# The settings in this file can be used to override those in the global config file in /etc/dehydrated

# Which challenge should be used?
# Supported values: http-01, dns-01, tls-alpn-01.
# Default: http-01
#CHALLENGETYPE="http-01"

# Default keysize for private keys.
# Default: 4096
#KEYSIZE="4096"

# Program or function called at certain stages of processing.
# BASEDIR and WELLKNOWN variables are exported and can be used in an external program.
# Default: <unset>
#HOOK=""

# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate?
# Default: no
#HOOK_CHAIN="no"

# Minimum days before expiration to automatically renew certificate.
# Default: 30
#RENEW_DAYS="30"

# Regenerate private keys instead of just signing new certificates on renewal?
# Default: yes
PRIVATE_KEY_RENEW="no"

# Create an extra private key for rollover?
# Default: no
#PRIVATE_KEY_ROLLOVER="no"

# Which public key algorithm should be used?
# Supported: rsa, prime256v1, secp384r1.
# Default: rsa
KEY_ALGO="prime256v1"

# Option to add CSR-flag indicating OCSP stapling to be mandatory.
# Default: no
#OCSP_MUST_STAPLE="no"

# Fetch OCSP responses.
# Default: no
#OCSP_FETCH="no"

# OCSP refresh interval, in days.
# Default: 5
#OCSP_DAYS="5"