dehydrated/more-examples.patch
Daniel Molkentin 5b368e02a5 Accepting request 882014 from home:darix:playground
- Do not use the full path for config.d in the config files, which
  will simplify implementing multi instance support.

- Added more-examples.patch:
  Explain how we can have per certificate key algorithms

OBS-URL: https://build.opensuse.org/request/show/882014
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=73
2021-03-29 16:26:11 +00:00

56 lines
1.9 KiB
Diff

Index: dehydrated-0.7.0/docs/domains_txt.md
===================================================================
--- dehydrated-0.7.0.orig/docs/domains_txt.md
+++ dehydrated-0.7.0/docs/domains_txt.md
@@ -34,6 +34,30 @@ under your `CERTDIR`.
example.net www.example.net wiki.example.net > certalias
```
+This allows to set per certificates options. The options you can change are
+explained in [Per Certificate Config](per-certificate-config.md).
+
+If you want to create different certificate types for the same domain
+you can use:
+
+```text
+*.service.example.org service.example.org > star_service_example_org_rsa
+*.service.example.org service.example.org > star_service_example_org_ecdsa
+```
+
+Then add a config file `certs/star_service_example_org_rsa/config` with
+the value
+
+```
+KEY_ALGO="rsa"
+```
+
+or respectively
+
+```
+KEY_ALGO="ecdsa"
+```
+
### Wildcards
Support for wildcards was added by the ACME v2 protocol.
Index: dehydrated-0.7.0/docs/examples/domains.txt
===================================================================
--- dehydrated-0.7.0.orig/docs/examples/domains.txt
+++ dehydrated-0.7.0/docs/examples/domains.txt
@@ -24,6 +24,15 @@ example.net www.example.net > certalias
# NOTE: It is a certificate for 'service.example.org'
*.service.example.org service.example.org > star_service_example_org
+# Optionally you can also append the certificate algorithm here to create
+# multiple certificate types for the same domain.
+#
+# This allows to set per certificates options. The options you can change are
+# explained in [domains.txt documentation](domains_txt.md).
+#
+*.service.example.org service.example.org > star_service_example_org_rsa
+*.service.example.org service.example.org > star_service_example_org_ecdsa
+
# Create a certificate for 'service.example.net' with an alternative name of
# '*.service.example.net' (which is a wildcard domain) and store it in the
# directory ${CERTDIR}/service.example.net