mirror of https://github.com/moepman/acertmgr.git
80 lines
2.2 KiB
YAML
80 lines
2.2 KiB
YAML
---
|
|
|
|
# this will save the the key and certificate chain seperately
|
|
mail.example.com:
|
|
- path: /etc/postfix/ssl/mail.key
|
|
user: root
|
|
group: root
|
|
perm: '400'
|
|
format: key
|
|
action: '/etc/init.d/postfix reload'
|
|
- path: /etc/postfix/ssl/mail.crt
|
|
user: root
|
|
group: root
|
|
perm: '400'
|
|
format: crt,ca
|
|
action: '/etc/init.d/postfix reload'
|
|
|
|
# this will combine the key and certificate chain into a single file
|
|
jabber.example.com:
|
|
- path: /etc/ejabberd/server.pem
|
|
user: jabber
|
|
group: jabber
|
|
perm: '400'
|
|
format: key,crt,ca
|
|
action: '/etc/init.d/ejabberd restart'
|
|
|
|
# this will create a certificate with subject alternative names
|
|
www.example.com example.com:
|
|
- path: /var/www/ssl/cert.pem
|
|
user: apache
|
|
group: apache
|
|
perm: '400'
|
|
action: '/etc/init.d/apache2 reload'
|
|
format: crt,ca
|
|
- path: /var/www/ssl/key.pem
|
|
user: apache
|
|
group: apache
|
|
perm: '400'
|
|
action: '/etc/init.d/apache2 reload'
|
|
format: key
|
|
|
|
# this will create a certificate with subject alternative names
|
|
# using a different challenge handler for one domain
|
|
# wildcards are possible with api v2 and dns challenge modes only!
|
|
mail.example.com smtp.example.com webmail.example.net *.intra.example.com:
|
|
- mode: dns.nsupdate
|
|
dns_ttl: 120
|
|
csr_static: true
|
|
nsupdate_server: ns1.example.com
|
|
nsupdate_keyname: mail
|
|
nsupdate_keyvalue: Test1234512359==
|
|
nsupdate_keyalgorithm: HMAC-MD5.SIG-ALG.REG.INT
|
|
- domain: webmail.example.net
|
|
mode: dns.nsupdate
|
|
nsupdate_server: ns1.example.net
|
|
nsupdate_keyname: webmail.
|
|
nsupdate_keyfile: /etc/nsupdate.key
|
|
dns_updatedomain: webmail.example.net
|
|
- path: /etc/postfix/ssl/mail.key
|
|
user: root
|
|
group: root
|
|
perm: '400'
|
|
format: key
|
|
action: '/etc/init.d/postfix reload'
|
|
- path: /etc/postfix/ssl/mail.crt
|
|
user: root
|
|
group: root
|
|
perm: '400'
|
|
format: crt,ca
|
|
action: '/etc/init.d/postfix reload'
|
|
|
|
# this will use a different authority for the following set of domains (buypass.com in this example)
|
|
buypass-example.com *.buypass-example.com:
|
|
- authority: 'https://api.buypass.com/acme' # Removed trailing /directory from buypass docs for API endpoint
|
|
mode: dns.nsupdate
|
|
nsupdate_keyname: buypass
|
|
nsupdate_keyvalue: Test1234512359==
|
|
nsupdate_keyalgorithm: HMAC-MD5.SIG-ALG.REG.INT
|
|
|