[timing]
# After how many days should the private key be re-generated?
max-key-age-days = 180
-# How many hours should a new private key be left in staging? (Must be set iff 'staging' is set in [files].)
+# How many hours should a new private key be left in staging? Remove or set to 0 to enable immediate activation.
staging-hours = 25
# How many days before a certificate expires, should it be renewed?
renew-cert-before-expiry-days = 15
# Example usage: Updating TLSA records (with the selector being SubjectPublicKeyInfo) in the zone
post-keychange = /home/user/letsencrypt/key-hook
-# Parameters for acme-tiny <https://github.com/diafygi/acme-tiny/>
+# Parameters for the embedded acme-tiny <https://github.com/diafygi/acme-tiny/>
[acme]
-acme-tiny = /home/user/letsencrypt/acme-tiny/
account-key = /etc/ssl/private/letsencrypt/account.key
challenge-dir = /srv/acme-challenge/
backups = /etc/ssl/old/letsencrypt
[files]
-# Base name of the live key and certificate
+# Base name of the live key and certificate.
live = live
-# Base name of the staging key and certificate (optional)
+# Base name of the staging key and certificate. Used during generation of a new key, to avoid trouble if something fails there.
staging = staging