From 3507efd3274f0ffbfacd3295346cf33cf1df7f43 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Tue, 24 Oct 2017 22:47:33 +0000 Subject: [PATCH] - config file split into smaller, more readable parts --- 01-ca-path.sh | 5 +++++ 02-challenge-type.sh | 2 ++ 03-keys.sh | 8 ++++++++ 04-renew.sh | 5 +++++ 05-ocsp.sh | 2 ++ 06-hook.sh | 14 ++++++++++++++ 07-contact.sh | 2 ++ config.sh | 21 +++++++++++++++++++++ 8 files changed, 59 insertions(+) create mode 100644 01-ca-path.sh create mode 100644 02-challenge-type.sh create mode 100644 03-keys.sh create mode 100644 04-renew.sh create mode 100644 05-ocsp.sh create mode 100644 06-hook.sh create mode 100644 07-contact.sh create mode 100644 config.sh diff --git a/01-ca-path.sh b/01-ca-path.sh new file mode 100644 index 0000000..ac53c74 --- /dev/null +++ b/01-ca-path.sh @@ -0,0 +1,5 @@ +# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) +#CA="https://acme-v01.api.letsencrypt.org/directory" + +# Path to certificate authority license terms redirect (default: https://acme-v01.api.letsencrypt.org/terms) +#CA_TERMS="https://acme-v01.api.letsencrypt.org/terms" diff --git a/02-challenge-type.sh b/02-challenge-type.sh new file mode 100644 index 0000000..5416ba9 --- /dev/null +++ b/02-challenge-type.sh @@ -0,0 +1,2 @@ +# Which challenge should be used? Currently http-01 and dns-01 are supported +#CHALLENGETYPE="http-01" diff --git a/03-keys.sh b/03-keys.sh new file mode 100644 index 0000000..e10db0f --- /dev/null +++ b/03-keys.sh @@ -0,0 +1,8 @@ +# Default keysize for private keys (default: 4096) +#KEYSIZE="4096" + +# Create an extra private key for rollover (default: no) +#PRIVATE_KEY_ROLLOVER="no" + +# Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 +#KEY_ALGO=rsa diff --git a/04-renew.sh b/04-renew.sh new file mode 100644 index 0000000..5cebd8b --- /dev/null +++ b/04-renew.sh @@ -0,0 +1,5 @@ +# Minimum days before expiration to automatically renew certificate (default: 10) +#RENEW_DAYS="10" + +# Regenerate private keys instead of just signing new certificates on renewal (default: yes) +#PRIVATE_KEY_RENEW="yes" diff --git a/05-ocsp.sh b/05-ocsp.sh new file mode 100644 index 0000000..42cab30 --- /dev/null +++ b/05-ocsp.sh @@ -0,0 +1,2 @@ +# Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no) +#OCSP_MUST_STAPLE="no" diff --git a/06-hook.sh b/06-hook.sh new file mode 100644 index 0000000..86f2f2b --- /dev/null +++ b/06-hook.sh @@ -0,0 +1,14 @@ +# Program or function called in certain situations +# +# After generating the challenge-response, or after failed challenge (in this case altname is empty) +# Given arguments: clean_challenge|deploy_challenge altname token-filename token-content +# +# After successfully signing certificate +# Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem +# +# BASEDIR and WELLKNOWN variables are exported and can be used in an external program +# default: +#HOOK="/etc/dehydrated/hook.sh" + +# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) +#HOOK_CHAIN="no" diff --git a/07-contact.sh b/07-contact.sh new file mode 100644 index 0000000..8484e06 --- /dev/null +++ b/07-contact.sh @@ -0,0 +1,2 @@ +# E-mail to use during the registration (default: ) +#CONTACT_EMAIL= diff --git a/config.sh b/config.sh new file mode 100644 index 0000000..2417752 --- /dev/null +++ b/config.sh @@ -0,0 +1,21 @@ +############################################################# +# This is the main config file for dehydrated # +# # +# This is the default configuration for the Debian package. # +# To see a more comprehensive example, see # +# /usr/share/doc/dehydrated/examples/config # +# # +# For details please read: # +# /usr/share/doc/dehydrated/README.Debian # +############################################################# + +# Path to a directory containing additional config files, allowing to override +# the defaults found in the main configuration file. Additional config files +# in this directory needs to be named with a '.sh' ending. +CONFIG_D="/etc/dehydrated/conf.d" + +# File containing the list of domains to request certificates for +DOMAINS_TXT="/etc/dehydrated/domains.txt" + +# Base directory for account key, generated certificates and list of domains +BASEDIR="/var/lib/dehydrated" -- 2.46.0