LeGo CertHub
LeGo CertHub
InstallConfigureServer UsageClient UsageDownloadAuthorSource


LeGo Certhub has a config.yaml file to set various operational parameters. This page details each parameter's name and functionality. A lot of similar information is contained with in the config.default.yaml.


hostname sets the name of the host that LeGo will bind to. This should be a hostname and not an ip address due to ssl needs, but an ip address will technically work to get the server started.

https_port & http_port

These ports specify the port number to bind the LeGo server to. This is both the API backend as well as the frontend (if the backend is serving the frontend).


If this is true, when the server is running on https, an additional server will be started on http to redirect to https.


Self-explanatory log level. This applies to both console and file logging.


If true, LeGo server will also host the frontend. That is, on the API endpoint server there will be a path /app that will serve the UI. Generally this should be true unless you are doing advanced configuration.

private_key_name & certificate_name

These define the key and certificate pair names that LeGo will use to run in https mode.


Enabled debug logging and some other minor tweaks to how the server operates. Generally only use this if you are trying to troubleshoot something. Do not leave this on in production.


This section contains options the change how automatic refreshing of certificates functions.


Generally should always be true. This makes the server automatically place new orders when old orders are aging out.


The number of remaining valid days on a certificate before the server places a new order for that certificate.

refresh_time_hour & refresh_time_minute

The time the daily refresh task should run.


This section contains options relating to how challenges are solved.

dns_checker: dns_services: primary_ip & secondary_ip

This array defines the DNS servers that LeGo will use to check for DNS propagation when using a dns challenge solving method. Only a primary_ip is necessary but if a particular provider has a secondary that can also be specified.


This section has various options to configure different providers. See the config.default.yaml for more details.