docs/NixOS/security/acme/index.html

8414 lines
170 KiB
HTML
Raw Normal View History

2024-07-24 19:14:02 +00:00
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Aux Documentation">
<meta name="author" content="Nixpkgs Aux, and Lix Contributors">
<link rel="canonical" href="https://docs.auxolotl.org/NixOS/security/acme/">
<link rel="prev" href="../">
<link rel="next" href="../apparmor/">
<link rel="icon" href="../../../assets/aux-logo.svg">
<meta name="generator" content="mkdocs-1.6.0, mkdocs-material-9.5.29">
<title>Acme - Aux Docs</title>
<link rel="stylesheet" href="../../../assets/stylesheets/main.76a95c52.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.bunny.net/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i%7CIBM+Plex+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"IBM Plex Sans";--md-code-font:"IBM Plex Mono"}</style>
<script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
<meta property="og:type" content="website" >
<meta property="og:title" content="Acme - Aux Docs" >
<meta property="og:description" content="Aux Documentation" >
<meta property="og:image" content="https://docs.auxolotl.org/assets/images/social/NixOS/security/acme.png" >
<meta property="og:image:type" content="image/png" >
<meta property="og:image:width" content="1200" >
<meta property="og:image:height" content="630" >
<meta property="og:url" content="https://docs.auxolotl.org/NixOS/security/acme/" >
<meta name="twitter:card" content="summary_large_image" >
<meta name="twitter:title" content="Acme - Aux Docs" >
<meta name="twitter:description" content="Aux Documentation" >
<meta name="twitter:image" content="https://docs.auxolotl.org/assets/images/social/NixOS/security/acme.png" >
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="blue">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#securityacmeacceptterms" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../../.." title="Aux Docs" class="md-header__button md-logo" aria-label="Aux Docs" data-md-component="logo">
<img src="../../../assets/aux-logo.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Aux Docs
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Acme
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="blue" aria-label="Dark Mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Dark Mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3 3.19.09m3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95 2.06.05m-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31Z"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="blue" aria-label="Light Mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Light Mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5c-.84 0-1.65.15-2.39.42L12 2M3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29L3.34 7m.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14L3.36 17M20.65 7l-1.77 3.79a7.023 7.023 0 0 0-2.38-4.15l4.15.36m-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29L20.64 17M12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44L12 22Z"/></svg>
</label>
</form>
<script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://git.auxolotl.org/auxolotl/docs" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.777 0a2.9 2.9 0 1 1-2.529 4.322H12.91a4.266 4.266 0 0 0-4.265 4.195v2.118a7.076 7.076 0 0 1 4.147-1.42l.118-.002h1.338a2.9 2.9 0 0 1 5.43 1.422 2.9 2.9 0 0 1-5.43 1.422H12.91a4.266 4.266 0 0 0-4.265 4.195v2.319A2.9 2.9 0 0 1 7.222 24 2.9 2.9 0 0 1 5.8 18.57V8.589a7.109 7.109 0 0 1 6.991-7.108l.118-.001h1.338A2.9 2.9 0 0 1 16.778 0ZM7.223 19.905a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Zm9.554-10.464a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.39Zm0-7.735a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Z"/></svg>
</div>
<div class="md-source__repository">
auxolotl/docs
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../../.." class="md-tabs__link">
Aux Documentation Hub
</a>
</li>
<li class="md-tabs__item">
<a href="../../../TODO/" class="md-tabs__link">
TODO
</a>
</li>
<li class="md-tabs__item">
<a href="../../../Aux/" class="md-tabs__link">
Aux
</a>
</li>
<li class="md-tabs__item">
<a href="../../../Lix/" class="md-tabs__link">
Lix
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../../appstream/" class="md-tabs__link">
NixOS
</a>
</li>
<li class="md-tabs__item">
<a href="../../../Nixpkgs/" class="md-tabs__link">
Nixpkgs
</a>
</li>
</ul>
</div>
</nav>
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../../.." title="Aux Docs" class="md-nav__button md-logo" aria-label="Aux Docs" data-md-component="logo">
<img src="../../../assets/aux-logo.svg" alt="logo">
</a>
Aux Docs
</label>
<div class="md-nav__source">
<a href="https://git.auxolotl.org/auxolotl/docs" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.777 0a2.9 2.9 0 1 1-2.529 4.322H12.91a4.266 4.266 0 0 0-4.265 4.195v2.118a7.076 7.076 0 0 1 4.147-1.42l.118-.002h1.338a2.9 2.9 0 0 1 5.43 1.422 2.9 2.9 0 0 1-5.43 1.422H12.91a4.266 4.266 0 0 0-4.265 4.195v2.319A2.9 2.9 0 0 1 7.222 24 2.9 2.9 0 0 1 5.8 18.57V8.589a7.109 7.109 0 0 1 6.991-7.108l.118-.001h1.338A2.9 2.9 0 0 1 16.778 0ZM7.223 19.905a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Zm9.554-10.464a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.39Zm0-7.735a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Z"/></svg>
</div>
<div class="md-source__repository">
auxolotl/docs
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../.." class="md-nav__link">
<span class="md-ellipsis">
Aux Documentation Hub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../TODO/" class="md-nav__link">
<span class="md-ellipsis">
TODO
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../../Aux/" class="md-nav__link">
<span class="md-ellipsis">
Aux
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../../Lix/" class="md-nav__link">
<span class="md-ellipsis">
Lix
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" checked>
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="">
<span class="md-ellipsis">
NixOS
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
NixOS
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../appstream/" class="md-nav__link">
<span class="md-ellipsis">
Appstream
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../console/" class="md-nav__link">
<span class="md-ellipsis">
Console
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../containers/" class="md-nav__link">
<span class="md-ellipsis">
Containers
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../documentation/" class="md-nav__link">
<span class="md-ellipsis">
Documentation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../dysnomia/" class="md-nav__link">
<span class="md-ellipsis">
Dysnomia
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../ec2/" class="md-nav__link">
<span class="md-ellipsis">
Ec2
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../environment/" class="md-nav__link">
<span class="md-ellipsis">
Environment
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../fileSystems/" class="md-nav__link">
<span class="md-ellipsis">
fileSystems
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../fonts/" class="md-nav__link">
<span class="md-ellipsis">
Fonts
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../gtk/" class="md-nav__link">
<span class="md-ellipsis">
Gtk
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../hardware/" class="md-nav__link">
<span class="md-ellipsis">
Hardware
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../i18n/" class="md-nav__link">
<span class="md-ellipsis">
I18n
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../image/" class="md-nav__link">
<span class="md-ellipsis">
Image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../lib/" class="md-nav__link">
<span class="md-ellipsis">
Lib
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../location/" class="md-nav__link">
<span class="md-ellipsis">
Location
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../nix/" class="md-nav__link">
<span class="md-ellipsis">
Nix
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../nixops/" class="md-nav__link">
<span class="md-ellipsis">
Nixops
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../nixpkgs/" class="md-nav__link">
<span class="md-ellipsis">
Nixpkgs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../oci/" class="md-nav__link">
<span class="md-ellipsis">
Oci
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../openstack/" class="md-nav__link">
<span class="md-ellipsis">
Openstack
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../power/" class="md-nav__link">
<span class="md-ellipsis">
Power
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../powerManagement/" class="md-nav__link">
<span class="md-ellipsis">
powerManagement
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../qt/" class="md-nav__link">
<span class="md-ellipsis">
Qt
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../specialisation/" class="md-nav__link">
<span class="md-ellipsis">
Specialisation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../swapDevices/" class="md-nav__link">
<span class="md-ellipsis">
swapDevices
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../system/" class="md-nav__link">
<span class="md-ellipsis">
System
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../time/" class="md-nav__link">
<span class="md-ellipsis">
Time
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../xdg/" class="md-nav__link">
<span class="md-ellipsis">
Xdg
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../zramSwap/" class="md-nav__link">
<span class="md-ellipsis">
zramSwap
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../boot/" class="md-nav__link">
<span class="md-ellipsis">
Boot
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../networking/" class="md-nav__link">
<span class="md-ellipsis">
Networking
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../programs/_1password-gui/" class="md-nav__link">
<span class="md-ellipsis">
Programs
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_33" checked>
<div class="md-nav__link md-nav__container">
<a href="../" class="md-nav__link ">
<span class="md-ellipsis">
Security
</span>
</a>
<label class="md-nav__link " for="__nav_5_33" id="__nav_5_33_label" tabindex="0">
<span class="md-nav__icon md-icon"></span>
</label>
</div>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_33_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_5_33">
<span class="md-nav__icon md-icon"></span>
Security
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Acme
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Acme
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#securityacmeacceptterms" class="md-nav__link">
<span class="md-ellipsis">
security.acme.acceptTerms
</span>
</a>
<nav class="md-nav" aria-label="security.acme.acceptTerms">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecerts" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_1" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamecredentialfiles" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.credentialFiles
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.credentialFiles">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_2" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_1" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamedirectory" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.directory
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.directory">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_3" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamednspropagationcheck" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.dnsPropagationCheck
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.dnsPropagationCheck">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_4" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamednsprovider" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.dnsProvider
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.dnsProvider">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_5" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_2" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamednsresolver" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.dnsResolver
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.dnsResolver">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_6" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_3" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamedomain" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.domain
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.domain">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_7" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameemail" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.email
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.email">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_8" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameenabledebuglogs" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.enableDebugLogs
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.enableDebugLogs">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_9" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_4" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameenvironmentfile" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.environmentFile
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.environmentFile">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_10" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_5" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameextradomainnames" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.extraDomainNames
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.extraDomainNames">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_11" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_6" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameextralegoflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.extraLegoFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.extraLegoFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_12" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameextralegorenewflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.extraLegoRenewFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.extraLegoRenewFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_13" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameextralegorunflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.extraLegoRunFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.extraLegoRunFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_14" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamegroup" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.group
