diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2017-06-29 09:44:43 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2017-06-29 09:44:43 +0200 |
| commit | 73ac1dd0d4d47905e8a407bcb1bf2ac494c34c86 (patch) | |
| tree | edbd09f00dfe31bfa131d2e9d515ec842a5ce619 /lacme.md | |
| parent | 8fd46f8f562345bb6c26b3eb8307994378732b94 (diff) | |
Improve docs.
Diffstat (limited to 'lacme.md')
| -rw-r--r-- | lacme.md | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -224,7 +224,7 @@ of [ACME] commands and dialogues with the remote [ACME] server). --------------------- This section is used to configure how [ACME] challenge responses are -served. +served during certificate issuance. *listen* @@ -232,6 +232,12 @@ served. addresses are of the form `IPV4:PORT`, `[IPV6]:PORT` (where the `:PORT` suffix is optional and defaults to the HTTP port 80), or an absolute path of a UNIX-domain socket (created with mode `0666`). + Since the webserver component listens to a UNIX-domain socket by + default, it is only suitable when an external HTTP daemon is + publicly reachable and passes all ACME challenge requests to that + socket; if that's not the case, one needs to set *listen* to `[::]` + (or `0.0.0.0 [::]` when dual stack IPv4/IPv6 is disabled or + unavailable), and possibly also set *iptables* to `Yes`. Default: `/var/run/lacme.socket`. *challenge-directory* |