X-Git-Url: https://git.ralfj.de/lets-encrypt-tiny.git/blobdiff_plain/b2e264ae28b45fe07844a7d9d19f8e7f81cf40cf..dc4016b0062b501a783f99f0cf8201023d8a3e56:/letsencrypt-tiny.conf.sample
diff --git a/letsencrypt-tiny.conf.sample b/letsencrypt-tiny.conf.sample
index d2535e5..178eead 100644
--- a/letsencrypt-tiny.conf.sample
+++ b/letsencrypt-tiny.conf.sample
@@ -5,20 +5,27 @@ domains =
example.org
example.com
-# File containing the DH parameters, as generated by openssl (optional)
-dh-params = /etc/ssl/dh2048.pem
+# The length of secret RSA keys
+key-length = 4096
+
+[timing]
+# After how many days should the private key be re-generated?
+max-key-age-days = 180
+# How many hours should a new private key be left in staging? Remove or set to 0 to enable immediate activation.
+staging-hours = 25
+# How many days before a certificate expires, should it be renewed?
+renew-cert-before-expiry-days = 15
[hooks]
# Called after a new certificate has been obtained.
-# Example usage: Reloading services.
-post-cert = /home/user/letsencrypt/cert-hook
+# Example usage: Reloading services, generating combined "certificate + key chain" file.
+post-certchange = /home/user/letsencrypt/cert-hook
# Called after a new certificate has been obtained, *if* there also were changes in the private keys
# Example usage: Updating TLSA records (with the selector being SubjectPublicKeyInfo) in the zone
-post-key = /home/user/letsencrypt/key-hook
+post-keychange = /home/user/letsencrypt/key-hook
-# Parameters for acme-tiny
+# Parameters for the embedded acme-tiny
[acme]
-acme-tiny = /home/user/letsencrypt/acme-tiny/
account-key = /etc/ssl/private/letsencrypt/account.key
challenge-dir = /srv/acme-challenge/
@@ -26,11 +33,10 @@ challenge-dir = /srv/acme-challenge/
[dirs]
certs = /etc/ssl/mycerts/letsencrypt
keys = /etc/ssl/private/letsencrypt
-csrs = /etc/ssl/private/letsencrypt
backups = /etc/ssl/old/letsencrypt
[files]
-# Base name of the live key and certificate
+# Base name of the live key and certificate.
live = live
-# Base name of the staging key and certificate (optional)
+# Base name of the staging key and certificate. Used during generation of a new key, to avoid trouble if something fails there.
staging = staging