documentation: emphasize default values in the config file.

Also, move the most common options ('hash', 'keyUsage', 'CAfile',
'min-days') to the default section.

1 files changed, 9 insertions, 5 deletions

diff --git a/lacme.8.md b/lacme.8.md
index d98ec8e..5e32dcb 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -366,18 +366,21 @@ Valid options are:
 
 *CAfile*
 
-:   Path to trusted issuer certificates, used for validating each issued
-    certificate.  Specifying an empty values skips certificate validation.
+:   Path to the bundle of trusted issuer certificates.  This is used for
+    validating each certificate after issuance or renewal.  Specifying
+    an empty value skips certificate validation.
     Default: `@@datadir@@/lacme/ca-certificates.crt`.
 
 *hash*
 
-:   Message digest algorithm to sign the Certificate Signing Request
-    with.
+:   Message digest to sign the Certificate Signing Request with,
+    overriding the [`req`(1ssl)] default.
 
 *keyUsage*
 
-:   Comma-separated list of Key Usages, see [`x509v3_config`(5ssl)].
+:   Comma-separated list of Key Usages, for instance `digitalSignature,
+    keyEncipherment`, to include in the Certificate Signing Request.
+    See [`x509v3_config`(5ssl)] for a list of possible values.
 
 *subject*
 
@@ -425,3 +428,4 @@ See also
 [`ciphers`(1ssl)]: https://www.openssl.org/docs/manmaster/apps/ciphers.html
 [`x509v3_config`(5ssl)]: https://www.openssl.org/docs/manmaster/apps/x509v3_config.html
 [`genpkey`(1ssl)]: https://www.openssl.org/docs/manmaster/man1/openssl-genpkey.html
+[`req`(1ssl)]: https://www.openssl.org/docs/manmaster/man1/openssl-req.html