.\" This source code is released into the public domain.
.Dd June 3, 2025
.Dt ACME.CONF 5
.Os
.Sh NAME
.Nm acme.conf
.Nd lfacme global configuration file
.Sh SYNOPSIS
.Pa /usr/local/etc/lfacme/acme.conf
.Sh DESCRIPTION
The
.Nm
file is a shell script used to configure the global behaviour of
.Nm lfacme .
The following variables may be set:
.Bl -tag -width indent
.It Va ACME_URL
(Required.)
The URL of the ACME server.
.It Va ACME_DATADIR
The path to the runtime data directory, where the ACME account key and any
issued certificates will be stored.
The default value is
.Pa /var/db/lfacme .
.It Va ACME_HOOKDIR
The path to a directory containing hooks to invoke when issuing certificates
(see
.Xr domains.conf 5 ) .
The default value is
.Pa /usr/local/etc/lfacme/hooks .
.It Va ACME_HTTP_CHALLENGE_DIR
The directory to store ACME challenges when responding to an
.Dq http-01
challenge with the
.Dq http
challenge handler.
This directory must be served at
.Dq /.well-known/acme-challenge
on any domain which will be validated with the
.Dq http
handler.
There is no default value; you must set this if you use the
.Dq http
handler.
.It Va ACME_KERBEROS_PRINCIPAL
The Kerberos principal to use when responding to a
.Dq dns-01
challenge with the
.Dq kerberos
challenge handler.
The default value is
.Dq host/$(hostname) .
.It Va ACME_KERBEROS_KEYTAB
The Kerberos keytab to use when responding to a
.Dq dns-01
challenge with the
.Dq kerberos
challenge handler.
The keytab must contain a Kerberos key for the principal configured in
.Va ACME_KERBEROS_PRINCIPAL .
The default value is
.Pa /etc/krb5.keytab .
.El
.Sh SEE ALSO
.Xr domains.conf 5 ,
.Xr lfacme-renew 8 ,
.Xr lfacme-setup 8