example.ini 2.36 KB
Newer Older
1
[acmednstiny]
2
# Required readable ACME account key
3
AccountKeyFile = account.key
4

5
# Required readable CSR file
6
# Note: if you use the "--csr" optional argument, this setting is not read and can be omitted
Adrien Dorsaz's avatar
Adrien Dorsaz committed
7
CSRFile = domain.csr
8

9 10
# Optional ACME directory url
# Default: https://acme-staging-v02.api.letsencrypt.org/directory
11
ACMEDirectory = https://acme-staging-v02.api.letsencrypt.org/directory
12

13 14 15 16 17 18 19
# Optional To be able to be reached by ACME provider (e.g. to warn about
# certificate expicration), you can provide some contact informations.
# Contacts setting is a list of contact URI separated by semicolon (;).
# If ACME provider support contact informations, it must at least support mailto
# URI and can support more of contact.
# For the mailto URI, the email address part must contains only one address
# without header fields (see [RFC6068]).
20
# Default: none
21
Contacts = mailto:mail@example.com;mailto:mail2@example.org
22

23 24 25 26
# Optional to give hint to the ACME server about your prefered language for errors given by their server
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language for more informations
# Default: en
Language = en
27

28 29 30 31 32 33 34 35 36
# Optional: ask to request different format of certificate file.
# By default, acme-dns-tiny request a certificate chain with format
# "application/pem-certificate-chain"
# If the ACME server used support different format, you can specify it here
# (e.g. application/pkix-cert, applicaiton/pkcs7-mime
# Note that, if the format selected doesn't provide a full chain, you should
# read logs to find the related certificates (see link header with attribute rel=up)
CertificateFormat = application/pem-certificate-chain

37
[TSIGKeyring]
38
# Required TSIG key name
39
KeyName = host-example
40

41
# Required TSIG key value in base64
42
KeyValue = XXXXXXXXXXX==
43

44
# Required TSIG algorithm
Adrien Dorsaz's avatar
Adrien Dorsaz committed
45
Algorithm = hmac-sha256
46 47

[DNS]
48
# Required name of zone to update
49
Zone = dnszone
50

51
# Required name or IP of DNS server
52
Host = dnsserver
53

54
# Optional port to connect on DNS server (default: 53)
55
Port = 53
56

57 58 59 60
# Optional time to live (TTL) value used to add DNS entries
# For each domain registered in the CSR, at least 1 TTL is waited before certificate creation.
# If an error occurs while looking for TXT records, we wait up to 10 TTLs by domain.
# That's why the default is only of 10 seconds, to avoid having too long time to wait to receive a new certificate.
61 62
# Default: 10 seconds
TTL = 10