aboutsummaryrefslogtreecommitdiffstats
path: root/lacme-accountd.1.md
diff options
context:
space:
mode:
Diffstat (limited to 'lacme-accountd.1.md')
-rw-r--r--lacme-accountd.1.md18
1 files changed, 16 insertions, 2 deletions
diff --git a/lacme-accountd.1.md b/lacme-accountd.1.md
index d0b2c6b..4933a78 100644
--- a/lacme-accountd.1.md
+++ b/lacme-accountd.1.md
@@ -119,14 +119,28 @@ leading `--`) in the configuration file. Valid settings are:
[`gpg`(1)] to use, as well as some default options.
Default: `gpg --quiet`.
+*socket*
+
+: See `--socket=`.
+
*logfile*
: An optional file where to log to. The value is subject to
[%-specifier expansion](#percent-specifiers).
-*socket*
+*keyid*
-: See `--socket=`.
+: The "Key ID", as shown by `` `acme account` ``, to give the [ACME]
+ client. With an empty *keyid* (the default) the client forwards the
+ JSON Web Key (JWK) to the [ACME] server to retrieve the correct
+ value. A non-empty value therefore saves a round-trip.
+
+ A non-empty value also causes `lacme-accountd` to send an empty JWK,
+ thereby revoking all account management access (status change,
+ contact address updates etc.) from the client: any `` `acme account` ``
+ command (or any command from [`lacme`(8)] before version 0.8.0) is
+ bound to be rejected by the [ACME] server. This provides a
+ safeguard against malicious clients.
*quiet*
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 04:50:38 +0000