1
0
mirror of https://github.com/moepman/acertmgr.git synced 2024-11-16 18:09:13 +01:00
acertmgr/docs/domain.conf

69 lines
1.8 KiB
Plaintext

---
# this will save the the key and certificate chain seperately
mail.example.com:
- path: /etc/postfix/ssl/mail.key
user: root
group: root
perm: '400'
format: key
action: '/etc/init.d/postfix reload'
- path: /etc/postfix/ssl/mail.crt
user: root
group: root
perm: '400'
format: crt,ca
action: '/etc/init.d/postfix reload'
# this will combine the key and certificate chain into a single file
jabber.example.com:
- path: /etc/ejabberd/server.pem
user: jabber
group: jabber
perm: '400'
format: key,crt,ca
action: '/etc/init.d/ejabberd restart'
# this will create a certificate with subject alternative names
www.example.com example.com:
- path: /var/www/ssl/cert.pem
user: apache
group: apache
perm: '400'
action: '/etc/init.d/apache2 reload'
format: crt,ca
- path: /var/www/ssl/key.pem
user: apache
group: apache
perm: '400'
action: '/etc/init.d/apache2 reload'
format: key
# this will create a certificate with subject alternative names
# using a different challenge handler for one domain
# wildcards are possible with api v2 and dns challenge modes only!
mail.example.com smtp.example.com webmail.example.net *.intra.example.com:
- mode: dns.nsupdate
nsupdate_server: ns1.example.com
nsupdate_keyname: mail
nsupdate_keyvalue: Test1234512359==
nsupdate_keyalgorithm: HMAC-MD5.SIG-ALG.REG.INT
- domain: webmail.example.net
mode: dns.nsupdate
nsupdate_server: ns1.example.net
nsupdate_keyname: webmail.
nsupdate_keyfile: /etc/nsupdate.key
dns_updatedomain: webmail.example.net
- path: /etc/postfix/ssl/mail.key
user: root
group: root
perm: '400'
format: key
action: '/etc/init.d/postfix reload'
- path: /etc/postfix/ssl/mail.crt
user: root
group: root
perm: '400'
format: crt,ca
action: '/etc/init.d/postfix reload'