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.group">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_15" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameinheritdefaults" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.inheritDefaults
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.inheritDefaults">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_16" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_7" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamekeytype" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.keyType
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.keyType">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_17" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamelistenhttp" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.listenHTTP
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.listenHTTP">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_18" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_8" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameocspmuststaple" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.ocspMustStaple
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.ocspMustStaple">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_19" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamepostrun" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.postRun
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.postRun">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_20" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_9" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamereloadservices" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.reloadServices
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.reloadServices">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_21" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamerenewinterval" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.renewInterval
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.renewInterval">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_22" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnames3bucket" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.s3Bucket
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.s3Bucket">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_23" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_10" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameserver" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.server
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.server">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_24" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_11" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamevalidmindays" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.validMinDays
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.validMinDays">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_25" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamewebroot" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.webroot
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.webroot">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_26" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_12" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaults" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultscredentialfiles" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.credentialFiles
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.credentialFiles">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_27" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_13" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsdnspropagationcheck" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.dnsPropagationCheck
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.dnsPropagationCheck">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_28" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsdnsprovider" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.dnsProvider
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.dnsProvider">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_29" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_14" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsdnsresolver" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.dnsResolver
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.dnsResolver">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_30" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_15" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsemail" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.email
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.email">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_31" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsenabledebuglogs" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.enableDebugLogs
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.enableDebugLogs">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_32" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_16" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsenvironmentfile" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.environmentFile
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.environmentFile">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_33" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_17" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsextralegoflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.extraLegoFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.extraLegoFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_34" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsextralegorenewflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.extraLegoRenewFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.extraLegoRenewFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_35" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsextralegorunflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.extraLegoRunFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.extraLegoRunFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_36" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsgroup" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.group
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.group">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_37" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultskeytype" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.keyType
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.keyType">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_38" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsocspmuststaple" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.ocspMustStaple
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.ocspMustStaple">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_39" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultspostrun" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.postRun
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.postRun">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_40" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_18" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsreloadservices" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.reloadServices
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.reloadServices">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_41" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsrenewinterval" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.renewInterval
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.renewInterval">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_42" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsserver" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.server
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.server">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_43" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_19" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsvalidmindays" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.validMinDays
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.validMinDays">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_44" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultswebroot" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.webroot
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.webroot">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_45" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_20" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmemaxconcurrentrenewals" class="md-nav__link">
<span class="md-ellipsis">
security.acme.maxConcurrentRenewals
</span>
</a>
<nav class="md-nav" aria-label="security.acme.maxConcurrentRenewals">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_46" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmepreliminaryselfsigned" class="md-nav__link">
<span class="md-ellipsis">
security.acme.preliminarySelfsigned
</span>
</a>
<nav class="md-nav" aria-label="security.acme.preliminarySelfsigned">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_47" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmeuseroot" class="md-nav__link">
<span class="md-ellipsis">
security.acme.useRoot
</span>
</a>
<nav class="md-nav" aria-label="security.acme.useRoot">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_48" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../apparmor/" class="md-nav__link">
<span class="md-ellipsis">
Apparmor
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../audit/" class="md-nav__link">
<span class="md-ellipsis">
Audit
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../auditd/" class="md-nav__link">
<span class="md-ellipsis">
Auditd
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../chromiumSuidSandbox/" class="md-nav__link">
<span class="md-ellipsis">
chromiumSuidSandbox
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../dhparams/" class="md-nav__link">
<span class="md-ellipsis">
Dhparams
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../doas/" class="md-nav__link">
<span class="md-ellipsis">
Doas
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../duosec/" class="md-nav__link">
<span class="md-ellipsis">
Duosec
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../googleOsLogin/" class="md-nav__link">
<span class="md-ellipsis">
googleOsLogin
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ipa/" class="md-nav__link">
<span class="md-ellipsis">
Ipa
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../isolate/" class="md-nav__link">
<span class="md-ellipsis">
Isolate
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../krb5/" class="md-nav__link">
<span class="md-ellipsis">
Krb5
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../loginDefs/" class="md-nav__link">
<span class="md-ellipsis">
loginDefs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../pam/" class="md-nav__link">
<span class="md-ellipsis">
Pam
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../pki/" class="md-nav__link">
<span class="md-ellipsis">
Pki
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../please/" class="md-nav__link">
<span class="md-ellipsis">
Please
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../polkit/" class="md-nav__link">
<span class="md-ellipsis">
Polkit
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../rtkit/" class="md-nav__link">
<span class="md-ellipsis">
Rtkit
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../shadow/" class="md-nav__link">
<span class="md-ellipsis">
Shadow
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../sudo-rs/" class="md-nav__link">
<span class="md-ellipsis">
Sudo rs
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../sudo/" class="md-nav__link">
<span class="md-ellipsis">
Sudo
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../tpm2/" class="md-nav__link">
<span class="md-ellipsis">
Tpm2
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../virtualisation/" class="md-nav__link">
<span class="md-ellipsis">
Virtualisation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../wrappers/" class="md-nav__link">
<span class="md-ellipsis">
Wrappers
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../services/" class="md-nav__link">
<span class="md-ellipsis">
Services
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../systemd/" class="md-nav__link">
<span class="md-ellipsis">
Systemd
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../users/" class="md-nav__link">
<span class="md-ellipsis">
Users
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../virtualisation/" class="md-nav__link">
<span class="md-ellipsis">
Virtualisation
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
<a href="../../../Nixpkgs/" class="md-nav__link">
<span class="md-ellipsis">
Nixpkgs
</span>
<span class="md-nav__icon md-icon"></span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#securityacmeacceptterms" class="md-nav__link">
<span class="md-ellipsis">
security.acme.acceptTerms
</span>
</a>
<nav class="md-nav" aria-label="security.acme.acceptTerms">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecerts" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_1" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamecredentialfiles" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.credentialFiles
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.credentialFiles">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_2" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_1" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamedirectory" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.directory
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.directory">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_3" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamednspropagationcheck" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.dnsPropagationCheck
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.dnsPropagationCheck">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_4" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamednsprovider" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.dnsProvider
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.dnsProvider">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_5" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_2" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamednsresolver" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.dnsResolver
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.dnsResolver">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_6" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_3" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamedomain" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.domain
