make some config options optional

[lets-encrypt-tiny.git] / letsencrypt-tiny.conf.sample

diff --git a/letsencrypt-tiny.conf.sample b/letsencrypt-tiny.conf.sample
index d2535e5ad9ff25a3cb608499cad627fbf9b48f5a..f195128c06eec395c75b626e563665f1562edf1d 100644 (file)
--- a/letsencrypt-tiny.conf.sample
+++ b/letsencrypt-tiny.conf.sample
@@ -5,16 +5,27 @@ domains =
   example.org
   example.com
 
+# The length of secret RSA keys
+key-length = 4096
+
 # File containing the DH parameters, as generated by openssl (optional)
 dh-params = /etc/ssl/dh2048.pem
 
+[timing]
+# After how many days should the private key be re-generated?
+max-key-age-days = 180
+# How many hours should a new private key be left in staging? (0 for no staging)
+staging-hours = 25
+# How many days before a certificate expires, should it be renewed?
+renew-cert-before-expiry-days = 15
+
 [hooks]
 # Called after a new certificate has been obtained.
 # Example usage: Reloading services.
-post-cert = /home/user/letsencrypt/cert-hook
+post-certchange = /home/user/letsencrypt/cert-hook
 # Called after a new certificate has been obtained, *if* there also were changes in the private keys
 # Example usage: Updating TLSA records (with the selector being SubjectPublicKeyInfo) in the zone
-post-key = /home/user/letsencrypt/key-hook
+post-keychange = /home/user/letsencrypt/key-hook
 
 # Parameters for acme-tiny <https://github.com/diafygi/acme-tiny/>
 [acme]