Adding upstream version 0.7.1.upstream/0.7.1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-12-19 17:19:01 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-12-19 17:19:01 +0000
commit: 3394cec934fabeaefe0cab7893f47dbb9ed97381 (patch)
tree: 8f0d4ac92b1d6f1368f58863acfb746780cd6631 /docs/per-certificate-config.md
parent: Initial commit. (diff)
download: dehydrated-upstream.tar.xz
dehydrated-upstream.zip
1 files changed, 29 insertions, 0 deletions
diff --git a/docs/per-certificate-config.md b/docs/per-certificate-config.md
new file mode 100644
index 0000000..3dd34dc
--- /dev/null
+++ b/docs/per-certificate-config.md
@@ -0,0 +1,29 @@
+# Config on per-certificate base
+
+dehydrated allows a few configuration variables to be set on a per-certificate base.
+
+To use this feature create a `config` file in the certificates output directory (e.g. `certs/example.org/config`).
+
+Currently supported options:
+
+- PRIVATE_KEY_RENEW
+- PRIVATE_KEY_ROLLOVER
+- KEY_ALGO
+- KEYSIZE
+- OCSP_MUST_STAPLE
+- OCSP_FETCH
+- OCSP_DAYS
+- CHALLENGETYPE
+- HOOK
+- HOOK_CHAIN
+- WELLKNOWN
+- OPENSSL_CNF
+- RENEW_DAYS
+- PREFERRED_CHAIN
+
+## DOMAINS_D
+
+If `DOMAINS_D` is set, dehydrated will use it for your per-certificate configurations.
+Instead of `certs/example.org/config` it will look for a configuration under `DOMAINS_D/example.org`.
+
+If an alias is set, it will be used instead of the primary domain name.
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-12-19 17:19:01 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-12-19 17:19:01 +0000
commit	3394cec934fabeaefe0cab7893f47dbb9ed97381 (patch)
tree	8f0d4ac92b1d6f1368f58863acfb746780cd6631 /docs/per-certificate-config.md
parent	Initial commit. (diff)
download	dehydrated-upstream.tar.xz dehydrated-upstream.zip