example.ini 1.85 KB
Newer Older
1
[acmednstiny]
2
# Required readable ACME account key
3
AccountKeyFile = account.key
4

5
# Required readable CSR file
6
# Note: if you use the "--csr" optional argument, this setting is not read and can be omitted
Adrien Dorsaz's avatar
Adrien Dorsaz committed
7
CSRFile = domain.csr
8

9 10
# Optional ACME directory url
# Default: https://acme-staging-v02.api.letsencrypt.org/directory
11
ACMEDirectory = https://acme-staging-v02.api.letsencrypt.org/directory
12

13 14 15 16 17 18 19
# Optional To be able to be reached by ACME provider (e.g. to warn about
# certificate expicration), you can provide some contact informations.
# Contacts setting is a list of contact URI separated by semicolon (;).
# If ACME provider support contact informations, it must at least support mailto
# URI and can support more of contact.
# For the mailto URI, the email address part must contains only one address
# without header fields (see [RFC6068]).
20
# Default: none
21
Contacts = mailto:mail@example.com;mailto:mail2@example.org
22

23 24 25 26
# Optional to give hint to the ACME server about your prefered language for errors given by their server
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language for more informations
# Default: en
Language = en
27 28

[TSIGKeyring]
29
# Required TSIG key name
30
KeyName = host-example
31

32
# Required TSIG key value in base64
33
KeyValue = XXXXXXXXXXX==
34

35
# Required TSIG algorithm
Adrien Dorsaz's avatar
Adrien Dorsaz committed
36
Algorithm = hmac-sha256
37 38

[DNS]
39
# Required name of zone to update
40
Zone = dnszone
41

42
# Required name or IP of DNS server
43
Host = dnsserver
44

45
# Optional port to connect on DNS server (default: 53)
46
Port = 53
47

48 49 50 51
# Optional time to live (TTL) value used to add DNS entries
# For each domain registered in the CSR, at least 1 TTL is waited before certificate creation.
# If an error occurs while looking for TXT records, we wait up to 10 TTLs by domain.
# That's why the default is only of 10 seconds, to avoid having too long time to wait to receive a new certificate.
52 53
# Default: 10 seconds
TTL = 10