mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-04-21 20:46:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pki: document certificate lifetime options (#283)

Browse source 
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
This commit is contained in:
Kyle McCullough 2022-12-06 17:53:42 -08:00 committed by GitHub
parent fed989d550
commit a2742d8d8d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/docs/markdown/caddyfile/directives/acme_server.md
View file

@ -18,9 +18,10 @@ Using ACME server defaults, ACME clients should simply be configured to use `htt
```caddy-d
acme_server [<matcher>] {
ca <id>
ca <id>
lifetime <duration>
}
```
- **ca** specifies the ID of the certificate authority with which to sign certificates. The default is `local`, which is Caddy's default CA, intended for locally-used, self-signed certificates, which is most common in dev environments. For broader use, it is recommended to specify a different CA to avoid confusion. If the CA with the given ID does not already exist, it will be created. See the [PKI app global options](/docs/caddyfile/options#pki-options) to configure alternate CAs.
- **lifetime** (Default: `12h`) is a [duration](/docs/conventions#durations) which specifies the validity period for issued certificates. This value must be less than the lifetime of the [intermediate certificate](/docs/caddyfile/options#intermediate-lifetime) used for signing. It is not recommended to change this unless absolutely necessary.