summaryrefslogtreecommitdiffstats
path: root/docs/per-certificate-config.md
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docs/per-certificate-config.md29
1 files changed, 29 insertions, 0 deletions
diff --git a/docs/per-certificate-config.md b/docs/per-certificate-config.md
new file mode 100644
index 0000000..3dd34dc
--- /dev/null
+++ b/docs/per-certificate-config.md
@@ -0,0 +1,29 @@
+# Config on per-certificate base
+
+dehydrated allows a few configuration variables to be set on a per-certificate base.
+
+To use this feature create a `config` file in the certificates output directory (e.g. `certs/example.org/config`).
+
+Currently supported options:
+
+- PRIVATE_KEY_RENEW
+- PRIVATE_KEY_ROLLOVER
+- KEY_ALGO
+- KEYSIZE
+- OCSP_MUST_STAPLE
+- OCSP_FETCH
+- OCSP_DAYS
+- CHALLENGETYPE
+- HOOK
+- HOOK_CHAIN
+- WELLKNOWN
+- OPENSSL_CNF
+- RENEW_DAYS
+- PREFERRED_CHAIN
+
+## DOMAINS_D
+
+If `DOMAINS_D` is set, dehydrated will use it for your per-certificate configurations.
+Instead of `certs/example.org/config` it will look for a configuration under `DOMAINS_D/example.org`.
+
+If an alias is set, it will be used instead of the primary domain name.
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-07 23:02:54 +0000