#
# Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
#
---
# user under which we run acme-tiny and owner of ssl_base_folder
acme_user: acme

# Path where we put all our SSL private keys and certificates
acme_ssl_base_folder: /var/ssl

# Path where we tell acme-tiny to put our challenges. Writable by acme_user and readable by
# www-data (nginx)
acme_challenges_folder_path: "{{ acme_ssl_base_folder }}/challenges"

# A list of *simple* domains to run acme_tiny on. Example: "www.example.com"
# For each of those domains, a CSR with a single domain will be created and processed.
acme_domain: "{{ server_name }}"

# A list of domains that are grouped in the same request.
# The generated CSR will use SAN openssl configuration when generating the CSR.
# See acme_tiny README.
# Each item in this list is a hash with the same structure as _acme_multi_domains_item.
acme_multi_domains: []

# Example: {'base_name': 'example.com', domains: ['example.com', 'www.example.com']}
# base_name will be the main name of the cert, that is, the name of the folder containing its
# keys and certs as well as the name of the nginx snippet.
# The first domain of "domains" is the "main" host of the resulting cert.
_acme_multi_domains_item:
  base_name: ''
  domains: []

# If set, we will fetch existing SSL data from our specified host name (from the inventory)
# **instead** of going through with ACME challenges. You should use this option when you're in the
# process of transferring a host and you want to avoid the downtime between the moment where you
# change your DNS record and the moment where you can proceed with a proper challenge.
acme_copy_from_hostname: ''