example.ini 2.52 KB
Newer Older
1
[acmednstiny]
2
# Required readable ACME account key
3
AccountKeyFile = account.key
4

5
# Required readable CSR file
6
# Note: if you use the "--csr" optional argument, this setting is not read and can be omitted
Adrien Dorsaz's avatar
Adrien Dorsaz committed
7
CSRFile = domain.csr
8

9 10
# Optional ACME directory url
# Default: https://acme-staging-v02.api.letsencrypt.org/directory
11
#ACMEDirectory = https://acme-staging-v02.api.letsencrypt.org/directory
12

13 14 15 16 17 18 19
# Optional To be able to be reached by ACME provider (e.g. to warn about
# certificate expicration), you can provide some contact informations.
# Contacts setting is a list of contact URI separated by semicolon (;).
# If ACME provider support contact informations, it must at least support mailto
# URI and can support more of contact.
# For the mailto URI, the email address part must contains only one address
# without header fields (see [RFC6068]).
20
# Default: none
21
#Contacts = mailto:mail@example.com;mailto:mail2@example.org
22

23 24 25
# Optional to give hint to the ACME server about your prefered language for errors given by their server
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language for more informations
# Default: en
26
#Language = en
27

28 29 30
# Optional: ask to request different format of certificate file.
# By default, acme-dns-tiny request a certificate chain with format
# "application/pem-certificate-chain"
31 32 33 34 35
# With this format, you can assume the first certificate block is the one for
# your domains, as the ACME RFC force the format to have this certificate first.
#
# If the ACME server support different format, you can specify it here
# (e.g. application/pkix-cert, applicaiton/pkcs7-mime)
36 37
# Note that, if the format selected doesn't provide a full chain, you should
# read logs to find the related certificates (see link header with attribute rel=up)
38
#CertificateFormat = application/pem-certificate-chain
39

40
[TSIGKeyring]
41
# Required TSIG key name
42
KeyName = host-example
43

44
# Required TSIG key value in base64
45
KeyValue = XXXXXXXXXXX==
46

47
# Required TSIG algorithm
Adrien Dorsaz's avatar
Adrien Dorsaz committed
48
Algorithm = hmac-sha256
49 50

[DNS]
51
# Required name of zone to update
52
Zone = dnszone
53

54
# Required name or IP of DNS server
55
Host = dnsserver
56

57
# Optional port to connect on DNS server (default: 53)
58
#Port = 53
59

60 61 62 63
# Optional time to live (TTL) value used to add DNS entries
# For each domain registered in the CSR, at least 1 TTL is waited before certificate creation.
# If an error occurs while looking for TXT records, we wait up to 10 TTLs by domain.
# That's why the default is only of 10 seconds, to avoid having too long time to wait to receive a new certificate.
64
# Default: 10 seconds
65
#TTL = 10