{
	"wfe": {
		"timeout": "30s",
		"serverCertificatePath": "test/certs/ipki/boulder/cert.pem",
		"serverKeyPath": "test/certs/ipki/boulder/key.pem",
		"allowOrigins": [
			"*"
		],
		"shutdownStopTimeout": "10s",
		"subscriberAgreementURL": "https://boulder.service.consul:4431/terms/v7",
		"directoryCAAIdentity": "happy-hacker-ca.invalid",
		"directoryWebsite": "https://github.com/letsencrypt/boulder",
		"legacyKeyIDPrefix": "http://boulder.service.consul:4000/reg/",
		"goodkey": {
			"blockedKeyFile": "test/example-blocked-keys.yaml"
		},
		"tls": {
			"caCertFile": "test/certs/ipki/minica.pem",
			"certFile": "test/certs/ipki/wfe.boulder/cert.pem",
			"keyFile": "test/certs/ipki/wfe.boulder/key.pem"
		},
		"raService": {
			"dnsAuthority": "consul.service.consul",
			"srvLookup": {
				"service": "ra",
				"domain": "service.consul"
			},
			"timeout": "15s",
			"noWaitForReady": true,
			"hostOverride": "ra.boulder"
		},
		"saService": {
			"dnsAuthority": "consul.service.consul",
			"srvLookup": {
				"service": "sa",
				"domain": "service.consul"
			},
			"timeout": "15s",
			"noWaitForReady": true,
			"hostOverride": "sa.boulder"
		},
		"accountCache": {
			"size": 9000,
			"ttl": "5s"
		},
		"getNonceService": {
			"dnsAuthority": "consul.service.consul",
			"srvLookup": {
				"service": "nonce-taro",
				"domain": "service.consul"
			},
			"timeout": "15s",
			"noWaitForReady": true,
			"hostOverride": "nonce.boulder"
		},
		"redeemNonceService": {
			"dnsAuthority": "consul.service.consul",
			"srvLookups": [
				{
					"service": "nonce-taro",
					"domain": "service.consul"
				},
				{
					"service": "nonce-zinc",
					"domain": "service.consul"
				}
			],
			"srvResolver": "nonce-srv",
			"timeout": "15s",
			"noWaitForReady": true,
			"hostOverride": "nonce.boulder"
		},
		"noncePrefixKey": {
			"passwordFile": "test/secrets/nonce_prefix_key"
		},
		"chains": [
			[
				"test/certs/webpki/int-rsa-a.cert.pem",
				"test/certs/webpki/root-rsa.cert.pem"
			],
			[
				"test/certs/webpki/int-rsa-b.cert.pem",
				"test/certs/webpki/root-rsa.cert.pem"
			],
			[
				"test/certs/webpki/int-ecdsa-a.cert.pem",
				"test/certs/webpki/root-ecdsa.cert.pem"
			],
			[
				"test/certs/webpki/int-ecdsa-b.cert.pem",
				"test/certs/webpki/root-ecdsa.cert.pem"
			],
			[
				"test/certs/webpki/int-ecdsa-a-cross.cert.pem",
				"test/certs/webpki/root-rsa.cert.pem"
			],
			[
				"test/certs/webpki/int-ecdsa-b-cross.cert.pem",
				"test/certs/webpki/root-rsa.cert.pem"
			]
		],
		"staleTimeout": "5m",
		"authorizationLifetimeDays": 30,
		"pendingAuthorizationLifetimeDays": 7,
		"limiter": {
			"redis": {
				"username": "boulder-wfe",
				"passwordFile": "test/secrets/wfe_ratelimits_redis_password",
				"lookups": [
					{
						"Service": "redisratelimits",
						"Domain": "service.consul"
					}
				],
				"lookupDNSAuthority": "consul.service.consul",
				"readTimeout": "250ms",
				"writeTimeout": "250ms",
				"poolSize": 100,
				"routeRandomly": true,
				"tls": {
					"caCertFile": "test/certs/ipki/minica.pem",
					"certFile": "test/certs/ipki/wfe.boulder/cert.pem",
					"keyFile": "test/certs/ipki/wfe.boulder/key.pem"
				}
			},
			"Defaults": "test/config-next/wfe2-ratelimit-defaults.yml",
			"Overrides": "test/config-next/wfe2-ratelimit-overrides.yml"
		},
		"features": {
			"ServeRenewalInfo": true,
			"TrackReplacementCertificatesARI": true
		},
		"certificateProfileNames": [
			"defaultBoulderCertificateProfile"
		]
	},
	"syslog": {
		"stdoutlevel": 4,
		"sysloglevel": -1
	},
	"openTelemetry": {
		"endpoint": "bjaeger:4317",
		"sampleratio": 1
	},
	"openTelemetryHttpConfig": {
		"trustIncomingSpans": true
	}
}