From 15010d062ae276a92065cd6ea7dc94b749e20756 Mon Sep 17 00:00:00 2001 From: Lexi Winter Date: Wed, 4 Jun 2025 10:42:19 +0100 Subject: allow PREFIX to be customised --- acme.conf.sample.in | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 acme.conf.sample.in (limited to 'acme.conf.sample.in') diff --git a/acme.conf.sample.in b/acme.conf.sample.in new file mode 100644 index 0000000..d6cea21 --- /dev/null +++ b/acme.conf.sample.in @@ -0,0 +1,86 @@ +# This is a sample configuration file for lfacme. It is a shell script, +# so you can include other files or call programs here if you like. +# +# See acme.conf(5) for documentation on this file. + +####################################################################### +# Base options. +# +# These options are used by lfacme itself. + + +### ACME_URL +# The URL of the ACME server. +# No default, you must set this. + +# Let's Encrypt production: +#ACME_URL="https://acme-v02.api.letsencrypt.org/directory" + +# Let's Encrypt staging: +#ACME_URL="https://acme-staging-v02.api.letsencrypt.org/directory" + + +### ACME_DATADIR +# Runtime data directory. +# This is where the ACME account key and the issued certificates are stored. +# The default is /var/db/lfacme. + +#ACME_DATADIR="/var/db/lfacme" + + +### ACME_HOOKDIR +# The path to the directory containing certificate hooks. +# The default is "__CONFDIR__/hooks". +# There is usually no need to change this. + +#ACME_HOOKDIR="/some/directory" + + +####################################################################### +# lfacme-http(5) options. +# +# These options are used for the "http" challenge. + + +### ACME_HTTP_CHALLENGE_DIR +# When using the "http" challenge handler, this is the directory which contains +# ACME challenges. This must be served at /.well-known/acme-challenge on any +# domain using http validation. +# No default, you must set this if you use the "http" handler. + +#ACME_HTTP_CHALLENGE_DIR="/var/www/acme-challenge" + + +####################################################################### +# lfacme-dns(5) options. +# +# These options are used for the "dns" challenge. + + +### ACME_DNS_KEYFILE +# Path to the TSIG key nsupdate will use to authenticate the update. +# No default; you must configure this when using the dns challenge. + +#ACME_DNS_KEYFILE="/path/to/key" + + +####################################################################### +# lfacme-kerberos(5) options. +# +# These options are used for the "kerberos" challenge. + + +### ACME_KERBEROS_PRINCIPAL +# When using the "kerberos" challenge handler, this is the Kerberos principal +# we use for nsupdate. The default is "host/$(hostname)", which assumes a +# default realm is configured in /etc/krb5.conf. + +#ACME_KERBEROS_PRINCIPAL="host/server.example.org@EXAMPLE.ORG" + + +### ACME_KERBEROS_KEYTAB +# When using the "kerberos" challenge handler, this is the keytab used to +# issue the ticket. It must contain a key for $ACME_KERBEROS_PRINCIPAL. +# The default is /etc/krb5.keytab. + +#ACME_KERBEROS_KEYTAB="/etc/krb5.keytab" -- cgit v1.2.3