Skip to content
Snippets Groups Projects

Remove scip/zimpl binaries from shared repository

284 files
+ 9834
1671
Compare changes
  • Side-by-side
  • Inline

Files

---
acmebot_account_mail: "{{ adminaddr }}"
acmebot_version: "v2.7.0"
acmebot_enable_update_check: true
acmebot_settings: {}
acmebot_default_settings:
log_level: "detail"
color_output: true
acme_directory_url: "https://acme-v02.api.letsencrypt.org/directory"
public_suffix_list_url: "https://publicsuffix.org/list/public_suffix_list.dat"
ocsp_responder_urls:
- "http://ocsp.int-x3.letsencrypt.org"
reload_zone_command: null
nsupdate_command: null
hpkp_report_uri: null
ct_submit_logs:
- "google_argon"
- "google_xenon"
file_user: root
file_group: root
key_size: 4096 # null to turn off RSA certificates
key_curve: "secp384r1" # null to turn off ECDSA certificates
key_cipher: null
key_passphrase: null # null to turn off private key encryption
dhparam_size: 2048 # null to turn off custom dhparams
ecparam_curve: "secp384r1" # null to turn off custom EC params
follower_mode: false
ocsp_must_staple: false # application support isn't good enough
auto_rollover: true # must be false on followers
pin_subdomains: false
verify: null # e.g. [443]
services: null # e.g. [nginx-proxy]
hpkp_days: 60
renewal_days: 30
expiration_days: 730
max_dns_lookup_attempts: 60
dns_lookup_delay: 10
max_domains_per_order: 100
max_authorization_attempts: 30
authorization_delay: 10
cert_poll_time: 30
max_ocsp_verify_attempts: 10
ocsp_verify_retry_delay: 5
min_run_delay: 300
max_run_delay: 3600
# can be empty string, e.g. when using only one key type
acmebot_key_suffixes: {}
acmebot_default_key_suffixes:
rsa: ".rsa"
ecdsa: ".ecdsa"
# format strings with: name (of privkey or cert), key_type, suffix, server
# http_challenge uses: zone, host (without zone, "." if fqdn == zone), fqdn
# if http_challenge is set, defaults to http-01
# set to null for specified certs to use dns-01 for those
acmebot_directories: {}
acmebot_default_directories:
pid: "/run/acmebot"
log: "/var/log/acmebot"
resource: "/var/lib/acmebot"
temp: null
private_key: /etc/ssl/acmebot/privkey
backup_key: /etc/ssl/acmebot/backup_privkey
previous_key: null
full_key: /etc/ssl/acmebot/full_privkey # maybe null to turn off
certificate: /etc/ssl/acmebot/cert
full_certificate: /etc/ssl/acmebot/full_cert # maybe null
chain: /etc/ssl/acmebot/chain # maybe null
param: /etc/ssl/acmebot/params # maybe null
challenge: /etc/ssl/acmebot/challenges # for dns-01 only
http_challenge: "/var/run/acme/acme-challenge" # maybe null
hpkp: /etc/ssl/acmebot/hpkp # maybe null
ocsp: /etc/ssl/acmebot/ocsp # maybe null
sct: "/etc/ssl/acmebot/scts/{name}/{key_type}" # maybe null
update_key: /etc/ssl/acmebot/update_keys
archive: /etc/ssl/acmebot/archive
# format strings with: name (of privkey or cert), key_type, suffix, server
acmebot_file_names: {}
acmebot_default_file_names:
log: "acmebot.log"
private_key: "{name}{suffix}.pem"
backup_key: "{name}_backup{suffix}.pem"
previous_key: "{name}_previous{suffix}.pem"
full_key: "{name}_full{suffix}.pem"
certificate: "{name}{suffix}.pem"
full_certificate: "{name}{suffix}.pem"
chain: "{name}_chain{suffix}.pem"
param: "{name}_param.pem"
challenge: "{name}"
hpkp: "{name}.{server}"
ocsp: "{name}{suffix}.ocsp"
sct: "{ct_log_name}.sct"
# override with null
acmebot_hpkp_headers: {}
acmebot_default_hpkp_headers:
apache: "Header always set Public-Key-Pins \"{header}\"\n"
nginx: "add_header Public-Key-Pins \"{header}\" always;\n"
acmebot_services: {}
acmebot_default_services:
dovecot: "systemctl restart dovecot"
mysql: "systemctl reload mysql"
nginx: "systemctl reload nginx"
nginx-proxy: "systemctl reload nginx-proxy"
postfix: "systemctl reload postfix"
postgresql: "systemctl reload postgresql"
prosody: "systemctl restart prosody"
# authorizations to maintain without certficates (e.g. for master/follower)
acmebot_authorizations: {}
# <zone-name>:
# - <host-name>
# - <host-name>
# when global http_challenges directory set: use null to revert back to dns-01
# else: override dns-01 default with http-01 per domain
acmebot_http_challenges: {}
# <domain-name>: <challenge-directory>
# for doing DNSSEC manually, specify TSIG keys
acmebot_zone_update_keys: {}
# when using HPKP it may be beneficial to share private keys between certs
# this dict contains multiple certificate sections per private key,
# all key-specific config moved up
acmebot_private_keys: {}
acmebot_certificates: {}
# <certificate-name>:
# common_name: <common-name>
# alt_names:
# <zone-name>:
# - "@",
# - <host-name>
# services:
# - <service-name>
# tlsa_records:
# <zone-name>:
# - <host-name>
# - host: <host-name>
# port: <port-number>
# usage: pkix-ee
# selector: spki
# protocol: tcp
# ttl: 300
# dhparam_size: 2048
# ecparam_curve: secp384r1
# key_types:
# - rsa
# - ecdsa
# key_size: 4096
# key_curve: secp384r1
# key_cipher: blowfish
# key_passphrase:
# expiration_days: 730
# auto_rollover: false
# hpkp_days: 30
# pin_subdomains: true
# hpkp_report_uri:
# ocsp_must_staple: false
# ocsp_responder_urls:
# - "http://ocsp.int-x3.letsencrypt.org"
# ct_submit_logs:
# - google_icarus
# - google_pilot
# verify:
# - 443,
# - port: 25
# hosts:
# - <domain-name>
# - <domain-name>
# starttls: smtp
# key_types:
# - rsa
# - ecdsa
# all empty per default, see README for possible hook names
acmebot_hooks: {}
# This variable will override the built-in defaults. If you need to set it,
# you can grab an up-to-date copy of those defaults from the official
# repository to merge them manually.
# see also: https://www.certificate-transparency.org/known-logs
acmebot_ct_logs: {}
Loading