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.domain">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_7" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameemail" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.email
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.email">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_8" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameenabledebuglogs" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.enableDebugLogs
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.enableDebugLogs">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_9" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_4" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameenvironmentfile" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.environmentFile
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.environmentFile">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_10" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_5" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameextradomainnames" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.extraDomainNames
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.extraDomainNames">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_11" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_6" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameextralegoflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.extraLegoFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.extraLegoFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_12" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameextralegorenewflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.extraLegoRenewFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.extraLegoRenewFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_13" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameextralegorunflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.extraLegoRunFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.extraLegoRunFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_14" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamegroup" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.group
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.group">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_15" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameinheritdefaults" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.inheritDefaults
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.inheritDefaults">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_16" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_7" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamekeytype" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.keyType
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.keyType">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_17" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamelistenhttp" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.listenHTTP
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.listenHTTP">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_18" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_8" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameocspmuststaple" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.ocspMustStaple
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.ocspMustStaple">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_19" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamepostrun" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.postRun
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.postRun">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_20" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_9" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamereloadservices" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.reloadServices
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.reloadServices">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_21" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamerenewinterval" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.renewInterval
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.renewInterval">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_22" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnames3bucket" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.s3Bucket
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.s3Bucket">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_23" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_10" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnameserver" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.server
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.server">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_24" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_11" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamevalidmindays" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.validMinDays
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.validMinDays">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_25" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmecertsnamewebroot" class="md-nav__link">
<span class="md-ellipsis">
security.acme.certs.&lt;name&gt;.webroot
</span>
</a>
<nav class="md-nav" aria-label="security.acme.certs.<name>.webroot">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_26" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_12" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaults" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultscredentialfiles" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.credentialFiles
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.credentialFiles">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_27" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_13" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsdnspropagationcheck" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.dnsPropagationCheck
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.dnsPropagationCheck">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_28" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsdnsprovider" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.dnsProvider
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.dnsProvider">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_29" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_14" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsdnsresolver" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.dnsResolver
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.dnsResolver">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_30" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_15" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsemail" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.email
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.email">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_31" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsenabledebuglogs" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.enableDebugLogs
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.enableDebugLogs">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_32" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_16" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsenvironmentfile" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.environmentFile
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.environmentFile">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_33" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_17" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsextralegoflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.extraLegoFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.extraLegoFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_34" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsextralegorenewflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.extraLegoRenewFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.extraLegoRenewFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_35" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsextralegorunflags" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.extraLegoRunFlags
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.extraLegoRunFlags">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_36" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsgroup" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.group
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.group">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_37" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultskeytype" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.keyType
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.keyType">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_38" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsocspmuststaple" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.ocspMustStaple
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.ocspMustStaple">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_39" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultspostrun" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.postRun
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.postRun">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_40" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_18" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsreloadservices" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.reloadServices
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.reloadServices">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_41" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsrenewinterval" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.renewInterval
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.renewInterval">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_42" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsserver" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.server
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.server">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_43" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_19" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultsvalidmindays" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.validMinDays
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.validMinDays">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_44" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmedefaultswebroot" class="md-nav__link">
<span class="md-ellipsis">
security.acme.defaults.webroot
</span>
</a>
<nav class="md-nav" aria-label="security.acme.defaults.webroot">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_45" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example_20" class="md-nav__link">
<span class="md-ellipsis">
Example
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmemaxconcurrentrenewals" class="md-nav__link">
<span class="md-ellipsis">
security.acme.maxConcurrentRenewals
</span>
</a>
<nav class="md-nav" aria-label="security.acme.maxConcurrentRenewals">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_46" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmepreliminaryselfsigned" class="md-nav__link">
<span class="md-ellipsis">
security.acme.preliminarySelfsigned
</span>
</a>
<nav class="md-nav" aria-label="security.acme.preliminarySelfsigned">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_47" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#securityacmeuseroot" class="md-nav__link">
<span class="md-ellipsis">
security.acme.useRoot
</span>
</a>
<nav class="md-nav" aria-label="security.acme.useRoot">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#default_48" class="md-nav__link">
<span class="md-ellipsis">
Default
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1>Acme</h1>
<h2 id="securityacmeacceptterms" security-acme-acceptTerms="security-acme-acceptTerms"><code>security.acme.acceptTerms</code></h2>
<p>Accept the CA's terms of service. The default provider is Let's Encrypt,
you can find their ToS at <a href="https://letsencrypt.org/repository/">https://letsencrypt.org/repository/</a>.</p>
<p><strong>Type:</strong> <code>boolean</code></p>
<h3 id="default" security-acme-acceptTerms-default="security-acme-acceptTerms-default">Default</h3>
<p><code class="highlight"><span class="no">false</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecerts" security-acme-certs="security-acme-certs"><code>security.acme.certs</code></h2>
<p>Attribute set of certificates to get signed and renewed. Creates
<code>acme-${cert}.{service,timer}</code> systemd units for
each certificate defined here. Other services can add dependencies
to those units if they rely on the certificates being present,
or trigger restarts of the service if certificates get renewed.</p>
<p><strong>Type:</strong> <code>attribute set of (submodule)</code></p>
<h3 id="default_1" security-acme-certs-default="security-acme-certs-default">Default</h3>
<p><code class="highlight"><span class="p">{</span> <span class="p">}</span></code></p>
<h3 id="example" security-acme-certs-example="security-acme-certs-example">Example</h3>
<p><code class="highlight"><span class="p">{</span><span class="s2">&quot;example.com&quot;</span> <span class="o">=</span> <span class="p">{</span><span class="ss">webroot</span> <span class="o">=</span> <span class="s2">&quot;/var/lib/acme/acme-challenge/&quot;</span><span class="p">;</span><span class="ss">email</span> <span class="o">=</span> <span class="s2">&quot;foo@example.com&quot;</span><span class="p">;</span><span class="ss">extraDomainNames</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">&quot;www.example.com&quot;</span> <span class="s2">&quot;foo.example.com&quot;</span> <span class="p">];</span><span class="p">};</span><span class="s2">&quot;bar.example.com&quot;</span> <span class="o">=</span> <span class="p">{</span><span class="ss">webroot</span> <span class="o">=</span> <span class="s2">&quot;/var/lib/acme/acme-challenge/&quot;</span><span class="p">;</span><span class="ss">email</span> <span class="o">=</span> <span class="s2">&quot;bar@example.com&quot;</span><span class="p">;</span><span class="p">};</span><span class="p">}</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamecredentialfiles" security-acme-certs-_wzxhzdk:9_-credentialFiles="security-acme-certs-<name>-credentialFiles"><code>security.acme.certs.&lt;name&gt;.credentialFiles</code></h2>
<p>Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider.
