# A sample config file for letsencrypt-tiny

# List of domains for the cert to apply to.
domains =
  example.org
  example.com

# The length of secret RSA keys
key-length = 4096

[timing]
# After how many days should the private key be re-generated?
max-key-age-days = 180
# How many hours should a new private key be left in staging? (Must be set iff 'staging' is set in [files].)
staging-hours = 25
# How many days before a certificate expires, should it be renewed?
renew-cert-before-expiry-days = 15

[hooks]
# Called after a new certificate has been obtained.
# Example usage: Reloading services, generating combined "certificate + key chain" file.
post-certchange = /home/user/letsencrypt/cert-hook
# Called after a new certificate has been obtained, *if* there also were changes in the private keys
# Example usage: Updating TLSA records (with the selector being SubjectPublicKeyInfo) in the zone
post-keychange = /home/user/letsencrypt/key-hook

# Parameters for acme-tiny <https://github.com/diafygi/acme-tiny/>
[acme]
acme-tiny = /home/user/letsencrypt/acme-tiny/
account-key = /etc/ssl/private/letsencrypt/account.key
challenge-dir = /srv/acme-challenge/

# Where to store all the things.
[dirs]
certs = /etc/ssl/mycerts/letsencrypt
keys = /etc/ssl/private/letsencrypt
csrs = /etc/ssl/private/letsencrypt
backups = /etc/ssl/old/letsencrypt

[files]
# Base name of the live key and certificate
live = live
# Base name of the staging key and certificate (optional)
staging = staging