diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-14 17:01:17 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-14 20:04:40 +0100 |
commit | a903ea92dd736c560d21fe45063d4914765fa173 (patch) | |
tree | ca4f7e352cc01d1f05b63df20e4eb142f98e28ca /lacme.8.md | |
parent | 9dfb2cde7baf686113e49266c28940c8a564c1ca (diff) |
challenge-directory now needs to be set to an *existing* directory.
Since lacme(8) spawns a builtin webserver by default the change doesn't
affect default configurations.
See https://bugs.debian.org/970800 for the rationale.
Diffstat (limited to 'lacme.8.md')
-rw-r--r-- | lacme.8.md | 16 |
1 files changed, 7 insertions, 9 deletions
@@ -238,16 +238,13 @@ served during certificate issuance. *challenge-directory* -: Specify a non-existent directory under which an external HTTP daemon - is configured to serve `GET` requests for challenge files under - `/.well-known/acme-challenge/` (for each virtual host requiring - authorization) as static files. - This option is required when *listen* is empty. - -*hard-copy-challenge-directory* +: Directory under which an external HTTP daemon is configured to serve `GET` + requests for challenge files under `/.well-known/acme-challenge/` (for + each virtual host requiring authorization) as static files. + `lacme` _must_ exist beforehand, _must_ be empty, and be writable by the + lacme client user (by default @@lacme_client_user@@). -: Do not symlink the challenge-directory, but copy the challenge-files - explictly. + This option is required when *listen* is empty. *user* @@ -275,6 +272,7 @@ served during certificate issuance. : Whether to automatically install temporary [`iptables`(8)] rules to open the `ADDRESS[:PORT]` specified with *listen*. The rules are automatically removed once `lacme` exits. + This option is ignored when *challenge-directory* is set. Default: `No`. `[accountd]` section |