To find out what values you need to set, consult the documentation at
<a href="https://go-acme.github.io/lego/dns/">https://go-acme.github.io/lego/dns/</a> for the corresponding dnsProvider.
This allows to securely pass credential files to lego by leveraging systemd
credentials.</p>
<p><strong>Type:</strong> <code>attribute set of path</code></p>
<h3 id="default_2" security-acme-certs-_wzxhzdk:11_-credentialFiles-default="security-acme-certs-<name>-credentialFiles-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>credentialFiles</code></p>
<h3 id="example_1" security-acme-certs-_wzxhzdk:13_-credentialFiles-example="security-acme-certs-<name>-credentialFiles-example">Example</h3>
<p><code class="highlight"><span class="p">{</span><span class="s2">&quot;RFC2136_TSIG_SECRET_FILE&quot;</span> <span class="o">=</span> <span class="s2">&quot;/run/secrets/tsig-secret-example.org&quot;</span><span class="p">;</span><span class="p">}</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamedirectory" security-acme-certs-_wzxhzdk:16_-directory="security-acme-certs-<name>-directory"><code>security.acme.certs.&lt;name&gt;.directory</code></h2>
<p>Directory where certificate and other state is stored.
<strong>Type:</strong> <code>string</code></p>
<h3 id="default_3" security-acme-certs-_wzxhzdk:18_-directory-default="security-acme-certs-<name>-directory-default">Default</h3>
<p><code class="highlight"><span class="s2">&quot;/var/lib/acme/name&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamednspropagationcheck" security-acme-certs-_wzxhzdk:21_-dnsPropagationCheck="security-acme-certs-<name>-dnsPropagationCheck"><code>security.acme.certs.&lt;name&gt;.dnsPropagationCheck</code></h2>
<p>Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.</p>
<p><strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_4" security-acme-certs-_wzxhzdk:23_-dnsPropagationCheck-default="security-acme-certs-<name>-dnsPropagationCheck-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>dnsPropagationCheck</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamednsprovider" security-acme-certs-_wzxhzdk:26_-dnsProvider="security-acme-certs-<name>-dnsProvider"><code>security.acme.certs.&lt;name&gt;.dnsProvider</code></h2>
<p>DNS Challenge provider. For a list of supported providers, see the "code"
field of the DNS providers listed at <a href="https://go-acme.github.io/lego/dns/">https://go-acme.github.io/lego/dns/</a>.</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_5" security-acme-certs-_wzxhzdk:28_-dnsProvider-default="security-acme-certs-<name>-dnsProvider-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>dnsProvider</code></p>
<h3 id="example_2" security-acme-certs-_wzxhzdk:30_-dnsProvider-example="security-acme-certs-<name>-dnsProvider-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;route53&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamednsresolver" security-acme-certs-_wzxhzdk:33_-dnsResolver="security-acme-certs-<name>-dnsResolver"><code>security.acme.certs.&lt;name&gt;.dnsResolver</code></h2>
<p>Set the resolver to use for performing recursive DNS queries. Supported:
host:port. The default is to use the system resolvers, or Google's DNS
resolvers if the system's cannot be determined.</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_6" security-acme-certs-_wzxhzdk:35_-dnsResolver-default="security-acme-certs-<name>-dnsResolver-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>dnsResolver</code></p>
<h3 id="example_3" security-acme-certs-_wzxhzdk:37_-dnsResolver-example="security-acme-certs-<name>-dnsResolver-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;1.1.1.1:53&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamedomain" security-acme-certs-_wzxhzdk:40_-domain="security-acme-certs-<name>-domain"><code>security.acme.certs.&lt;name&gt;.domain</code></h2>
<p>Domain to fetch certificate for (defaults to the entry name).
<strong>Type:</strong> <code>string</code></p>
<h3 id="default_7" security-acme-certs-_wzxhzdk:42_-domain-default="security-acme-certs-<name>-domain-default">Default</h3>
<p><code class="highlight"><span class="s2">&quot;name&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnameemail" security-acme-certs-_wzxhzdk:45_-email="security-acme-certs-<name>-email"><code>security.acme.certs.&lt;name&gt;.email</code></h2>
<p>Email address for account creation and correspondence from the CA.
It is recommended to use the same email for all certs to avoid account
creation limits.</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_8" security-acme-certs-_wzxhzdk:47_-email-default="security-acme-certs-<name>-email-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>email</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnameenabledebuglogs" security-acme-certs-_wzxhzdk:50_-enableDebugLogs="security-acme-certs-<name>-enableDebugLogs"><code>security.acme.certs.&lt;name&gt;.enableDebugLogs</code></h2>
<p>Whether to enable debug logging for this certificate.
<strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_9" security-acme-certs-_wzxhzdk:52_-enableDebugLogs-default="security-acme-certs-<name>-enableDebugLogs-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>enableDebugLogs</code></p>
<h3 id="example_4" security-acme-certs-_wzxhzdk:54_-enableDebugLogs-example="security-acme-certs-<name>-enableDebugLogs-example">Example</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnameenvironmentfile" security-acme-certs-_wzxhzdk:57_-environmentFile="security-acme-certs-<name>-environmentFile"><code>security.acme.certs.&lt;name&gt;.environmentFile</code></h2>
<p>Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider.
To find out what values you need to set, consult the documentation at
<a href="https://go-acme.github.io/lego/dns/">https://go-acme.github.io/lego/dns/</a> for the corresponding dnsProvider.</p>
<p><strong>Type:</strong> <code>null or path</code></p>
<h3 id="default_10" security-acme-certs-_wzxhzdk:59_-environmentFile-default="security-acme-certs-<name>-environmentFile-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>environmentFile</code></p>
<h3 id="example_5" security-acme-certs-_wzxhzdk:61_-environmentFile-example="security-acme-certs-<name>-environmentFile-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;/var/src/secrets/example.org-route53-api-token&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnameextradomainnames" security-acme-certs-_wzxhzdk:64_-extraDomainNames="security-acme-certs-<name>-extraDomainNames"><code>security.acme.certs.&lt;name&gt;.extraDomainNames</code></h2>
<p>A list of extra domain names, which are included in the one certificate to be issued.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default_11" security-acme-certs-_wzxhzdk:66_-extraDomainNames-default="security-acme-certs-<name>-extraDomainNames-default">Default</h3>
<p><code class="highlight"><span class="p">[</span> <span class="p">]</span></code></p>
<h3 id="example_6" security-acme-certs-_wzxhzdk:68_-extraDomainNames-example="security-acme-certs-<name>-extraDomainNames-example">Example</h3>
<p><code class="highlight"><span class="p">[</span><span class="s2">&quot;example.org&quot;</span><span class="s2">&quot;mydomain.org&quot;</span><span class="p">]</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnameextralegoflags" security-acme-certs-_wzxhzdk:71_-extraLegoFlags="security-acme-certs-<name>-extraLegoFlags"><code>security.acme.certs.&lt;name&gt;.extraLegoFlags</code></h2>
<p>Additional global flags to pass to all lego commands.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default_12" security-acme-certs-_wzxhzdk:73_-extraLegoFlags-default="security-acme-certs-<name>-extraLegoFlags-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>extraLegoFlags</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnameextralegorenewflags" security-acme-certs-_wzxhzdk:76_-extraLegoRenewFlags="security-acme-certs-<name>-extraLegoRenewFlags"><code>security.acme.certs.&lt;name&gt;.extraLegoRenewFlags</code></h2>
<p>Additional flags to pass to lego renew.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default_13" security-acme-certs-_wzxhzdk:78_-extraLegoRenewFlags-default="security-acme-certs-<name>-extraLegoRenewFlags-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>extraLegoRenewFlags</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnameextralegorunflags" security-acme-certs-_wzxhzdk:81_-extraLegoRunFlags="security-acme-certs-<name>-extraLegoRunFlags"><code>security.acme.certs.&lt;name&gt;.extraLegoRunFlags</code></h2>
<p>Additional flags to pass to lego run.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default_14" security-acme-certs-_wzxhzdk:83_-extraLegoRunFlags-default="security-acme-certs-<name>-extraLegoRunFlags-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>extraLegoRunFlags</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamegroup" security-acme-certs-_wzxhzdk:86_-group="security-acme-certs-<name>-group"><code>security.acme.certs.&lt;name&gt;.group</code></h2>
<p>Group running the ACME client.
