A service which runs certhub-lego-run with a CSR read from the config directory. The resulting fullchain certificate is committed to the repository. A commit message is generated automatically.
A path unit which runs the service unit if the expiry status file managed by certhub-cert-expiry@.service exists or if the CSR file changed.
The instance name (systemd instance string specifier
%i) is used as the
basename of the configuration and the resulting certificate file.
URL of the repository where certificates are stored. Defaults to:
Path to the certificate file inside the repository. Defaults to:
Path to the CSR file. Defaults to:
Additional Arguments for lego --csr run. Empty by default.
Use this environment variable to select a challenge method. Empty by default. Lego will fall back to HTTP-01 challenge if this variable is not set.
The path to the directory where lego stores accound data and issued certificates. Defaults to:
Optional environment file shared by all instances and certhub services.
Optional per-instance environment file shared by all certhub services.
Optional per-service environment file shared by all certhub service instances.
Optional per-instance and per-service environment file.
certhub-cert-expiry@.service, certhub-lego-run(1), certhub-message-format(1)