after failed challenge (in this case altname is empty) |
|
|
# After generating the challenge-response, or after failed challenge (in this case altname is empty) |
|
@ -86,3 +105,18 @@ KEY_ALGO=secp384r1 |
|
|
|
|
|
|
|
|
# Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no) |
|
|
# Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no) |
|
|
OCSP_MUST_STAPLE="yes" |
|
|
OCSP_MUST_STAPLE="yes" |
|
|
|
|
|
|
|
|
|
|
|
# Fetch OCSP responses (default: no) |
|
|
|
|
|
#OCSP_FETCH="no" |
|
|
|
|
|
|
|
|
|
|
|
# OCSP refresh interval (default: 5 days) |
|
|
|
|
|
#OCSP_DAYS=5 |
|
|
|
|
|
|
|
|
|
|
|
# Issuer chain cache directory (default: $BASEDIR/chains) |
|
|
|
|
|
#CHAINCACHE="${BASEDIR}/chains" |
|
|
|
|
|
|
|
|
|
|
|
# Automatic cleanup (default: no) |
|
|
|
|
|
#AUTO_CLEANUP="no" |
|
|
|
|
|
|
|
|
|
|
|
# ACME API version (default: auto) |
|
|
|
|
|
#API=auto |