|
12345678910111213141516171819202122232425262728293031323334 |
- ---
- # user under which we run acme-tiny and owner of ssl_base_folder
- acme_user: acme
-
- # Path where we put all our SSL private keys and certificates
- acme_ssl_base_folder: /var/ssl
-
- # Path where we tell acme-tiny to put our challenges. Writable by acme_user and readable by
- # www-data (nginx)
- acme_challenges_folder_path: "{{ acme_ssl_base_folder }}/challenges"
-
- # A list of *simple* domains to run acme_tiny on. Example: "www.example.com"
- # For each of those domains, a CSR with a single domain will be created and processed.
- acme_domain: "{{ server_name }}"
-
- # A list of domains that are grouped in the same request.
- # The generated CSR will use SAN openssl configuration when generating the CSR.
- # See acme_tiny README.
- # Each item in this list is a hash with the same structure as _acme_multi_domains_item.
- acme_multi_domains: []
-
- # Example: {'base_name': 'example.com', domains: ['example.com', 'www.example.com']}
- # base_name will be the main name of the cert, that is, the name of the folder containing its
- # keys and certs as well as the name of the nginx snippet.
- # The first domain of "domains" is the "main" host of the resulting cert.
- _acme_multi_domains_item:
- base_name: ''
- domains: []
-
- # If set, we will fetch existing SSL data from our specified host name (from the inventory)
- # **instead** of going through with ACME challenges. You should use this option when you're in the
- # process of transferring a host and you want to avoid the downtime between the moment where you
- # change your DNS record and the moment where you can proceed with a proper challenge.
- acme_copy_from_hostname: ''
|