diff options
| author | Lexi Winter <ivy@FreeBSD.org> | 2025-06-04 08:51:26 +0100 |
|---|---|---|
| committer | Lexi Winter <ivy@FreeBSD.org> | 2025-06-04 08:51:26 +0100 |
| commit | 63f6a3181fea59360b2bfe430f5c798f88b22527 (patch) | |
| tree | a9f5471dfdc5478a5b337854660773e3bea861b4 /acme.conf.sample | |
| parent | 7284f9864fad4432b6a6e641c03adee321148107 (diff) | |
| download | lfacme-63f6a3181fea59360b2bfe430f5c798f88b22527.tar.gz lfacme-63f6a3181fea59360b2bfe430f5c798f88b22527.tar.bz2 | |
add a TSIG-based dns validation handler
while here, reorganise and improve documentation a bit.
Diffstat (limited to 'acme.conf.sample')
| -rw-r--r-- | acme.conf.sample | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/acme.conf.sample b/acme.conf.sample index 86d8693..151e4c9 100644 --- a/acme.conf.sample +++ b/acme.conf.sample @@ -1,6 +1,11 @@ # This is a sample configuration file for lfacme. It is a shell script, # so you can include other files or call programs here if you like. +####################################################################### +# Base options. +# +# These options are used by lfacme itself. + ### ACME_URL # The URL of the ACME server. @@ -29,6 +34,12 @@ #ACME_HOOKDIR="/some/directory" +####################################################################### +# lfacme-http(5) options. +# +# These options are used for the "http" challenge. + + ### ACME_HTTP_CHALLENGE_DIR # When using the "http" challenge handler, this is the directory which contains # ACME challenges. This must be served at /.well-known/acme-challenge on any @@ -38,6 +49,25 @@ #ACME_HTTP_CHALLENGE_DIR="/var/www/acme-challenge" +####################################################################### +# lfacme-dns(5) options. +# +# These options are used for the "dns" challenge. + + +### ACME_DNS_KEYFILE +# Path to the TSIG key nsupdate will use to authenticate the update. +# No default; you must configure this when using the dns challenge. + +#ACME_DNS_KEYFILE="/path/to/key" + + +####################################################################### +# lfacme-kerberos(5) options. +# +# These options are used for the "kerberos" challenge. + + ### ACME_KERBEROS_PRINCIPAL # When using the "kerberos" challenge handler, this is the Kerberos principal # we use for nsupdate. The default is "host/$(hostname)", which assumes a @@ -45,6 +75,7 @@ #ACME_KERBEROS_PRINCIPAL="host/server.example.org@EXAMPLE.ORG" + ### ACME_KERBEROS_KEYTAB # When using the "kerberos" challenge handler, this is the keytab used to # issue the ticket. It must contain a key for $ACME_KERBEROS_PRINCIPAL. |