From 63f6a3181fea59360b2bfe430f5c798f88b22527 Mon Sep 17 00:00:00 2001 From: Lexi Winter Date: Wed, 4 Jun 2025 08:51:26 +0100 Subject: add a TSIG-based dns validation handler while here, reorganise and improve documentation a bit. --- acme.conf.sample | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'acme.conf.sample') diff --git a/acme.conf.sample b/acme.conf.sample index 86d8693..151e4c9 100644 --- a/acme.conf.sample +++ b/acme.conf.sample @@ -1,6 +1,11 @@ # This is a sample configuration file for lfacme. It is a shell script, # so you can include other files or call programs here if you like. +####################################################################### +# Base options. +# +# These options are used by lfacme itself. + ### ACME_URL # The URL of the ACME server. @@ -29,6 +34,12 @@ #ACME_HOOKDIR="/some/directory" +####################################################################### +# lfacme-http(5) options. +# +# These options are used for the "http" challenge. + + ### ACME_HTTP_CHALLENGE_DIR # When using the "http" challenge handler, this is the directory which contains # ACME challenges. This must be served at /.well-known/acme-challenge on any @@ -38,6 +49,25 @@ #ACME_HTTP_CHALLENGE_DIR="/var/www/acme-challenge" +####################################################################### +# lfacme-dns(5) options. +# +# These options are used for the "dns" challenge. + + +### ACME_DNS_KEYFILE +# Path to the TSIG key nsupdate will use to authenticate the update. +# No default; you must configure this when using the dns challenge. + +#ACME_DNS_KEYFILE="/path/to/key" + + +####################################################################### +# lfacme-kerberos(5) options. +# +# These options are used for the "kerberos" challenge. + + ### ACME_KERBEROS_PRINCIPAL # When using the "kerberos" challenge handler, this is the Kerberos principal # we use for nsupdate. The default is "host/$(hostname)", which assumes a @@ -45,6 +75,7 @@ #ACME_KERBEROS_PRINCIPAL="host/server.example.org@EXAMPLE.ORG" + ### ACME_KERBEROS_KEYTAB # When using the "kerberos" challenge handler, this is the keytab used to # issue the ticket. It must contain a key for $ACME_KERBEROS_PRINCIPAL. -- cgit v1.3