1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
Template: open-infrastructure-dehydrated-tools/title
Type: title
Description: dehydrated-tools: Setup
Template: open-infrastructure-dehydrated-tools/auto-cleanup
Type: boolean
Default: no
Description: dehydrated auto clean:
Please select the Certificate Authority to use with dehydrated.
.
If unsure, use letsencrypt (default).
Template: open-infrastructure-dehydrated-tools/ca
Type: select
Choices: letsencrypt, letsencrypt-test, zerossl, buypass, buypass-test
Default: letsencrypt
Description: dehydrated Certificate Authority (CA):
Please select the Certificate Authority to use with dehydrated.
.
If unsure, use letsencrypt (default).
Template: open-infrastructure-dehydrated-tools/challengetype
Type: select
Choices: dns-01, http-01
Default: http-01
Description: dehydrated Challenge Type:
Please select the challenge type to use with dehydrated.
.
If unsure, use http-01 (default).
Template: open-infrastructure-dehydrated-tools/contact-email
Type: string
Default:
Description: dehydrated Contact Email:
Please select an optional contact email address for notifications of your CA.
.
If unsure, leave empty (default).
Template: open-infrastructure-dehydrated-tools/key-algo
Type: select
Choices: prime256v1, rsa, secp384r1
Default: secp384r1
Description: dehydrated key algorithm:
Please select the key algorithm to use.
.
If unsure, use 'secp384r1' (default).
Template: open-infrastructure-dehydrated-tools/ocsp-fetch
Type: boolean
Default: false
Description: dehydrated OCSP fetch:
Should dehydrated automatically fetch the OCSP signature?
.
If unsure, use 'no' (default).
Template: open-infrastructure-dehydrated-tools/ocsp-must-staple
Type: boolean
Default: false
Description: dehydrated OCSP must staple:
Should dehydrated request certificates that must use OCSP stapling?
.
If unsure, use 'no' (default).
Template: open-infrastructure-dehydrated-tools/preferred-chain
Type: string
Default:
Description: dehydrated preferred chain:
Should an alternative root certificate by used in the certificat verification chain?
.
If unsure, leave empty.
Template: open-infrastructure-dehydrated-tools/basedir
Type: string
Default:
Description: dehydrated base directory:
Please enter the base directory where all the certificates are stored.
.
If unsure, use /var/lib/dehydrated (default).
Template: open-infrastructure-dehydrated-tools/hooks
Type: multiselect
Choices: ${HOOKS_CHOICES}
Default:
Description: dehydrated hooks:
Please select any hooks that should be enabled for dehydrated.
Template: open-infrastructure-dehydrated-tools/domains
Type: string
Default:
Description: dehydrated domains:
Please enter the domains to be configured for dehydrated.
.
If unsure, leave empty (default) which will use the hostname
of the system. Use 'none' to not generate any certificates.
.
Multiple certificates can be separated by '|', additional
names (SAN) can are whitespace separated.
Template: open-infrastructure-dehydrated-tools/tsig
Type: string
Default:
Description: dehydrated TSIG:
When using the dehydrated-nsupdate hook, a TSIG can be used. If you like
to do so, please enter either the path to the TSIG file or the TSIG string
itself (format as used by nsupdate -y in algorithm:name:base64).
.
If unsure, leave empty (default).
Template: open-infrastructure-dehydrated-tools/register
Type: boolean
Default: false
Description: dehydrated register:
Should a 'dehydrated --register --accept-terms' be executed now to create
an account for this system with your CA.
Template: open-infrastructure-dehydrated-tools/run
Type: boolean
Default: false
Description: dehydrated:
Should a 'dehydrated --cron --keep-going' be executed now to renew
non-existent/changed/expiring certificates for this system.
|
