Configure SSLMate (for advanced users)
The sslmate command is configured by the global config file,
/etc/sslmate.conf, as well as your personal config file,
.sslmate in your home directory. Options in your personal config file override options in the global config file.
SSLMate config files contain one configuration option per line of the form
NAME VALUE. Blank lines and lines starting with
# are ignored.
The options are:
api_key– your API key, which can be found on your account page. This option is automatically set when you run
cert_directory– the directories where SSLMate places keys and certificates. When running as root, the default is
/etc/sslmate. When running as non-root, the default is the current working directory.
cert_format.NAME– enable (by setting to "yes") or disable (by setting to "no") the given certificate format, where NAME is one of the following formats:
chained– a concatenation of the certificate and intermediate certificate chain, in PEM encoding. (Enabled by default.)
combined– a concatenation of the private key, certificate, and intermediate certificate chain, in PEM encoding.
p12– a PKCS#12 (also known as PFX) file containing the private key, certificate, and intermediate certificate chain. The password for the file is
jks– a Java keystore file containing the private key, certificate, and intermediate certificate chain. The password for the file is
root– the root certificate, in PEM encoding.
chain+root– the intermediate certificate chain, including the root certificate, in PEM encoding.
wildcard_filename– when creating files for wildcard certificates, use the specified prefix in the filename instead of a * character.
key_type– the type of key to generate by default when buying or reissuing a certificate ("rsa" or "ecdsa"). You should leave this set to the default (RSA) unless you know what you are doing. Consult the
sslmate(1)man page for more information.
api_endpoint– the URL to the SSLMate API endpoint. You only need to set this option if you are using the sandbox.
Example Config File
# This is a comment. api_key 131_4Hhw7TekU2LwhglRdHHm # Also create PKCS#12 and "combined" files: cert_format.p12 yes cert_format.combined yes # Use "wildcard" instead of "*" in wildcard cert filenames: wildcard_filename wildcard
You can specify a non-default configuration profile by passing the
--profile=PROFILE flag to
sslmate. If this flag is specified, the string
-PROFILE is appended to the paths of the configuration file and default key and certificate directories.
For example, if
--profile=company is used, the global configuration
/etc/sslmate-company.conf and the default certificate
/etc/sslmate-company, instead of
Configuration profiles are intended for those who need to use several different SSLMate accounts on a single server, since each configuration file can contain distinct SSLMate API credentials.
Alternative Config Location
By default, your personal config file is read from
To change the location of your personal config file, set the
A Note About Cron
sslmate is invoked by cron, your personal config
file will not be read if cron does not set the
environment variable. To avoid problems, only use the global config
file, or explicitly set
$SSLMATE_CONFIG when running