<strong>Type:</strong> <code>string</code></p>
<h3 id="default_15" security-acme-certs-_wzxhzdk:88_-group-default="security-acme-certs-<name>-group-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>group</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnameinheritdefaults" security-acme-certs-_wzxhzdk:91_-inheritDefaults="security-acme-certs-<name>-inheritDefaults"><code>security.acme.certs.&lt;name&gt;.inheritDefaults</code></h2>
<p>Whether to inherit values set in <code>security.acme.defaults</code> or not.
<strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_16" security-acme-certs-_wzxhzdk:94_-inheritDefaults-default="security-acme-certs-<name>-inheritDefaults-default">Default</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<h3 id="example_7" security-acme-certs-_wzxhzdk:96_-inheritDefaults-example="security-acme-certs-<name>-inheritDefaults-example">Example</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamekeytype" security-acme-certs-_wzxhzdk:99_-keyType="security-acme-certs-<name>-keyType"><code>security.acme.certs.&lt;name&gt;.keyType</code></h2>
<p>Key type to use for private keys.
For an up to date list of supported values check the --key-type option
at <a href="https://go-acme.github.io/lego/usage/cli/options/">https://go-acme.github.io/lego/usage/cli/options/</a>.</p>
<p><strong>Type:</strong> <code>string</code></p>
<h3 id="default_17" security-acme-certs-_wzxhzdk:101_-keyType-default="security-acme-certs-<name>-keyType-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>keyType</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamelistenhttp" security-acme-certs-_wzxhzdk:104_-listenHTTP="security-acme-certs-<name>-listenHTTP"><code>security.acme.certs.&lt;name&gt;.listenHTTP</code></h2>
<p>Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT.
If you use a port other than 80, you must proxy port 80 to this port.</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_18" security-acme-certs-_wzxhzdk:106_-listenHTTP-default="security-acme-certs-<name>-listenHTTP-default">Default</h3>
<p><code class="highlight"><span class="no">null</span></code></p>
<h3 id="example_8" security-acme-certs-_wzxhzdk:108_-listenHTTP-example="security-acme-certs-<name>-listenHTTP-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;:1360&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnameocspmuststaple" security-acme-certs-_wzxhzdk:111_-ocspMustStaple="security-acme-certs-<name>-ocspMustStaple"><code>security.acme.certs.&lt;name&gt;.ocspMustStaple</code></h2>
<p>Turns on the OCSP Must-Staple TLS extension.
Make sure you know what you're doing! See:</p>
<ul>
<li><a href="https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/">https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/</a></li>
<li><a href="https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html">https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html</a></li>
</ul>
<p><strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_19" security-acme-certs-_wzxhzdk:113_-ocspMustStaple-default="security-acme-certs-<name>-ocspMustStaple-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>ocspMustStaple</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamepostrun" security-acme-certs-_wzxhzdk:116_-postRun="security-acme-certs-<name>-postRun"><code>security.acme.certs.&lt;name&gt;.postRun</code></h2>
<p>Commands to run after new certificates go live. Note that
these commands run as the root user.</p>
<p>Executed in the same directory with the new certificate.</p>
<p><strong>Type:</strong> <code>strings concatenated with "\n"</code></p>
<h3 id="default_20" security-acme-certs-_wzxhzdk:118_-postRun-default="security-acme-certs-<name>-postRun-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>postRun</code></p>
<h3 id="example_9" security-acme-certs-_wzxhzdk:120_-postRun-example="security-acme-certs-<name>-postRun-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;cp full.pem backup.pem&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamereloadservices" security-acme-certs-_wzxhzdk:123_-reloadServices="security-acme-certs-<name>-reloadServices"><code>security.acme.certs.&lt;name&gt;.reloadServices</code></h2>
<p>The list of systemd services to call <code>systemctl try-reload-or-restart</code>
on.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default_21" security-acme-certs-_wzxhzdk:126_-reloadServices-default="security-acme-certs-<name>-reloadServices-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>reloadServices</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamerenewinterval" security-acme-certs-_wzxhzdk:129_-renewInterval="security-acme-certs-<name>-renewInterval"><code>security.acme.certs.&lt;name&gt;.renewInterval</code></h2>
<p>Systemd calendar expression when to check for renewal. See
{manpage}<code>systemd.time(7)</code>.</p>
<p><strong>Type:</strong> <code>string</code></p>
<h3 id="default_22" security-acme-certs-_wzxhzdk:132_-renewInterval-default="security-acme-certs-<name>-renewInterval-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>renewInterval</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnames3bucket" security-acme-certs-_wzxhzdk:135_-s3Bucket="security-acme-certs-<name>-s3Bucket"><code>security.acme.certs.&lt;name&gt;.s3Bucket</code></h2>
<p>S3 bucket name to use for HTTP-01 based challenges. Challenges will be written to the S3 bucket.</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_23" security-acme-certs-_wzxhzdk:137_-s3Bucket-default="security-acme-certs-<name>-s3Bucket-default">Default</h3>
<p><code class="highlight"><span class="no">null</span></code></p>
<h3 id="example_10" security-acme-certs-_wzxhzdk:139_-s3Bucket-example="security-acme-certs-<name>-s3Bucket-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;acme&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnameserver" security-acme-certs-_wzxhzdk:142_-server="security-acme-certs-<name>-server"><code>security.acme.certs.&lt;name&gt;.server</code></h2>
<p>ACME Directory Resource URI.
Defaults to Let's Encrypt's production endpoint.
For testing Let's Encrypt's <a href="https://letsencrypt.org/docs/staging-environment/">staging endpoint</a>
should be used to avoid the rather tight rate limit on the production endpoint.</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_24" security-acme-certs-_wzxhzdk:144_-server-default="security-acme-certs-<name>-server-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>server</code></p>
<h3 id="example_11" security-acme-certs-_wzxhzdk:146_-server-example="security-acme-certs-<name>-server-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;https://acme-staging-v02.api.letsencrypt.org/directory&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamevalidmindays" security-acme-certs-_wzxhzdk:149_-validMinDays="security-acme-certs-<name>-validMinDays"><code>security.acme.certs.&lt;name&gt;.validMinDays</code></h2>
<p>Minimum remaining validity before renewal in days.
<strong>Type:</strong> <code>signed integer</code></p>
<h3 id="default_25" security-acme-certs-_wzxhzdk:151_-validMinDays-default="security-acme-certs-<name>-validMinDays-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>validMinDays</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmecertsnamewebroot" security-acme-certs-_wzxhzdk:154_-webroot="security-acme-certs-<name>-webroot"><code>security.acme.certs.&lt;name&gt;.webroot</code></h2>
<p>Where the webroot of the HTTP vhost is located.
