From e1f2a8dd272cdbe4f5e54853008a3e5f24f4af71 Mon Sep 17 00:00:00 2001 From: Lexi Winter Date: Tue, 3 Jun 2025 07:21:08 +0100 Subject: initial commit --- domains.conf.sample | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 domains.conf.sample (limited to 'domains.conf.sample') diff --git a/domains.conf.sample b/domains.conf.sample new file mode 100644 index 0000000..dbcca4a --- /dev/null +++ b/domains.conf.sample @@ -0,0 +1,50 @@ +## +# Domains configuration file for lfacme. +# +# This is NOT a shell script (unlike acme.conf) so you cannot use shell +# syntax here. +# +# Empty lines and lines beginning with a '#' character are ignored. + +## +# Each line specifies one certificate using one or more whitespace-separated +# fields. +# +# The first field is the certificate name, which is only used internally by +# lfacme and is not part of the certificate. +# +# The remaining fields are certificate options, which may be either subject alt +# names or options for the certificate. +# +# If no subject alt names are provided, then the certificate name is used as +# the common name and subject alt name. + +## +# Supported options: +# +# type=ec Generate a secp384r1 ECDSA private key. +# (This is the default) +# +# type=rsa Generate a 3072-bit RSA private key. +# +# hook= Run the hook '' after (re)issuing this certificate. +# If begins with a '/' then it is an absolute path, +# otherwise it is relative to $ACME_HOOKDIR. +# This option may be given multiple times. + +# Issue a cert for example.org using the default options. +# We don't provide any SANs, so the certificate name is used as the domain. +example.org + +# Issue a cert for example.org with some SANs. +# Notice that because we specify one SAN, we now have to specify all of them. +example.org example.org www.example.org + +# Issue two certs for an SMTP server, one EC and one RSA. +# Some older SMTP clients still don't like EC certs. +# Run a hook after the certificate is (re)issued. +smtp-ec smtp.example.org type=ec hook=install-smtp-cert +smtp-rsa smtp.example.org type=rsa hook=install-smtp-cert + +# Issue a certificate for a server and run multiple hooks. +server.example.org hook=nginx hook=postfix hook=node-exporter -- cgit v1.2.3