summaryrefslogtreecommitdiffstats
path: root/debian/open-infrastructure-dehydrated-tools.templates
blob: a29c5500061f54230ea5e572a2fc89817d63c328 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
Template: open-infrastructure-dehydrated-tools/title
Type: title
Description: dehydrated-tools: Setup

Template: open-infrastructure-dehydrated-tools/auto-cleanup
Type: boolean
Default: no
Description: dehydrated auto clean:
 Please select the Certificate Authority to use with dehydrated.
 .
 If unsure, use letsencrypt (default).

Template: open-infrastructure-dehydrated-tools/ca
Type: select
Choices: letsencrypt, letsencrypt-test, zerossl, buypass, buypass-test
Default: letsencrypt
Description: dehydrated Certificate Authority (CA):
 Please select the Certificate Authority to use with dehydrated.
 .
 If unsure, use letsencrypt (default).

Template: open-infrastructure-dehydrated-tools/challengetype
Type: select
Choices: dns-01, http-01
Default: http-01
Description: dehydrated Challenge Type:
 Please select the challenge type to use with dehydrated.
 .
 If unsure, use http-01 (default).

Template: open-infrastructure-dehydrated-tools/contact-email
Type: string
Default: 
Description: dehydrated Contact Email:
 Please select an optional contact email address for notifications of your CA.
 .
 If unsure, leave empty (default).

Template: open-infrastructure-dehydrated-tools/key-algo
Type: select
Choices: prime256v1, rsa, secp384r1
Default: secp384r1
Description: dehydrated key algorithm:
 Please select the key algorithm to use.
 .
 If unsure, use 'secp384r1' (default).

Template: open-infrastructure-dehydrated-tools/ocsp-fetch
Type: boolean
Default: false
Description: dehydrated OCSP fetch:
 Should dehydrated automatically fetch the OCSP signature?
 .
 If unsure, use 'no' (default).

Template: open-infrastructure-dehydrated-tools/ocsp-must-staple
Type: boolean
Default: false
Description: dehydrated OCSP must staple:
 Should dehydrated request certificates that must use OCSP stapling?
 .
 If unsure, use 'no' (default).

Template: open-infrastructure-dehydrated-tools/preferred-chain
Type: string
Default: 
Description: dehydrated preferred chain:
 Should an alternative root certificate by used in the certificat verification chain?
 .
 If unsure, leave empty.

Template: open-infrastructure-dehydrated-tools/basedir
Type: string
Default: 
Description: dehydrated base directory:
 Please enter the base directory where all the certificates are stored.
 .
 If unsure, use /var/lib/dehydrated (default).

Template: open-infrastructure-dehydrated-tools/hooks
Type: multiselect
Choices: ${HOOKS_CHOICES}
Default: 
Description: dehydrated hooks:
 Please select any hooks that should be enabled for dehydrated.

Template: open-infrastructure-dehydrated-tools/domains
Type: string
Default: 
Description: dehydrated domains:
 Please enter the domains to be configured for dehydrated.
 .
 If unsure, leave empty (default) which will use the hostname
 of the system. Use 'none' to not generate any certificates.
 .
 Multiple certificates can be separated by '|', additional
 names (SAN) can are whitespace separated.

Template: open-infrastructure-dehydrated-tools/tsig
Type: string
Default: 
Description: dehydrated TSIG:
 When using the dehydrated-nsupdate hook, a TSIG can be used. If you like
 to do so, please enter either the path to the TSIG file or the TSIG string
 itself (format as used by nsupdate -y in algorithm:name:base64).
 .
 If unsure, leave empty (default).

Template: open-infrastructure-dehydrated-tools/register
Type: boolean
Default: false
Description: dehydrated register:
 Should a 'dehydrated --register --accept-terms' be executed now to create
 an account for this system with your CA.

Template: open-infrastructure-dehydrated-tools/run
Type: boolean
Default: false
Description: dehydrated:
 Should a 'dehydrated --cron --keep-going' be executed now to renew
 non-existent/changed/expiring certificates for this system.