[global]
# Path to source SSL certificate (can be fullchain or single cert)
source_cert_path = /etc/letsencrypt/live/example.com/fullchain.pem

# Default SSH key for all hosts (can be overridden per host)
default_ssh_key = /root/.ssh/id_rsa

[webserver1]
hostname = 192.168.1.100
port = 22
username = root
remote_cert_path = /etc/nginx/ssl/certificate.pem
post_upload_command = systemctl reload nginx
check_url = https://example.com

[webserver2]
hostname = 192.168.1.101
port = 2222
username = admin
# Override SSH key for this host
ssh_key_path = /root/.ssh/webserver2_key
remote_cert_path = /etc/apache2/ssl/fullchain.pem
post_upload_command = systemctl reload apache2
check_url = https://subdomain.example.com

[mailserver]
hostname = mail.example.com
port = 22
username = root
remote_cert_path = /etc/postfix/ssl/cert.pem
post_upload_command = systemctl restart postfix && systemctl restart dovecot
# No check_url - always upload

[proxmox]
hostname = 10.0.0.50
port = 22
username = root
remote_cert_path = /etc/pve/local/pveproxy-ssl.pem
post_upload_command = systemctl restart pveproxy
check_url = https://10.0.0.50:8006