X-Git-Url: https://git.phdru.name/?a=blobdiff_plain;f=playbooks%2Froles%2Fdebian%2Fadd-apache-vhost%2Ftemplates%2Fdehydrated%2Fconfig;fp=playbooks%2Froles%2Fdebian%2Fadd-apache-vhost%2Ftemplates%2Fdehydrated%2Fconfig;h=b40241d01030b10d7b84d4ddcb5ece420760b3ed;hb=424c41462e9f4f38fdf666f2180342a8268a95c7;hp=0000000000000000000000000000000000000000;hpb=412c5f3f80f4aadecce7e27f6d0f8616a665f48d;p=ansible.git diff --git a/playbooks/roles/debian/add-apache-vhost/templates/dehydrated/config b/playbooks/roles/debian/add-apache-vhost/templates/dehydrated/config new file mode 100644 index 0000000..b40241d --- /dev/null +++ b/playbooks/roles/debian/add-apache-vhost/templates/dehydrated/config @@ -0,0 +1,110 @@ +######################################################## +# This is the main config file for dehydrated # +# # +# This file is looked for in the following locations: # +# $SCRIPTDIR/config (next to this script) # +# /usr/local/etc/dehydrated/config # +# /etc/dehydrated/config # +# ${PWD}/config (in current working-directory) # +# # +# Default values of this config are in comments # +######################################################## + +# Resolve names to addresses of IP version only. (curl) +# supported values: 4, 6 +# default: +#IP_VERSION= + +# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) +#CA="https://acme-staging.api.letsencrypt.org/directory" +CA="https://acme-v01.api.letsencrypt.org/directory" + +# Path to certificate authority license terms redirect (default: https://acme-v01.api.letsencrypt.org/terms) +#CA_TERMS="https://acme-staging.api.letsencrypt.org/terms" +CA_TERMS="https://acme-v01.api.letsencrypt.org/terms" + +# Path to license agreement (default: ) +#LICENSE="" + +# Which challenge should be used? Currently http-01 and dns-01 are supported +#CHALLENGETYPE="http-01" + +# Path to a directory containing additional config files, allowing to override +# the defaults found in the main configuration file. Additional config files +# in this directory needs to be named with a '.sh' ending. +# default: +#CONFIG_D= + +# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined) +#BASEDIR=$SCRIPTDIR + +# File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt) +#DOMAINS_TXT="${BASEDIR}/domains.txt" + +# Output directory for generated certificates +#CERTDIR="${BASEDIR}/certs" + +# Directory for account keys and registration information +#ACCOUNTDIR="${BASEDIR}/accounts" + +# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated) +#WELLKNOWN="/var/www/dehydrated" +WELLKNOWN="/usr/local/apache2/htdocs/.well-known/acme-challenge/" + +# Default keysize for private keys (default: 4096) +#KEYSIZE="4096" + +# Path to openssl config file (default: - tries to figure out system default) +#OPENSSL_CNF= + +# Path to OpenSSL binary (default: "openssl") +#OPENSSL="openssl" + +# Extra options passed to the curl binary (default: ) +#CURL_OPTS= + +# Program or function called in certain situations +# +# After generating the challenge-response, or after failed challenge (in this case altname is empty) +# Given arguments: clean_challenge|deploy_challenge altname token-filename token-content +# +# After successfully signing certificate +# Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem +# +# BASEDIR and WELLKNOWN variables are exported and can be used in an external program +# default: +HOOK=./hook + +# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) +#HOOK_CHAIN="no" + +# Minimum days before expiration to automatically renew certificate (default: 30) +#RENEW_DAYS="30" + +# Regenerate private keys instead of just signing new certificates on renewal (default: yes) +#PRIVATE_KEY_RENEW="yes" +PRIVATE_KEY_RENEW="no" + +# Create an extra private key for rollover (default: no) +#PRIVATE_KEY_ROLLOVER="no" + +# Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 +#KEY_ALGO=rsa + +# E-mail to use during the registration (default: ) +CONTACT_EMAIL=webmaster@{{ virtual_host }} + +# Lockfile location, to prevent concurrent access (default: $BASEDIR/lock) +#LOCKFILE="${BASEDIR}/lock" + +# Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no) +#OCSP_MUST_STAPLE="no" + +# Fetch OCSP responses (default: no) +#OCSP_FETCH="no" + +# Issuer chain cache directory (default: $BASEDIR/chains) +#CHAINCACHE="${BASEDIR}/chains" + +# Automatic cleanup (default: no) +#AUTO_CLEANUP="no"