config.ini.example

[serles]
# Hostname for Flask url generation (without scheme, with port)
server_name = localhost

# Database to use, given as a URI understood by SQLAlchemy.
# Note: The database stores the Account id-to-key mapping. Some clients (e.g.
# certbot) will after registering assume their public key is known to Serles
# and only identify themselves through their account id. Hence, the database
# should be persistent. All other data can be ephemeral, and is purged by
# Serles regularly (/// is relative path, //// absolute. yes, really.).
# If you don't care about account keys, and given that you are running only 1
# process and 1 thread, you can use an in-memory database by setting it to
# "sqlite:///:memory:".
database = sqlite:////etc/serles/db.sqlite
# Mariadb is also supported, but you will need to install pymysql from pypi.
#database = mysql+pymysql://user:passwd@localhost/db_acmeproxy

# <module>[:<classname>] of the backend to load. if classname is not given,
# defaults to Backend. supports relative imports.
backend = serles.backends.dane:DaneBackend

# if you only want to issue certificates for a few subnets, define them in CIDR
# notation here (newline-seperated):
allowedServerIpRanges =
	::1/128
	127.0.0.0/8
	10.0.0.0/8
excludeServerIpRanges =
	127.0.0.2/32

# if allowedServerIpRanges are set, whether to also verify that a correct PTR
# record exists:
verifyPTR = false

# if the CSR does not set a Subject Name, fill it in with this template (you
# can use the special variable {SAN} to access subjectAltName.dnsName values
# and {MAIL} to access the requesting user's email address):
subjectNameTemplate = {SAN[0]}

# if set to true, ignore DN from CSR and always create it from the
# subjectNameTemplate above:
forceTemplateDN = true

# if set, HTTP challenge isn't verified for ownership
skip_challenge = false

[sendgrid]
api_key = api-key
template_id = template-id
asm_group_id = 0 # unsubscribe group id
from_name = From Name
from_email = from@email.co