{file}<code>.well-known/acme-challenge/</code> directory
will be created below the webroot if it doesn't exist.
<code>http://example.org/.well-known/acme-challenge/</code> must also
be available (notice unencrypted HTTP).</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_26" security-acme-certs-_wzxhzdk:158_-webroot-default="security-acme-certs-<name>-webroot-default">Default</h3>
<p><code class="highlight">config<span class="o">.</span>security<span class="o">.</span>acme<span class="o">.</span>defaults<span class="o">.</span>webroot</code></p>
<h3 id="example_12" security-acme-certs-_wzxhzdk:160_-webroot-example="security-acme-certs-<name>-webroot-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;/var/lib/acme/acme-challenge&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaults" security-acme-defaults="security-acme-defaults"><code>security.acme.defaults</code></h2>
<p>Default values inheritable by all configured certs. You can
use this to define options shared by all your certs. These defaults
can also be ignored on a per-cert basis using the
{option}<code>security.acme.certs.${cert}.inheritDefaults</code> option.</p>
<p><strong>Type:</strong> <code>submodule</code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultscredentialfiles" security-acme-defaults-credentialFiles="security-acme-defaults-credentialFiles"><code>security.acme.defaults.credentialFiles</code></h2>
<p>Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider.
To find out what values you need to set, consult the documentation at
<a href="https://go-acme.github.io/lego/dns/">https://go-acme.github.io/lego/dns/</a> for the corresponding dnsProvider.
This allows to securely pass credential files to lego by leveraging systemd
credentials.</p>
<p><strong>Type:</strong> <code>attribute set of path</code></p>
<h3 id="default_27" security-acme-defaults-credentialFiles-default="security-acme-defaults-credentialFiles-default">Default</h3>
<p><code class="highlight"><span class="p">{</span> <span class="p">}</span></code></p>
<h3 id="example_13" security-acme-defaults-credentialFiles-example="security-acme-defaults-credentialFiles-example">Example</h3>
<p><code class="highlight"><span class="p">{</span><span class="s2">&quot;RFC2136_TSIG_SECRET_FILE&quot;</span> <span class="o">=</span> <span class="s2">&quot;/run/secrets/tsig-secret-example.org&quot;</span><span class="p">;</span><span class="p">}</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsdnspropagationcheck" security-acme-defaults-dnsPropagationCheck="security-acme-defaults-dnsPropagationCheck"><code>security.acme.defaults.dnsPropagationCheck</code></h2>
<p>Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.</p>
<p><strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_28" security-acme-defaults-dnsPropagationCheck-default="security-acme-defaults-dnsPropagationCheck-default">Default</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsdnsprovider" security-acme-defaults-dnsProvider="security-acme-defaults-dnsProvider"><code>security.acme.defaults.dnsProvider</code></h2>
<p>DNS Challenge provider. For a list of supported providers, see the "code"
field of the DNS providers listed at <a href="https://go-acme.github.io/lego/dns/">https://go-acme.github.io/lego/dns/</a>.</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_29" security-acme-defaults-dnsProvider-default="security-acme-defaults-dnsProvider-default">Default</h3>
<p><code class="highlight"><span class="no">null</span></code></p>
<h3 id="example_14" security-acme-defaults-dnsProvider-example="security-acme-defaults-dnsProvider-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;route53&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsdnsresolver" security-acme-defaults-dnsResolver="security-acme-defaults-dnsResolver"><code>security.acme.defaults.dnsResolver</code></h2>
<p>Set the resolver to use for performing recursive DNS queries. Supported:
host:port. The default is to use the system resolvers, or Google's DNS
resolvers if the system's cannot be determined.</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_30" security-acme-defaults-dnsResolver-default="security-acme-defaults-dnsResolver-default">Default</h3>
<p><code class="highlight"><span class="no">null</span></code></p>
<h3 id="example_15" security-acme-defaults-dnsResolver-example="security-acme-defaults-dnsResolver-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;1.1.1.1:53&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsemail" security-acme-defaults-email="security-acme-defaults-email"><code>security.acme.defaults.email</code></h2>
<p>Email address for account creation and correspondence from the CA.
It is recommended to use the same email for all certs to avoid account
creation limits.</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_31" security-acme-defaults-email-default="security-acme-defaults-email-default">Default</h3>
<p><code class="highlight"><span class="no">null</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsenabledebuglogs" security-acme-defaults-enableDebugLogs="security-acme-defaults-enableDebugLogs"><code>security.acme.defaults.enableDebugLogs</code></h2>
<p>Whether to enable debug logging for this certificate.
<strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_32" security-acme-defaults-enableDebugLogs-default="security-acme-defaults-enableDebugLogs-default">Default</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<h3 id="example_16" security-acme-defaults-enableDebugLogs-example="security-acme-defaults-enableDebugLogs-example">Example</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsenvironmentfile" security-acme-defaults-environmentFile="security-acme-defaults-environmentFile"><code>security.acme.defaults.environmentFile</code></h2>
<p>Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider.
To find out what values you need to set, consult the documentation at
<a href="https://go-acme.github.io/lego/dns/">https://go-acme.github.io/lego/dns/</a> for the corresponding dnsProvider.</p>
<p><strong>Type:</strong> <code>null or path</code></p>
<h3 id="default_33" security-acme-defaults-environmentFile-default="security-acme-defaults-environmentFile-default">Default</h3>
<p><code class="highlight"><span class="no">null</span></code></p>
<h3 id="example_17" security-acme-defaults-environmentFile-example="security-acme-defaults-environmentFile-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;/var/src/secrets/example.org-route53-api-token&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsextralegoflags" security-acme-defaults-extraLegoFlags="security-acme-defaults-extraLegoFlags"><code>security.acme.defaults.extraLegoFlags</code></h2>
<p>Additional global flags to pass to all lego commands.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default_34" security-acme-defaults-extraLegoFlags-default="security-acme-defaults-extraLegoFlags-default">Default</h3>
<p><code class="highlight"><span class="p">[</span> <span class="p">]</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsextralegorenewflags" security-acme-defaults-extraLegoRenewFlags="security-acme-defaults-extraLegoRenewFlags"><code>security.acme.defaults.extraLegoRenewFlags</code></h2>
<p>Additional flags to pass to lego renew.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default_35" security-acme-defaults-extraLegoRenewFlags-default="security-acme-defaults-extraLegoRenewFlags-default">Default</h3>
<p><code class="highlight"><span class="p">[</span> <span class="p">]</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsextralegorunflags" security-acme-defaults-extraLegoRunFlags="security-acme-defaults-extraLegoRunFlags"><code>security.acme.defaults.extraLegoRunFlags</code></h2>
<p>Additional flags to pass to lego run.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default_36" security-acme-defaults-extraLegoRunFlags-default="security-acme-defaults-extraLegoRunFlags-default">Default</h3>
<p><code class="highlight"><span class="p">[</span> <span class="p">]</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsgroup" security-acme-defaults-group="security-acme-defaults-group"><code>security.acme.defaults.group</code></h2>
<p>Group running the ACME client.
<strong>Type:</strong> <code>string</code></p>
<h3 id="default_37" security-acme-defaults-group-default="security-acme-defaults-group-default">Default</h3>
<p><code class="highlight"><span class="s2">&quot;acme&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultskeytype" security-acme-defaults-keyType="security-acme-defaults-keyType"><code>security.acme.defaults.keyType</code></h2>
<p>Key type to use for private keys.
