mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-03-19 07:43:50 +01:00
527933db24
- Ensure that all per-certificate settings are saved and restored in store_configvars() and reset_configvars() - that's what makes them per-certificate in the first place... - Add OCSP_FETCH and OCSP_DAYS in the documented list of supported per-certificate configs, since the code does allow these.
30 lines
744 B
Markdown
30 lines
744 B
Markdown
# Config on per-certificate base
|
|
|
|
dehydrated allows a few configuration variables to be set on a per-certificate base.
|
|
|
|
To use this feature create a `config` file in the certificates output directory (e.g. `certs/example.org/config`).
|
|
|
|
Currently supported options:
|
|
|
|
- PRIVATE_KEY_RENEW
|
|
- PRIVATE_KEY_ROLLOVER
|
|
- KEY_ALGO
|
|
- KEYSIZE
|
|
- OCSP_MUST_STAPLE
|
|
- OCSP_FETCH
|
|
- OCSP_DAYS
|
|
- CHALLENGETYPE
|
|
- HOOK
|
|
- HOOK_CHAIN
|
|
- WELLKNOWN
|
|
- OPENSSL_CNF
|
|
- RENEW_DAYS
|
|
- PREFERRED_CHAIN
|
|
|
|
## DOMAINS_D
|
|
|
|
If `DOMAINS_D` is set, dehydrated will use it for your per-certificate configurations.
|
|
Instead of `certs/example.org/config` it will look for a configuration under `DOMAINS_D/example.org`.
|
|
|
|
If an alias is set, it will be used instead of the primary domain name.
|