X-Git-Url: https://git.street.me.uk/andy/dehydrated.git/blobdiff_plain/3dbbb461f196d4e98c49962dc6c9bb6669465f95..c52248d194e2d6fc3d9e877c11f8849b405eafd0:/config.sh.example diff --git a/config.sh.example b/config.sh.example index 11b6033..471339c 100644 --- a/config.sh.example +++ b/config.sh.example @@ -1,16 +1,73 @@ -# default values are commented +#!/usr/bin/env bash -#CA="https://acme-v01.api.letsencrypt.org" -#WELLKNOWN=".acme-challenges" -#KEYSIZE=4096 +######################################################## +# This is the main config file for letsencrypt.sh # +# # +# This file is looked for in the following locations: # +# $SCRIPTDIR/config.sh (next to this script) # +# /usr/local/etc/letsencrypt.sh/config.sh # +# /etc/letsencrypt.sh/config.sh # +# ${PWD}/config.sh (in current working-directory) # +# # +# Default values of this config are in comments # +######################################################## -# program called before responding to the challenge, arguments: path/to/token -# token; can be used to e.g. upload the challenge if this script doesn't run -# on the webserver -#HOOK_CHALLENGE= +# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) +#CA="https://acme-v01.api.letsencrypt.org/directory" -# try to renew certs that are within RENEW_DAYS days of there expire date -#RENEW_DAYS="14" +# Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf) +#LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" -# create new private key for each csr (yes|no) -#PRIVATE_KEY_RENEW=no +# Which challenge should be used? Currently http-01 and dns-01 are supported +#CHALLENGETYPE="http-01" + +# Path to a directory containing additional config files, allowing to override +# the defaults found in the main configuration file. Additional config files +# in this directory needs to be named with a '.sh' ending. +# default: +#CONFIG_D= + +# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined) +#BASEDIR=$SCRIPTDIR + +# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: $BASEDIR/.acme-challenges) +#WELLKNOWN="${BASEDIR}/.acme-challenges" + +# Location of private account key (default: $BASEDIR/private_key.pem) +#PRIVATE_KEY="${BASEDIR}/private_key.pem" + +# Default keysize for private keys (default: 4096) +#KEYSIZE="4096" + +# Path to openssl config file (default: - tries to figure out system default) +#OPENSSL_CNF= + +# Program or function called in certain situations +# +# After generating the challenge-response, or after failed challenge (in this case altname is empty) +# Given arguments: clean_challenge|deploy_challenge altname token-filename token-content +# +# After successfully signing certificate +# Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem +# +# BASEDIR and WELLKNOWN variables are exported and can be used in an external program +# default: +#HOOK= + +# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) +#HOOK_CHAIN="no" + +# Minimum days before expiration to automatically renew certificate (default: 30) +#RENEW_DAYS="30" + +# Regenerate private keys instead of just signing new certificates on renewal (default: no) +#PRIVATE_KEY_RENEW="no" + +# Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 +#KEY_ALGO=rsa + +# E-mail to use during the registration (default: ) +#CONTACT_EMAIL= + +# Lockfile location, to prevent concurrent access (default: $BASEDIR/lock) +#LOCKFILE="${BASEDIR}/lock"