blob: dbcca4a532f1b06ae60cddfd8cb59a04b4994d01 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
##
# Domains configuration file for lfacme.
#
# This is NOT a shell script (unlike acme.conf) so you cannot use shell
# syntax here.
#
# Empty lines and lines beginning with a '#' character are ignored.
##
# Each line specifies one certificate using one or more whitespace-separated
# fields.
#
# The first field is the certificate name, which is only used internally by
# lfacme and is not part of the certificate.
#
# The remaining fields are certificate options, which may be either subject alt
# names or options for the certificate.
#
# If no subject alt names are provided, then the certificate name is used as
# the common name and subject alt name.
##
# Supported options:
#
# type=ec Generate a secp384r1 ECDSA private key.
# (This is the default)
#
# type=rsa Generate a 3072-bit RSA private key.
#
# hook=<name> Run the hook '<name>' after (re)issuing this certificate.
# If <name> begins with a '/' then it is an absolute path,
# otherwise it is relative to $ACME_HOOKDIR.
# This option may be given multiple times.
# Issue a cert for example.org using the default options.
# We don't provide any SANs, so the certificate name is used as the domain.
example.org
# Issue a cert for example.org with some SANs.
# Notice that because we specify one SAN, we now have to specify all of them.
example.org example.org www.example.org
# Issue two certs for an SMTP server, one EC and one RSA.
# Some older SMTP clients still don't like EC certs.
# Run a hook after the certificate is (re)issued.
smtp-ec smtp.example.org type=ec hook=install-smtp-cert
smtp-rsa smtp.example.org type=rsa hook=install-smtp-cert
# Issue a certificate for a server and run multiple hooks.
server.example.org hook=nginx hook=postfix hook=node-exporter
|
