aboutsummaryrefslogtreecommitdiffstats
path: root/acme.conf.sample.in
diff options
context:
space:
mode:
Diffstat (limited to 'acme.conf.sample.in')
-rw-r--r--acme.conf.sample.in86
1 files changed, 86 insertions, 0 deletions
diff --git a/acme.conf.sample.in b/acme.conf.sample.in
new file mode 100644
index 0000000..d6cea21
--- /dev/null
+++ b/acme.conf.sample.in
@@ -0,0 +1,86 @@
+# This is a sample configuration file for lfacme. It is a shell script,
+# so you can include other files or call programs here if you like.
+#
+# See acme.conf(5) for documentation on this file.
+
+#######################################################################
+# Base options.
+#
+# These options are used by lfacme itself.
+
+
+### ACME_URL
+# The URL of the ACME server.
+# No default, you must set this.
+
+# Let's Encrypt production:
+#ACME_URL="https://acme-v02.api.letsencrypt.org/directory"
+
+# Let's Encrypt staging:
+#ACME_URL="https://acme-staging-v02.api.letsencrypt.org/directory"
+
+
+### ACME_DATADIR
+# Runtime data directory.
+# This is where the ACME account key and the issued certificates are stored.
+# The default is /var/db/lfacme.
+
+#ACME_DATADIR="/var/db/lfacme"
+
+
+### ACME_HOOKDIR
+# The path to the directory containing certificate hooks.
+# The default is "__CONFDIR__/hooks".
+# There is usually no need to change this.
+
+#ACME_HOOKDIR="/some/directory"
+
+
+#######################################################################
+# lfacme-http(5) options.
+#
+# These options are used for the "http" challenge.
+
+
+### ACME_HTTP_CHALLENGE_DIR
+# When using the "http" challenge handler, this is the directory which contains
+# ACME challenges. This must be served at /.well-known/acme-challenge on any
+# domain using http validation.
+# No default, you must set this if you use the "http" handler.
+
+#ACME_HTTP_CHALLENGE_DIR="/var/www/acme-challenge"
+
+
+#######################################################################
+# lfacme-dns(5) options.
+#
+# These options are used for the "dns" challenge.
+
+
+### ACME_DNS_KEYFILE
+# Path to the TSIG key nsupdate will use to authenticate the update.
+# No default; you must configure this when using the dns challenge.
+
+#ACME_DNS_KEYFILE="/path/to/key"
+
+
+#######################################################################
+# lfacme-kerberos(5) options.
+#
+# These options are used for the "kerberos" challenge.
+
+
+### ACME_KERBEROS_PRINCIPAL
+# When using the "kerberos" challenge handler, this is the Kerberos principal
+# we use for nsupdate. The default is "host/$(hostname)", which assumes a
+# default realm is configured in /etc/krb5.conf.
+
+#ACME_KERBEROS_PRINCIPAL="host/server.example.org@EXAMPLE.ORG"
+
+
+### ACME_KERBEROS_KEYTAB
+# When using the "kerberos" challenge handler, this is the keytab used to
+# issue the ticket. It must contain a key for $ACME_KERBEROS_PRINCIPAL.
+# The default is /etc/krb5.keytab.
+
+#ACME_KERBEROS_KEYTAB="/etc/krb5.keytab"