diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2016-02-27 00:45:50 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2016-03-02 21:38:37 +0100 |
commit | ed8cf1de7e87ff6496db46f17fb4bcfc90ccf48f (patch) | |
tree | 9bca7dd3fc058ca0470ceefe742d2ae19df94a3e /roles/letsencrypt/files | |
parent | 4a3f204a3d285a377161efb2dbeec73d329e6d1a (diff) |
Let's Encrypt
Diffstat (limited to 'roles/letsencrypt/files')
-rw-r--r-- | roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf b/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf new file mode 100644 index 0000000..fb19d2a --- /dev/null +++ b/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf @@ -0,0 +1,86 @@ +# For certificate issuance (new-cert command), specify the certificate +# configuration file to use +# +#config-certs = config/letsencrypt-certs.conf + +[client] +# The value of "socket" specifies the letsencrypt-accountd(1) +# UNIX-domain socket to connect to for signature requests from the ACME +# client. letsencrypt aborts if the socket is readable or writable by +# other users, or if its parent directory is writable by other users. +# Default: "$XDG_RUNTIME_DIR/S.letsencrypt" if the XDG_RUNTIME_DIR +# environment variable is set. +# +#socket = /run/user/1000/S.letsencrypt + +# username to drop privileges to (setting both effective and real uid). +# Preserve root privileges if the value is empty (not recommended). +# Default: "nobody". +# +user = letsencrypt + +# groupname to drop privileges to (setting both effective and real gid, +# and also setting the list of supplementary gids to that single group). +# Preserve root privileges if the value is empty (not recommended). +# +group = nogroup + +# Path to the ACME client executable. +#command = /usr/lib/letsencrypt-tiny/client + +# Root URI of the ACME server. NOTE: Use the staging server for testing +# as it has relaxed ratelimit. +# +#server = https://acme-v01.api.letsencrypt.org/ +#server = https://acme-staging.api.letsencrypt.org/ + +# Timeout in seconds after which the client stops polling the ACME +# server and considers the request failed. +# +#timeout = 10 + +# Whether to verify the server certificate chain. +SSL_verify = yes + +# Specify the version of the SSL protocol used to transmit data. +SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2 + +# Specify the cipher list for the connection. +SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL + + +[webserver] + +# Specify the local address to listen on, in the form ADDRESS[:PORT]. +# +#listen = 0.0.0.0:80 +#listen = [::]:80 + +# If a webserver is already running, specify a non-existent directory +# under which the webserver is configured to serve GET requests for +# challenge files under "/.well-known/acme-challenge/" (for each virtual +# hosts requiring authorization) as static files. +# +challenge-directory = /var/www/acme-challenge + +# username to drop privileges to (setting both effective and real uid). +# Preserve root privileges if the value is empty (not recommended). +# +user = www-data + +# groupname to drop privileges to (setting both effective and real gid, +# and also setting the list of supplementary gids to that single group). +# Preserve root privileges if the value is empty (not recommended). +# +user = www-data + +# Path to the ACME webserver executable. +#command = /usr/lib/letsencrypt-tiny/webserver + +# Whether to automatically install iptables(1) rules to open the +# ADDRESS[:PORT] specified with listen. Theses rules are automatically +# removed once letsencrypt exits. +# +#iptables = Yes + +; vim:ft=dosini |