5b368e02a5
- Do not use the full path for config.d in the config files, which will simplify implementing multi instance support. - Added more-examples.patch: Explain how we can have per certificate key algorithms OBS-URL: https://build.opensuse.org/request/show/882014 OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=73
56 lines
1.9 KiB
Diff
56 lines
1.9 KiB
Diff
Index: dehydrated-0.7.0/docs/domains_txt.md
|
|
===================================================================
|
|
--- dehydrated-0.7.0.orig/docs/domains_txt.md
|
|
+++ dehydrated-0.7.0/docs/domains_txt.md
|
|
@@ -34,6 +34,30 @@ under your `CERTDIR`.
|
|
example.net www.example.net wiki.example.net > certalias
|
|
```
|
|
|
|
+This allows to set per certificates options. The options you can change are
|
|
+explained in [Per Certificate Config](per-certificate-config.md).
|
|
+
|
|
+If you want to create different certificate types for the same domain
|
|
+you can use:
|
|
+
|
|
+```text
|
|
+*.service.example.org service.example.org > star_service_example_org_rsa
|
|
+*.service.example.org service.example.org > star_service_example_org_ecdsa
|
|
+```
|
|
+
|
|
+Then add a config file `certs/star_service_example_org_rsa/config` with
|
|
+the value
|
|
+
|
|
+```
|
|
+KEY_ALGO="rsa"
|
|
+```
|
|
+
|
|
+or respectively
|
|
+
|
|
+```
|
|
+KEY_ALGO="ecdsa"
|
|
+```
|
|
+
|
|
### Wildcards
|
|
|
|
Support for wildcards was added by the ACME v2 protocol.
|
|
Index: dehydrated-0.7.0/docs/examples/domains.txt
|
|
===================================================================
|
|
--- dehydrated-0.7.0.orig/docs/examples/domains.txt
|
|
+++ dehydrated-0.7.0/docs/examples/domains.txt
|
|
@@ -24,6 +24,15 @@ example.net www.example.net > certalias
|
|
# NOTE: It is a certificate for 'service.example.org'
|
|
*.service.example.org service.example.org > star_service_example_org
|
|
|
|
+# Optionally you can also append the certificate algorithm here to create
|
|
+# multiple certificate types for the same domain.
|
|
+#
|
|
+# This allows to set per certificates options. The options you can change are
|
|
+# explained in [domains.txt documentation](domains_txt.md).
|
|
+#
|
|
+*.service.example.org service.example.org > star_service_example_org_rsa
|
|
+*.service.example.org service.example.org > star_service_example_org_ecdsa
|
|
+
|
|
# Create a certificate for 'service.example.net' with an alternative name of
|
|
# '*.service.example.net' (which is a wildcard domain) and store it in the
|
|
# directory ${CERTDIR}/service.example.net
|