# For certificate issuance (new-cert command), specify the certificate # configuration file to use # #config-certs = config/lacme-certs.conf [client] # The value of "socket" specifies the lacme-accountd(1) UNIX-domain # socket to connect to for signature requests from the ACME client. # lacme(1) aborts if the socket is readable or writable by other users, # or if its parent directory is writable by other users. # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment # variable is set. # #socket = /run/user/1000/S.lacme # username to drop privileges to (setting both effective and real uid). # Preserve root privileges if the value is empty (not recommended). # Default: "nobody". # user = lacme # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). # Preserve root privileges if the value is empty (not recommended). # group = nogroup # Path to the ACME client executable. #command = /usr/lib/lacme/client # Root URI of the ACME server. NOTE: Use the staging server for testing # as it has relaxed ratelimit. # #server = https://acme-v01.api.letsencrypt.org/ #server = https://acme-staging.api.letsencrypt.org/ # Timeout in seconds after which the client stops polling the ACME # server and considers the request failed. # #timeout = 10 # Whether to verify the server certificate chain. SSL_verify = yes # Specify the version of the SSL protocol used to transmit data. SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2 # Specify the cipher list for the connection. SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL [webserver] # Specify the local address to listen on, in the form ADDRESS[:PORT]. # #listen = 0.0.0.0:80 listen = [::]:80 # If a webserver is already running, specify a non-existent directory # under which the webserver is configured to serve GET requests for # challenge files under "/.well-known/acme-challenge/" (for each virtual # hosts requiring authorization) as static files. # challenge-directory = /var/www/acme-challenge # username to drop privileges to (setting both effective and real uid). # Preserve root privileges if the value is empty (not recommended). # user = www-data # groupname to drop privileges to (setting both effective and real gid, # and also setting the list of supplementary gids to that single group). # Preserve root privileges if the value is empty (not recommended). # user = www-data # Path to the ACME webserver executable. #command = /usr/lib/lacme/webserver # Whether to automatically install iptables(8) rules to open the # ADDRESS[:PORT] specified with listen. Theses rules are automatically # removed once lacme(1) exits. # #iptables = Yes ; vim:ft=dosini