| options/nixos/security.acme.certs.<name>.csr | Path to a certificate signing request to apply when fetching the certificate.
|
| options/nixos/security.acme.certs.<name>.csrKey | Path to the private key to the matching certificate signing request.
|
| options/nixos/security.acme.certs.<name>.group | Group running the ACME client.
|
| options/nixos/security.acme.certs.<name>.keyType | Key type to use for private keys
|
| options/nixos/security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| options/nixos/security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| options/nixos/security.acme.certs.<name>.domain | Domain to fetch certificate for (defaults to the entry name).
|
| options/nixos/security.acme.certs.<name>.validMinDays | Minimum remaining validity before renewal in days.
|
| options/nixos/security.acme.certs.<name>.s3Bucket | S3 bucket name to use for HTTP-01 based challenges
|
| options/nixos/security.acme.certs.<name>.server | ACME Directory Resource URI
|
| options/nixos/security.acme.certs.<name>.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| options/nixos/security.acme.certs.<name>.listenHTTP | Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
|
| options/nixos/security.acme.certs.<name>.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| options/nixos/security.acme.certs.<name>.webroot | Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
|
| options/nixos/security.acme.certs.<name>.extraLegoRunFlags | Additional flags to pass to lego run.
|
| options/nixos/security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| options/nixos/security.acme.certs.<name>.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| options/nixos/security.acme.certs.<name>.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| options/nixos/security.acme.certs.<name>.extraDomainNames | A list of extra domain names, which are included in the one certificate to be issued.
|
| options/nixos/security.acme.certs.<name>.dnsProvider | DNS Challenge provider
|
| options/nixos/security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| options/nixos/security.acme.certs.<name>.directory | Directory where certificate and other state is stored.
|
| options/nixos/security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| options/nixos/security.acme.certs.<name>.reloadServices | The list of systemd services to call systemctl try-reload-or-restart
on.
|
| options/nixos/security.acme.certs.<name>.inheritDefaults | Whether to inherit values set in security.acme.defaults or not.
|
| options/nixos/security.acme.certs.<name>.credentialFiles | Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider
|
| options/nixos/security.acme.certs.<name>.environmentFile | Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider
|
| options/nixos/security.acme.certs.<name>.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|