41 lines
1.1 KiB
Plaintext
41 lines
1.1 KiB
Plaintext
[global]
|
|
# Path to source SSL certificate (can be fullchain or single cert)
|
|
source_cert_path = /etc/letsencrypt/live/example.com/fullchain.pem
|
|
|
|
# Default SSH key for all hosts (can be overridden per host)
|
|
default_ssh_key = /root/.ssh/id_rsa
|
|
|
|
[webserver1]
|
|
hostname = 192.168.1.100
|
|
port = 22
|
|
username = root
|
|
remote_cert_path = /etc/nginx/ssl/certificate.pem
|
|
post_upload_command = systemctl reload nginx
|
|
check_url = https://example.com
|
|
|
|
[webserver2]
|
|
hostname = 192.168.1.101
|
|
port = 2222
|
|
username = admin
|
|
# Override SSH key for this host
|
|
ssh_key_path = /root/.ssh/webserver2_key
|
|
remote_cert_path = /etc/apache2/ssl/fullchain.pem
|
|
post_upload_command = systemctl reload apache2
|
|
check_url = https://subdomain.example.com
|
|
|
|
[mailserver]
|
|
hostname = mail.example.com
|
|
port = 22
|
|
username = root
|
|
remote_cert_path = /etc/postfix/ssl/cert.pem
|
|
post_upload_command = systemctl restart postfix && systemctl restart dovecot
|
|
# No check_url - always upload
|
|
|
|
[proxmox]
|
|
hostname = 10.0.0.50
|
|
port = 22
|
|
username = root
|
|
remote_cert_path = /etc/pve/local/pveproxy-ssl.pem
|
|
post_upload_command = systemctl restart pveproxy
|
|
check_url = https://10.0.0.50:8006
|