diff options
| -rw-r--r-- | lacme.md | 14 |
1 files changed, 9 insertions, 5 deletions
@@ -234,12 +234,15 @@ served during certificate issuance. absolute path of a UNIX-domain socket (created with mode `0666`). Default: `/var/run/lacme.socket`. - Note: The default value is only suitable when an external HTTP + **Note**: The default value is only suitable when an external HTTP daemon is publicly reachable and passes all ACME challenge requests to the webserver component through the UNIX-domain socket - `/var/run/lacme.socket`; if that's not the case, one needs to set - *listen* to `[::]` (or `0.0.0.0 [::]` when dual IPv4/IPv6 stack is - disabled or unavailable), and possibly also set *iptables* to `Yes`. + `/var/run/lacme.socket` (for instance using the provided + `/etc/lacme/apache2.conf` or `/etc/lacme/nginx.conf` configuration + snippets for each virtual host requiring authorization). If there + is no HTTP daemon bound to port 80 one needs to set *listen* to + `[::]` (or `0.0.0.0 [::]` when dual IPv4/IPv6 stack is disabled or + unavailable), and possibly also set *iptables* to `Yes`. *challenge-directory* @@ -267,7 +270,8 @@ served during certificate issuance. *command* : Path to the [ACME] webserver executable. A separate process is - spawned for each address to *listen* on. + spawned for each address to *listen* on. (In particular no + webserver process is forked when the *listen* option is empty.) Default: `/usr/lib/lacme/webserver`. *iptables* |