For an up to date list of supported values check the --key-type option
at <a href="https://go-acme.github.io/lego/usage/cli/options/">https://go-acme.github.io/lego/usage/cli/options/</a>.</p>
<p><strong>Type:</strong> <code>string</code></p>
<h3 id="default_38" security-acme-defaults-keyType-default="security-acme-defaults-keyType-default">Default</h3>
<p><code class="highlight"><span class="s2">&quot;ec256&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsocspmuststaple" security-acme-defaults-ocspMustStaple="security-acme-defaults-ocspMustStaple"><code>security.acme.defaults.ocspMustStaple</code></h2>
<p>Turns on the OCSP Must-Staple TLS extension.
Make sure you know what you're doing! See:</p>
<ul>
<li><a href="https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/">https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/</a></li>
<li><a href="https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html">https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html</a></li>
</ul>
<p><strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_39" security-acme-defaults-ocspMustStaple-default="security-acme-defaults-ocspMustStaple-default">Default</h3>
<p><code class="highlight"><span class="no">false</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultspostrun" security-acme-defaults-postRun="security-acme-defaults-postRun"><code>security.acme.defaults.postRun</code></h2>
<p>Commands to run after new certificates go live. Note that
these commands run as the root user.</p>
<p>Executed in the same directory with the new certificate.</p>
<p><strong>Type:</strong> <code>strings concatenated with "\n"</code></p>
<h3 id="default_40" security-acme-defaults-postRun-default="security-acme-defaults-postRun-default">Default</h3>
<p><code class="highlight"><span class="s2">&quot;&quot;</span></code></p>
<h3 id="example_18" security-acme-defaults-postRun-example="security-acme-defaults-postRun-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;cp full.pem backup.pem&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsreloadservices" security-acme-defaults-reloadServices="security-acme-defaults-reloadServices"><code>security.acme.defaults.reloadServices</code></h2>
<p>The list of systemd services to call <code>systemctl try-reload-or-restart</code>
on.</p>
<p><strong>Type:</strong> <code>list of string</code></p>
<h3 id="default_41" security-acme-defaults-reloadServices-default="security-acme-defaults-reloadServices-default">Default</h3>
<p><code class="highlight"><span class="p">[</span> <span class="p">]</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsrenewinterval" security-acme-defaults-renewInterval="security-acme-defaults-renewInterval"><code>security.acme.defaults.renewInterval</code></h2>
<p>Systemd calendar expression when to check for renewal. See
{manpage}<code>systemd.time(7)</code>.</p>
<p><strong>Type:</strong> <code>string</code></p>
<h3 id="default_42" security-acme-defaults-renewInterval-default="security-acme-defaults-renewInterval-default">Default</h3>
<p><code class="highlight"><span class="s2">&quot;daily&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsserver" security-acme-defaults-server="security-acme-defaults-server"><code>security.acme.defaults.server</code></h2>
<p>ACME Directory Resource URI.
Defaults to Let's Encrypt's production endpoint.
For testing Let's Encrypt's <a href="https://letsencrypt.org/docs/staging-environment/">staging endpoint</a>
should be used to avoid the rather tight rate limit on the production endpoint.</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_43" security-acme-defaults-server-default="security-acme-defaults-server-default">Default</h3>
<p><code class="highlight"><span class="s2">&quot;https://acme-v02.api.letsencrypt.org/directory&quot;</span></code></p>
<h3 id="example_19" security-acme-defaults-server-example="security-acme-defaults-server-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;https://acme-staging-v02.api.letsencrypt.org/directory&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultsvalidmindays" security-acme-defaults-validMinDays="security-acme-defaults-validMinDays"><code>security.acme.defaults.validMinDays</code></h2>
<p>Minimum remaining validity before renewal in days.
<strong>Type:</strong> <code>signed integer</code></p>
<h3 id="default_44" security-acme-defaults-validMinDays-default="security-acme-defaults-validMinDays-default">Default</h3>
<p><code class="highlight"><span class="mi">30</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmedefaultswebroot" security-acme-defaults-webroot="security-acme-defaults-webroot"><code>security.acme.defaults.webroot</code></h2>
<p>Where the webroot of the HTTP vhost is located.
{file}<code>.well-known/acme-challenge/</code> directory
will be created below the webroot if it doesn't exist.
<code>http://example.org/.well-known/acme-challenge/</code> must also
be available (notice unencrypted HTTP).</p>
<p><strong>Type:</strong> <code>null or string</code></p>
<h3 id="default_45" security-acme-defaults-webroot-default="security-acme-defaults-webroot-default">Default</h3>
<p><code class="highlight"><span class="no">null</span></code></p>
<h3 id="example_20" security-acme-defaults-webroot-example="security-acme-defaults-webroot-example">Example</h3>
<p><code class="highlight"><span class="s2">&quot;/var/lib/acme/acme-challenge&quot;</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmemaxconcurrentrenewals" security-acme-maxConcurrentRenewals="security-acme-maxConcurrentRenewals"><code>security.acme.maxConcurrentRenewals</code></h2>
<p>Maximum number of concurrent certificate generation or renewal jobs. All other
jobs will queue and wait running jobs to finish. Reduces the system load of
certificate generation.</p>
<p>Set to <code>0</code> to allow unlimited number of concurrent job runs."</p>
<p><strong>Type:</strong> <code>signed integer</code></p>
<h3 id="default_46" security-acme-maxConcurrentRenewals-default="security-acme-maxConcurrentRenewals-default">Default</h3>
<p><code class="highlight"><span class="mi">5</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmepreliminaryselfsigned" security-acme-preliminarySelfsigned="security-acme-preliminarySelfsigned"><code>security.acme.preliminarySelfsigned</code></h2>
<p>Whether a preliminary self-signed certificate should be generated before
doing ACME requests. This can be useful when certificates are required in
a webserver, but ACME needs the webserver to make its requests.</p>
<p>With preliminary self-signed certificate the webserver can be started and
can later reload the correct ACME certificates.</p>
<p><strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_47" security-acme-preliminarySelfsigned-default="security-acme-preliminarySelfsigned-default">Default</h3>
