-# File containing the DH parameters, as generated by openssl (optional)
-dh-params = /etc/ssl/dh2048.pem
+# The length of secret RSA keys
+key-length = 4096
+
+[timing]
+# After how many days should the private key be re-generated?
+max-key-age-days = 180
+# How many hours should a new private key be left in staging? Remove or set to 0 to enable immediate activation.
+staging-hours = 25
+# How many days before a certificate expires, should it be renewed?
+renew-cert-before-expiry-days = 15