aboutsummaryrefslogtreecommitdiffstats
path: root/lacme.md
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2017-06-29 09:49:05 +0200
committerGuilhem Moulin <guilhem@fripost.org>2017-06-29 09:49:05 +0200
commit7da82bf4ce1d40b730c4ace0817ccbcb862221ee (patch)
treec7cdc4977e2ae8e6f9d7c48c3f583d18b9e890fd /lacme.md
parent73ac1dd0d4d47905e8a407bcb1bf2ac494c34c86 (diff)
wibble
Diffstat (limited to 'lacme.md')
-rw-r--r--lacme.md13
1 files changed, 7 insertions, 6 deletions
diff --git a/lacme.md b/lacme.md
index 3ba4a44..d2a3b46 100644
--- a/lacme.md
+++ b/lacme.md
@@ -232,14 +232,15 @@ served during certificate issuance.
addresses are of the form `IPV4:PORT`, `[IPV6]:PORT` (where the
`:PORT` suffix is optional and defaults to the HTTP port 80), or an
absolute path of a UNIX-domain socket (created with mode `0666`).
- Since the webserver component listens to a UNIX-domain socket by
- default, it is only suitable when an external HTTP daemon is
- publicly reachable and passes all ACME challenge requests to that
- socket; if that's not the case, one needs to set *listen* to `[::]`
- (or `0.0.0.0 [::]` when dual stack IPv4/IPv6 is disabled or
- unavailable), and possibly also set *iptables* to `Yes`.
Default: `/var/run/lacme.socket`.
+ Note: The default value is only suitable when an external HTTP
+ daemon is publicly reachable and passes all ACME challenge requests
+ to the webserver component through the UNIX-domain socket
+ `/var/run/lacme.socket`; if that's not the case, one needs to set
+ *listen* to `[::]` (or `0.0.0.0 [::]` when dual stack IPv4/IPv6 is
+ disabled or unavailable), and possibly also set *iptables* to `Yes`.
+
*challenge-directory*
: Specify a non-existent directory under which an external HTTP daemon