blob: 151e4c92d84f8fa23f7b438396f0bd25ac5456f7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
# This is a sample configuration file for lfacme. It is a shell script,
# so you can include other files or call programs here if you like.
#######################################################################
# Base options.
#
# These options are used by lfacme itself.
### ACME_URL
# The URL of the ACME server.
# No default, you must set this.
# Let's Encrypt production:
#ACME_URL="https://acme-v02.api.letsencrypt.org/directory"
# Let's Encrypt staging:
#ACME_URL="https://acme-staging-v02.api.letsencrypt.org/directory"
### ACME_DATADIR
# Runtime data directory.
# This is where the ACME account key and the issued certificates are stored.
# The default is /var/db/lfacme.
#ACME_DATADIR="/var/db/lfacme"
### ACME_HOOKDIR
# The path to the directory containing certificate hooks.
# The default is "/usr/local/etc/lfacme/hooks".
# There is usually no need to change this.
#ACME_HOOKDIR="/some/directory"
#######################################################################
# lfacme-http(5) options.
#
# These options are used for the "http" challenge.
### ACME_HTTP_CHALLENGE_DIR
# When using the "http" challenge handler, this is the directory which contains
# ACME challenges. This must be served at /.well-known/acme-challenge on any
# domain using http validation.
# No default, you must set this if you use the "http" handler.
#ACME_HTTP_CHALLENGE_DIR="/var/www/acme-challenge"
#######################################################################
# lfacme-dns(5) options.
#
# These options are used for the "dns" challenge.
### ACME_DNS_KEYFILE
# Path to the TSIG key nsupdate will use to authenticate the update.
# No default; you must configure this when using the dns challenge.
#ACME_DNS_KEYFILE="/path/to/key"
#######################################################################
# lfacme-kerberos(5) options.
#
# These options are used for the "kerberos" challenge.
### ACME_KERBEROS_PRINCIPAL
# When using the "kerberos" challenge handler, this is the Kerberos principal
# we use for nsupdate. The default is "host/$(hostname)", which assumes a
# default realm is configured in /etc/krb5.conf.
#ACME_KERBEROS_PRINCIPAL="host/server.example.org@EXAMPLE.ORG"
### ACME_KERBEROS_KEYTAB
# When using the "kerberos" challenge handler, this is the keytab used to
# issue the ticket. It must contain a key for $ACME_KERBEROS_PRINCIPAL.
# The default is /etc/krb5.keytab.
#ACME_KERBEROS_KEYTAB="/etc/krb5.keytab"
|
