blob: fb19d2a3d73e4aa65e933f1500dc55d8c2241924 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
# For certificate issuance (new-cert command), specify the certificate
# configuration file to use
#
#config-certs = config/letsencrypt-certs.conf
[client]
# The value of "socket" specifies the letsencrypt-accountd(1)
# UNIX-domain socket to connect to for signature requests from the ACME
# client. letsencrypt aborts if the socket is readable or writable by
# other users, or if its parent directory is writable by other users.
# Default: "$XDG_RUNTIME_DIR/S.letsencrypt" if the XDG_RUNTIME_DIR
# environment variable is set.
#
#socket = /run/user/1000/S.letsencrypt
# username to drop privileges to (setting both effective and real uid).
# Preserve root privileges if the value is empty (not recommended).
# Default: "nobody".
#
user = letsencrypt
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Preserve root privileges if the value is empty (not recommended).
#
group = nogroup
# Path to the ACME client executable.
#command = /usr/lib/letsencrypt-tiny/client
# Root URI of the ACME server. NOTE: Use the staging server for testing
# as it has relaxed ratelimit.
#
#server = https://acme-v01.api.letsencrypt.org/
#server = https://acme-staging.api.letsencrypt.org/
# Timeout in seconds after which the client stops polling the ACME
# server and considers the request failed.
#
#timeout = 10
# Whether to verify the server certificate chain.
SSL_verify = yes
# Specify the version of the SSL protocol used to transmit data.
SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2
# Specify the cipher list for the connection.
SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
[webserver]
# Specify the local address to listen on, in the form ADDRESS[:PORT].
#
#listen = 0.0.0.0:80
#listen = [::]:80
# If a webserver is already running, specify a non-existent directory
# under which the webserver is configured to serve GET requests for
# challenge files under "/.well-known/acme-challenge/" (for each virtual
# hosts requiring authorization) as static files.
#
challenge-directory = /var/www/acme-challenge
# username to drop privileges to (setting both effective and real uid).
# Preserve root privileges if the value is empty (not recommended).
#
user = www-data
# groupname to drop privileges to (setting both effective and real gid,
# and also setting the list of supplementary gids to that single group).
# Preserve root privileges if the value is empty (not recommended).
#
user = www-data
# Path to the ACME webserver executable.
#command = /usr/lib/letsencrypt-tiny/webserver
# Whether to automatically install iptables(1) rules to open the
# ADDRESS[:PORT] specified with listen. Theses rules are automatically
# removed once letsencrypt exits.
#
#iptables = Yes
; vim:ft=dosini
|