#
# You need to configure http server
# so that directory "/run/acme-challenge"
# was the alias of "/.well-known/acme-challenge"
#
# Nginx example:
#  location /.well-known/acme-challenge {
#    alias /run/acme-challenge;
#  }
#
# Run:
#    systemctl start acme-client@handle
#
# Show status:
#    journalctl -e -u acme-client@handle
#
# Enable daily timer check and renew certs:
#    systemctl enable --now acme-client@handle.timer
#
# If you need additional actions, then copy and edit the hook:
#    /etc/acme-client.d/example.org.hook

authority letsencrypt {
	api url "https://acme-v02.api.letsencrypt.org/directory"
	account key "/var/lib/acme-client/accounts/letsencrypt.key"
}

authority letsencrypt-staging {
	api url "https://acme-staging-v02.api.letsencrypt.org/directory"
	account key "/var/lib/acme-client/accounts/letsencrypt-staging.key"
}

domain example.org {
	domain key "/var/lib/acme-client/certs/example.org.key"
	domain full chain certificate "/var/lib/acme-client/certs/example.org.crt"
	sign with "letsencrypt"
	challengedir "/run/acme-challenge"
}

# domain example.org {
# 	domain key "/var/lib/acme-client/certs/example.org.key-staging"
# 	domain full chain certificate "/var/lib/acme-client/certs/example.org.crt-staging"
# 	sign with "letsencrypt-staging"
# 	challengedir "/run/acme-challenge"
# }