<p><code class="highlight"><span class="no">true</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
<h2 id="securityacmeuseroot" security-acme-useRoot="security-acme-useRoot"><code>security.acme.useRoot</code></h2>
<p>Whether to use the root user when generating certs. This is not recommended
for security + compatibility reasons. If a service requires root owned certificates
consider following the guide on "Using ACME with services demanding root
owned certificates" in the NixOS manual, and only using this as a fallback
or for testing.</p>
<p><strong>Type:</strong> <code>boolean</code></p>
<h3 id="default_48" security-acme-useRoot-default="security-acme-useRoot-default">Default</h3>
<p><code class="highlight"><span class="no">false</span></code></p>
<p><strong>Declared by:</strong> <a href="https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme">https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/acme</a></p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Licenced MIT
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="https://git.auxolotl.org/auxolotl/docs" target="_blank" rel="noopener" title="Aux Docs Repo" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16.777 0a2.9 2.9 0 1 1-2.529 4.322H12.91a4.266 4.266 0 0 0-4.265 4.195v2.118a7.076 7.076 0 0 1 4.147-1.42l.118-.002h1.338a2.9 2.9 0 0 1 5.43 1.422 2.9 2.9 0 0 1-5.43 1.422H12.91a4.266 4.266 0 0 0-4.265 4.195v2.319A2.9 2.9 0 0 1 7.222 24 2.9 2.9 0 0 1 5.8 18.57V8.589a7.109 7.109 0 0 1 6.991-7.108l.118-.001h1.338A2.9 2.9 0 0 1 16.778 0ZM7.223 19.905a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Zm9.554-10.464a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.39Zm0-7.735a1.194 1.194 0 1 0 0 2.389 1.194 1.194 0 0 0 0-2.389Z"/></svg>
</a>
<a href="https://forum.aux.computer/" target="_blank" rel="noopener" title="Aux Forum" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12.103 0C18.666 0 24 5.485 24 11.997c0 6.51-5.33 11.99-11.9 11.99L0 24V11.79C0 5.28 5.532 0 12.103 0zm.116 4.563a7.395 7.395 0 0 0-6.337 3.57 7.247 7.247 0 0 0-.148 7.22L4.4 19.61l4.794-1.074a7.424 7.424 0 0 0 8.136-1.39 7.256 7.256 0 0 0 1.737-7.997 7.375 7.375 0 0 0-6.84-4.585h-.008z"/></svg>
</a>
<a href="https://wiki.auxolotl.org/" target="_blank" rel="noopener" title="Aux Wiki" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17.801 13.557c.148.098.288.202.417.313 1.854 1.6 3.127 4.656 2.582 7.311-1.091-.255-5.747-1.055-7.638-3.383-.91-1.12-1.366-2.081-1.569-2.885a5.65 5.65 0 0 0 .034-.219c.089.198.197.35.313.466.24.24.521.335.766.372.304.046.594-.006.806-.068l.001.001c.05-.015.433-.116.86-.342.325-.173 2.008-.931 3.428-1.566Zm-7.384 1.435C9.156 16.597 6.6 18.939.614 18.417c.219-1.492 1.31-3.019 2.51-4.11.379-.345.906-.692 1.506-1.009.286.168.598.332.939.486 2.689 1.221 3.903 1.001 4.89.573a1.3 1.3 0 0 0 .054-.025 6.156 6.156 0 0 0-.096.66Zm4.152-.462c.38-.341.877-.916 1.383-1.559-.389-.15-.866-.371-1.319-.591-.598-.29-1.305-.283-2.073-.315a4.685 4.685 0 0 1-.804-.103c.014-.123.027-.246.038-.369.062.104.673.057.871.057.354 0 1.621.034 3.074-.574 1.452-.608 2.55-1.706 3.022-3.225.474-1.52.22-3.091-.168-3.952-.169.709-1.453 2.381-1.926 2.871-.473.489-2.381 2.296-2.972 2.921-.7.74-.688.793-1.332 1.302-.202.19-.499.402-.563.53.027-.338.039-.675.027-.997a7.653 7.653 0 0 0-.032-.523c.322-.059.567-.522.567-.861 0-.224-.106-.247-.271-.229.075-.894.382-3.923 1.254-4.281.218.109.831.068.649-.295-.182-.364-.825-.074-1.081.266-.28.374-.956 2.046-.92 4.324-.113.014-.174.033-.322.033-.171 0-.321-.04-.433-.05.034-2.275-.714-3.772-.84-4.169-.12-.375-.491-.596-.781-.596-.146 0-.272.056-.333.179-.182.363.459.417.677.308.706.321 1.156 3.519 1.254 4.277-.125-.006-.199.035-.199.233 0 .311.17.756.452.843a.442.442 0 0 0-.007.03s-.287.99-.413 2.189a4.665 4.665 0 0 1-.718-.225c-.714-.286-1.355-.583-2.019-.566-.664.018-1.366.023-1.804-.036-.438-.058-.649-.15-.649-.15s-.234.365.257 1.075c.42.607 1.055 1.047 1.644 1.18.589.134 1.972.18 2.785-.377.16-.109.317-.228.459-.34a8.717 8.717 0 0 0-.013.626c-.289.753-.571 1.993-.268 3.338 0-.001.701-.842.787-2.958.006-.144.009-.271.01-.383.052-.248.103-.518.148-.799.072.135.151.277.234.413.511.842 1.791 1.37 2.383 1.49.091.019.187.032.285.038Zm-1.12.745c-.188.055-.445.1-.713.059-.21-.031-.45-.11-.655-.316-.169-.168-.312-.419-.401-.789a9.837 9.837 0 0 0 .039-.82l.049-.243c.563.855 1.865 1.398 2.476 1.522.036.008.072.014.109.02l-.013.009c-.579.415-.76.503-.891.558Zm6.333-2.818c-.257.114-4.111 1.822-5.246 2.363.98-.775 3.017-3.59 3.699-4.774 1.062.661 1.468 1.109 1.623 1.441.101.217.09.38.096.515a.57.57 0 0 1-.172.455Zm-9.213 1.62a1.606 1.606 0 0 1-.19.096c-.954.414-2.126.61-4.728-.571-2.023-.918-3.024-2.157-3.371-2.666.476.161 1.471.473 2.157.524.282.021.703.068 1.167.125.021.209.109.486.345.829l.001.001c.451.651 1.134 1.119 1.765 1.262.622.141 2.083.182 2.942-.407a3.12 3.12 0 0 0 .132-.093l.001.179a6.052 6.052 0 0 0-.221.721Zm5.512-1.271a17.49 17.49 0 0 1-1.326-.589c.437.042 1.054.083 1.692.108-.121.162-.244.323-.366.481Zm.932-1.26c-.12.17-.245.343-.373.517-.241.018-.478.03-.709.038a29.05 29.05 0 0 1-.741-.048c.608-.065 1.228-.252 1.823-.507Zm.22-.315c-.809.382-1.679.648-2.507.648-.472 0-.833.018-1.139.039v.001c-.324-.031-.665-.039-1.019-.054a3.555 3.555 0 0 1-.152-.009c.102-.002.192-.006.249-.006.363 0 1.662.034 3.151-.589 1.508-.632 2.645-1.773 3.136-3.351.37-1.186.31-2.402.086-3.312.458-.336.86-.651 1.147-.91.501-.451.743-.733.848-.869.199.206.714.864.685 2.138-.036 1.611-.606 3.187-1.501 4.154a9.099 9.099 0 0 1-1.321 1.132 11.978 11.978 0 0 0-.644-.422l-.089-.055-.051.091c-.184.332-.5.825-.879 1.374ZM4.763 5.817c-.157 1.144.113 2.323.652 3.099.539.776 2.088 2.29 3.614 2.505.991.14 2.055.134 2.055.134s-.593-.576-1.114-1.66c-.521-1.085-.948-2.104-1.734-2.786-.785-.681-1.601-1.416-2.045-1.945-.444-.53-.59-.86-.59-.86s-.656.175-.838 1.513Zm14.301 4.549a9.162 9.162 0 0 0 1.3-1.12c.326-.352.611-.782.845-1.265 1.315.145 2.399.371 2.791.434 0 0-.679 1.971-3.945 3.022l-.016-.035c-.121-.26-.385-.594-.975-1.036Zm-11.634.859a8.537 8.537 0 0 1-.598-.224c-1.657-.693-2.91-1.944-3.449-3.678-.498-1.601-.292-3.251.091-4.269.225.544.758 1.34 1.262 2.01a3.58 3.58 0 0 0-.172.726c-.163 1.197.123 2.428.687 3.24.416.599 1.417 1.62 2.555 2.193-.128.002-.253.003-.376.002Zm-1.758-.077c-.958-.341-1.901-.787-2.697-1.368C-.07 7.559 0 6.827 0 6.827s1.558-.005 3.088.179c.03.126.065.
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["content.tooltips", "search.highlight", "navigation.tabs", "navigation.indexes", "navigation.prune"], "search": "../../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../../assets/javascripts/bundle.fe8b6f2b.min.js"></script>
</body>
</html>