- config file split into smaller, more readable parts

diff --git a/01-ca-path.sh b/01-ca-path.sh
new file mode 100644 (file)
index 0000000..ac53c74
--- /dev/null
+++ b/01-ca-path.sh
@@ -0,0 +1,5 @@
+# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
+#CA="https://acme-v01.api.letsencrypt.org/directory"
+
+# Path to certificate authority license terms redirect (default: https://acme-v01.api.letsencrypt.org/terms)
+#CA_TERMS="https://acme-v01.api.letsencrypt.org/terms"

diff --git a/02-challenge-type.sh b/02-challenge-type.sh
new file mode 100644 (file)
index 0000000..5416ba9
--- /dev/null
+++ b/02-challenge-type.sh
@@ -0,0 +1,2 @@
+# Which challenge should be used? Currently http-01 and dns-01 are supported
+#CHALLENGETYPE="http-01"

diff --git a/03-keys.sh b/03-keys.sh
new file mode 100644 (file)
index 0000000..e10db0f
--- /dev/null
+++ b/03-keys.sh
@@ -0,0 +1,8 @@
+# Default keysize for private keys (default: 4096)
+#KEYSIZE="4096"
+
+# Create an extra private key for rollover (default: no)
+#PRIVATE_KEY_ROLLOVER="no"
+
+# Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
+#KEY_ALGO=rsa

diff --git a/04-renew.sh b/04-renew.sh
new file mode 100644 (file)
index 0000000..5cebd8b
--- /dev/null
+++ b/04-renew.sh
@@ -0,0 +1,5 @@
+# Minimum days before expiration to automatically renew certificate (default: 10)
+#RENEW_DAYS="10"
+
+# Regenerate private keys instead of just signing new certificates on renewal (default: yes)
+#PRIVATE_KEY_RENEW="yes"

diff --git a/05-ocsp.sh b/05-ocsp.sh
new file mode 100644 (file)
index 0000000..42cab30
--- /dev/null
+++ b/05-ocsp.sh
@@ -0,0 +1,2 @@
+# Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no)
+#OCSP_MUST_STAPLE="no"

diff --git a/06-hook.sh b/06-hook.sh
new file mode 100644 (file)
index 0000000..86f2f2b
--- /dev/null
+++ b/06-hook.sh
@@ -0,0 +1,14 @@
+# Program or function called in certain situations
+#
+# After generating the challenge-response, or after failed challenge (in this case altname is empty)
+# Given arguments: clean_challenge|deploy_challenge altname token-filename token-content
+#
+# After successfully signing certificate
+# Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem
+#
+# BASEDIR and WELLKNOWN variables are exported and can be used in an external program
+# default: <unset>
+#HOOK="/etc/dehydrated/hook.sh"
+
+# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
+#HOOK_CHAIN="no"

diff --git a/07-contact.sh b/07-contact.sh
new file mode 100644 (file)
index 0000000..8484e06
--- /dev/null
+++ b/07-contact.sh
@@ -0,0 +1,2 @@
+# E-mail to use during the registration (default: <unset>)
+#CONTACT_EMAIL=

diff --git a/config.sh b/config.sh
new file mode 100644 (file)
index 0000000..2417752
--- /dev/null
+++ b/config.sh
@@ -0,0 +1,21 @@
+#############################################################
+# This is the main config file for dehydrated               #
+#                                                           #
+# This is the default configuration for the Debian package. #
+# To see a more comprehensive example, see                  #
+# /usr/share/doc/dehydrated/examples/config                 #
+#                                                           #
+# For details please read:                                  #
+# /usr/share/doc/dehydrated/README.Debian                   #
+#############################################################
+
+# Path to a directory containing additional config files, allowing to override
+# the defaults found in the main configuration file. Additional config files
+# in this directory needs to be named with a '.sh' ending.
+CONFIG_D="/etc/dehydrated/conf.d"
+
+# File containing the list of domains to request certificates for
+DOMAINS_TXT="/etc/dehydrated/domains.txt"
+
+# Base directory for account key, generated certificates and list of domains
+BASEDIR="/var/lib/dehydrated"