summaryrefslogtreecommitdiffstats
path: root/roles/letsencrypt/files
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-02-27 00:45:50 +0100
committerGuilhem Moulin <guilhem@fripost.org>2016-03-02 21:38:37 +0100
commited8cf1de7e87ff6496db46f17fb4bcfc90ccf48f (patch)
tree9bca7dd3fc058ca0470ceefe742d2ae19df94a3e /roles/letsencrypt/files
parent4a3f204a3d285a377161efb2dbeec73d329e6d1a (diff)
Let's Encrypt
Diffstat (limited to 'roles/letsencrypt/files')
-rw-r--r--roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf86
1 files changed, 86 insertions, 0 deletions
diff --git a/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf b/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf
new file mode 100644
index 0000000..fb19d2a
--- /dev/null
+++ b/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf
@@ -0,0 +1,86 @@
+# For certificate issuance (new-cert command), specify the certificate
+# configuration file to use
+#
+#config-certs = config/letsencrypt-certs.conf
+
+[client]
+# The value of "socket" specifies the letsencrypt-accountd(1)
+# UNIX-domain socket to connect to for signature requests from the ACME
+# client. letsencrypt aborts if the socket is readable or writable by
+# other users, or if its parent directory is writable by other users.
+# Default: "$XDG_RUNTIME_DIR/S.letsencrypt" if the XDG_RUNTIME_DIR
+# environment variable is set.
+#
+#socket = /run/user/1000/S.letsencrypt
+
+# username to drop privileges to (setting both effective and real uid).
+# Preserve root privileges if the value is empty (not recommended).
+# Default: "nobody".
+#
+user = letsencrypt
+
+# groupname to drop privileges to (setting both effective and real gid,
+# and also setting the list of supplementary gids to that single group).
+# Preserve root privileges if the value is empty (not recommended).
+#
+group = nogroup
+
+# Path to the ACME client executable.
+#command = /usr/lib/letsencrypt-tiny/client
+
+# Root URI of the ACME server. NOTE: Use the staging server for testing
+# as it has relaxed ratelimit.
+#
+#server = https://acme-v01.api.letsencrypt.org/
+#server = https://acme-staging.api.letsencrypt.org/
+
+# Timeout in seconds after which the client stops polling the ACME
+# server and considers the request failed.
+#
+#timeout = 10
+
+# Whether to verify the server certificate chain.
+SSL_verify = yes
+
+# Specify the version of the SSL protocol used to transmit data.
+SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2
+
+# Specify the cipher list for the connection.
+SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
+
+
+[webserver]
+
+# Specify the local address to listen on, in the form ADDRESS[:PORT].
+#
+#listen = 0.0.0.0:80
+#listen = [::]:80
+
+# If a webserver is already running, specify a non-existent directory
+# under which the webserver is configured to serve GET requests for
+# challenge files under "/.well-known/acme-challenge/" (for each virtual
+# hosts requiring authorization) as static files.
+#
+challenge-directory = /var/www/acme-challenge
+
+# username to drop privileges to (setting both effective and real uid).
+# Preserve root privileges if the value is empty (not recommended).
+#
+user = www-data
+
+# groupname to drop privileges to (setting both effective and real gid,
+# and also setting the list of supplementary gids to that single group).
+# Preserve root privileges if the value is empty (not recommended).
+#
+user = www-data
+
+# Path to the ACME webserver executable.
+#command = /usr/lib/letsencrypt-tiny/webserver
+
+# Whether to automatically install iptables(1) rules to open the
+# ADDRESS[:PORT] specified with listen. Theses rules are automatically
+# removed once letsencrypt exits.
+#
+#iptables = Yes
+
+; vim:ft=dosini