starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity
Files
master
dehydrated/docs/per-certificate-config.md
Michel Lespinasse 527933db24 Per-certificate config fixes 
- Ensure that all per-certificate settings are saved and restored in
  store_configvars() and reset_configvars() - that's what makes them
  per-certificate in the first place...

- Add OCSP_FETCH and OCSP_DAYS in the documented list of supported
  per-certificate configs, since the code does allow these.
2021-02-18 16:51:14 +01:00

744 B
Raw Permalink Blame History

Config on per-certificate base

dehydrated allows a few configuration variables to be set on a per-certificate base.

To use this feature create a config file in the certificates output directory (e.g. certs/example.org/config).

Currently supported options:

  • PRIVATE_KEY_RENEW
  • PRIVATE_KEY_ROLLOVER
  • KEY_ALGO
  • KEYSIZE
  • OCSP_MUST_STAPLE
  • OCSP_FETCH
  • OCSP_DAYS
  • CHALLENGETYPE
  • HOOK
  • HOOK_CHAIN
  • WELLKNOWN
  • OPENSSL_CNF
  • RENEW_DAYS
  • PREFERRED_CHAIN

DOMAINS_D

If DOMAINS_D is set, dehydrated will use it for your per-certificate configurations. Instead of certs/example.org/config it will look for a configuration under DOMAINS_D/example.org.

If an alias is set, it will be used instead of the primary domain name.

Reference in New Issue View Git Blame Copy Permalink