diff options
| -rw-r--r-- | config/lacme-certs.conf | 6 | ||||
| -rw-r--r-- | config/lacme.conf | 2 | ||||
| -rw-r--r-- | lacme-accountd.1.md | 4 | ||||
| -rw-r--r-- | lacme.8.md | 26 |
4 files changed, 19 insertions, 19 deletions
diff --git a/config/lacme-certs.conf b/config/lacme-certs.conf index 91c2b3d..5259690 100644 --- a/config/lacme-certs.conf +++ b/config/lacme-certs.conf @@ -1,5 +1,5 @@ # Each non-default section refer to separate certificate issuance -# requests. Options in the default section apply to each sections. +# requests. Settings in the default section apply to each sections. # Message digest to sign the Certificate Signing Request with, # overriding the req(1ssl) default. @@ -27,7 +27,7 @@ #[www] -# Path the service's private key. This option is required. +# Path the service's private key. This setting is required. # #certificate-key = /etc/nginx/ssl/srv.key @@ -40,7 +40,7 @@ # #certificate-chain = /etc/nginx/ssl/srv.chain.crt -# Subject field of the Certificate Signing Request. This option is +# Subject field of the Certificate Signing Request. This setting is # required. # #subject = /CN=example.org diff --git a/config/lacme.conf b/config/lacme.conf index a6cb9c7..98ecacb 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -12,7 +12,7 @@ # other users, or if its parent directory is writable by other users. # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment # variable is set. -# This option is ignored when lacme-accountd(1) is spawned by lacme(8), +# This setting is ignored when lacme-accountd(1) is spawned by lacme(8), # since the two processes communicate through a socket pair. See the # "accountd" section below for details. # diff --git a/lacme-accountd.1.md b/lacme-accountd.1.md index 9377e23..cd6352c 100644 --- a/lacme-accountd.1.md +++ b/lacme-accountd.1.md @@ -94,11 +94,11 @@ environment variable is not set), and When given on the command line, the `--privkey=`, `--socket=` and `--quiet` options take precedence over their counterpart (without -leading `--`) in the configuration file. Valid options are: +leading `--`) in the configuration file. Valid settings are: *privkey* -: See `--privkey=`. This option is required when `--privkey=` is not +: See `--privkey=`. This setting is required when `--privkey=` is not specified on the command line. *gpg* @@ -37,9 +37,9 @@ with its own executable: For certificate issuances (`newOrder` command), it also generates Certificate Signing Requests, then verifies the validity of the issued certificate, and optionally reloads or restarts services when - the *notify* option is set. + the *notify* setting is set. - 3. An actual [ACME] client (specified with the *command* option of the + 3. An actual [ACME] client (specified with the *command* setting of the [`[client]` section](#client-section) of the configuration file), which builds [ACME] commands and dialogues with the remote [ACME] server. @@ -49,7 +49,7 @@ with its own executable: requested by writing the data to be signed to the socket. 4. For certificate issuances (`newOrder` command), an optional - webserver (specified with the *command* option of the [`[webserver]` + webserver (specified with the *command* setting of the [`[webserver]` section](#webserver-section) of the configuration file), which is spawned by the “master” `lacme`. (The only challenge type currently supported by `lacme` is `http-01`, which requires a webserver to @@ -95,8 +95,8 @@ Commands account key or the server's private key. Command alias: `revoke-cert`. -Generic options -=============== +Generic settings +================ `--config=`*filename* @@ -110,7 +110,7 @@ Generic options connect to for signature requests from the [ACME] client. `lacme` aborts if `path` is readable or writable by other users, or if its parent directory is writable by other users. - This command-line option overrides the *socket* option of the + This command-line option overrides the *socket* setting of the [`[client]` section](#client-section) of the configuration file; it also causes the [`[accountd]` section](#accountd-section) to be ignored. @@ -134,7 +134,7 @@ If `--config=` is not given, `lacme` uses the first existing configuration file among *$XDG_CONFIG_HOME/lacme/lacme.conf* (or *~/.config/lacme/lacme.conf* if the `XDG_CONFIG_HOME` environment variable is not set), and *@@sysconfdir@@/lacme/lacme.conf*. -Valid options are: +Valid settings are: Default section --------------- @@ -247,7 +247,7 @@ served during certificate issuance. lacme client user (by default `@@lacme_client_user@@`) needs to be able to create files under it. - This option is required when *listen* is empty. + This setting is required when *listen* is empty. *user* @@ -270,7 +270,7 @@ served during certificate issuance. argument etc. (Note that `lacme` might append more arguments when executing the command internally.) A separate process is spawned for each address to *listen* on. (In - particular no webserver process is forked when the *listen* option + particular no webserver process is forked when the *listen* setting is empty.) Default: `@@libexecdir@@/lacme/webserver`. @@ -279,7 +279,7 @@ served during certificate issuance. : Whether to automatically install temporary [`iptables`(8)] rules to open the `ADDRESS[:PORT]` specified with *listen*. The rules are automatically removed once `lacme` exits. - This option is ignored when *challenge-directory* is set. + This setting is ignored when *challenge-directory* is set. Default: `No`. `[accountd]` section @@ -327,7 +327,7 @@ For certificate issuances (`newOrder` command), a separate file is used to configure paths to the certificate and key, as well as the subject, subjectAltName, etc. to generate Certificate Signing Requests. Each section denotes a separate certificate issuance. -Valid options are: +Valid settings are: *certificate* @@ -342,7 +342,7 @@ Valid options are: *certificate-key* -: Path to the service's private key. This option is required. The +: Path to the service's private key. This setting is required. The [`genpkey`(1ssl)] command can be used to generate a new service RSA key: @@ -377,7 +377,7 @@ Valid options are: *subject* : Subject field of the Certificate Signing Request, in the form - `/type0=value0/type1=value1/type2=…`. This option is required. + `/type0=value0/type1=value1/type2=…`. This setting is required. *subjectAltName* |