aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/lacme-certs.conf6
-rw-r--r--config/lacme.conf2
-rw-r--r--lacme-accountd.1.md4
-rw-r--r--lacme.8.md26
4 files changed, 19 insertions, 19 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf
index 91c2b3d..5259690 100644
--- a/config/lacme-certs.conf
+++ b/config/lacme-certs.conf
@@ -1,5 +1,5 @@
# Each non-default section refer to separate certificate issuance
-# requests. Options in the default section apply to each sections.
+# requests. Settings in the default section apply to each sections.
# Message digest to sign the Certificate Signing Request with,
# overriding the req(1ssl) default.
@@ -27,7 +27,7 @@
#[www]
-# Path the service's private key. This option is required.
+# Path the service's private key. This setting is required.
#
#certificate-key = /etc/nginx/ssl/srv.key
@@ -40,7 +40,7 @@
#
#certificate-chain = /etc/nginx/ssl/srv.chain.crt
-# Subject field of the Certificate Signing Request. This option is
+# Subject field of the Certificate Signing Request. This setting is
# required.
#
#subject = /CN=example.org
diff --git a/config/lacme.conf b/config/lacme.conf
index a6cb9c7..98ecacb 100644
--- a/config/lacme.conf
+++ b/config/lacme.conf
@@ -12,7 +12,7 @@
# other users, or if its parent directory is writable by other users.
# Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment
# variable is set.
-# This option is ignored when lacme-accountd(1) is spawned by lacme(8),
+# This setting is ignored when lacme-accountd(1) is spawned by lacme(8),
# since the two processes communicate through a socket pair. See the
# "accountd" section below for details.
#
diff --git a/lacme-accountd.1.md b/lacme-accountd.1.md
index 9377e23..cd6352c 100644
--- a/lacme-accountd.1.md
+++ b/lacme-accountd.1.md
@@ -94,11 +94,11 @@ environment variable is not set), and
When given on the command line, the `--privkey=`, `--socket=` and
`--quiet` options take precedence over their counterpart (without
-leading `--`) in the configuration file. Valid options are:
+leading `--`) in the configuration file. Valid settings are:
*privkey*
-: See `--privkey=`. This option is required when `--privkey=` is not
+: See `--privkey=`. This setting is required when `--privkey=` is not
specified on the command line.
*gpg*
diff --git a/lacme.8.md b/lacme.8.md
index 6218d36..4dfc67e 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -37,9 +37,9 @@ with its own executable:
For certificate issuances (`newOrder` command), it also generates
Certificate Signing Requests, then verifies the validity of the
issued certificate, and optionally reloads or restarts services when
- the *notify* option is set.
+ the *notify* setting is set.
- 3. An actual [ACME] client (specified with the *command* option of the
+ 3. An actual [ACME] client (specified with the *command* setting of the
[`[client]` section](#client-section) of the configuration file),
which builds [ACME] commands and dialogues with the remote [ACME]
server.
@@ -49,7 +49,7 @@ with its own executable:
requested by writing the data to be signed to the socket.
4. For certificate issuances (`newOrder` command), an optional
- webserver (specified with the *command* option of the [`[webserver]`
+ webserver (specified with the *command* setting of the [`[webserver]`
section](#webserver-section) of the configuration file), which is
spawned by the “master” `lacme`. (The only challenge type currently
supported by `lacme` is `http-01`, which requires a webserver to
@@ -95,8 +95,8 @@ Commands
account key or the server's private key.
Command alias: `revoke-cert`.
-Generic options
-===============
+Generic settings
+================
`--config=`*filename*
@@ -110,7 +110,7 @@ Generic options
connect to for signature requests from the [ACME] client. `lacme`
aborts if `path` is readable or writable by other users, or if its
parent directory is writable by other users.
- This command-line option overrides the *socket* option of the
+ This command-line option overrides the *socket* setting of the
[`[client]` section](#client-section) of the configuration file; it
also causes the [`[accountd]` section](#accountd-section) to be
ignored.
@@ -134,7 +134,7 @@ If `--config=` is not given, `lacme` uses the first existing
configuration file among *$XDG_CONFIG_HOME/lacme/lacme.conf* (or
*~/.config/lacme/lacme.conf* if the `XDG_CONFIG_HOME` environment
variable is not set), and *@@sysconfdir@@/lacme/lacme.conf*.
-Valid options are:
+Valid settings are:
Default section
---------------
@@ -247,7 +247,7 @@ served during certificate issuance.
lacme client user (by default `@@lacme_client_user@@`) needs to be
able to create files under it.
- This option is required when *listen* is empty.
+ This setting is required when *listen* is empty.
*user*
@@ -270,7 +270,7 @@ served during certificate issuance.
argument etc. (Note that `lacme` might append more arguments when
executing the command internally.)
A separate process is spawned for each address to *listen* on. (In
- particular no webserver process is forked when the *listen* option
+ particular no webserver process is forked when the *listen* setting
is empty.)
Default: `@@libexecdir@@/lacme/webserver`.
@@ -279,7 +279,7 @@ served during certificate issuance.
: Whether to automatically install temporary [`iptables`(8)] rules to
open the `ADDRESS[:PORT]` specified with *listen*. The rules are
automatically removed once `lacme` exits.
- This option is ignored when *challenge-directory* is set.
+ This setting is ignored when *challenge-directory* is set.
Default: `No`.
`[accountd]` section
@@ -327,7 +327,7 @@ For certificate issuances (`newOrder` command), a separate file is used
to configure paths to the certificate and key, as well as the subject,
subjectAltName, etc. to generate Certificate Signing Requests.
Each section denotes a separate certificate issuance.
-Valid options are:
+Valid settings are:
*certificate*
@@ -342,7 +342,7 @@ Valid options are:
*certificate-key*
-: Path to the service's private key. This option is required. The
+: Path to the service's private key. This setting is required. The
[`genpkey`(1ssl)] command can be used to generate a new service RSA
key:
@@ -377,7 +377,7 @@ Valid options are:
*subject*
: Subject field of the Certificate Signing Request, in the form
- `/type0=value0/type1=value1/type2=…`. This option is required.
+ `/type0=value0/type1=value1/type2=…`. This setting is required.
*subjectAltName*