# A sample config file for letsencrypt-tiny # List of domains for the cert to apply to. domains = example.org example.com # The length of secret RSA keys key-length = 4096 [timing] # After how many days should the private key be re-generated? max-key-age-days = 180 # How many hours should a new private key be left in staging? Remove or set to 0 to enable immediate activation. staging-hours = 25 # How many days before a certificate expires, should it be renewed? renew-cert-before-expiry-days = 15 [hooks] # Called after a new certificate has been obtained. # Example usage: Reloading services, generating combined "certificate + key chain" file. post-certchange = /home/user/letsencrypt/cert-hook # Called after a new certificate has been obtained, *if* there also were changes in the private keys # Example usage: Updating TLSA records (with the selector being SubjectPublicKeyInfo) in the zone post-keychange = /home/user/letsencrypt/key-hook # Parameters for the embedded acme-tiny [acme] account-key = /etc/ssl/private/letsencrypt/account.key challenge-dir = /srv/acme-challenge/ # Where to store all the things. [dirs] certs = /etc/ssl/mycerts/letsencrypt keys = /etc/ssl/private/letsencrypt backups = /etc/ssl/old/letsencrypt [files] # Base name of the live key and certificate. live = live # Base name of the staging key and certificate. Used during generation of a new key, to avoid trouble if something fails there. staging = staging