diff options
Diffstat (limited to 'lacme.8.md')
-rw-r--r-- | lacme.8.md | 26 |
1 files changed, 13 insertions, 13 deletions
@@ -37,9 +37,9 @@ with its own executable: For certificate issuances (`newOrder` command), it also generates Certificate Signing Requests, then verifies the validity of the issued certificate, and optionally reloads or restarts services when - the *notify* option is set. + the *notify* setting is set. - 3. An actual [ACME] client (specified with the *command* option of the + 3. An actual [ACME] client (specified with the *command* setting of the [`[client]` section](#client-section) of the configuration file), which builds [ACME] commands and dialogues with the remote [ACME] server. @@ -49,7 +49,7 @@ with its own executable: requested by writing the data to be signed to the socket. 4. For certificate issuances (`newOrder` command), an optional - webserver (specified with the *command* option of the [`[webserver]` + webserver (specified with the *command* setting of the [`[webserver]` section](#webserver-section) of the configuration file), which is spawned by the “master” `lacme`. (The only challenge type currently supported by `lacme` is `http-01`, which requires a webserver to @@ -95,8 +95,8 @@ Commands account key or the server's private key. Command alias: `revoke-cert`. -Generic options -=============== +Generic settings +================ `--config=`*filename* @@ -110,7 +110,7 @@ Generic options connect to for signature requests from the [ACME] client. `lacme` aborts if `path` is readable or writable by other users, or if its parent directory is writable by other users. - This command-line option overrides the *socket* option of the + This command-line option overrides the *socket* setting of the [`[client]` section](#client-section) of the configuration file; it also causes the [`[accountd]` section](#accountd-section) to be ignored. @@ -134,7 +134,7 @@ If `--config=` is not given, `lacme` uses the first existing configuration file among *$XDG_CONFIG_HOME/lacme/lacme.conf* (or *~/.config/lacme/lacme.conf* if the `XDG_CONFIG_HOME` environment variable is not set), and *@@sysconfdir@@/lacme/lacme.conf*. -Valid options are: +Valid settings are: Default section --------------- @@ -247,7 +247,7 @@ served during certificate issuance. lacme client user (by default `@@lacme_client_user@@`) needs to be able to create files under it. - This option is required when *listen* is empty. + This setting is required when *listen* is empty. *user* @@ -270,7 +270,7 @@ served during certificate issuance. argument etc. (Note that `lacme` might append more arguments when executing the command internally.) A separate process is spawned for each address to *listen* on. (In - particular no webserver process is forked when the *listen* option + particular no webserver process is forked when the *listen* setting is empty.) Default: `@@libexecdir@@/lacme/webserver`. @@ -279,7 +279,7 @@ served during certificate issuance. : Whether to automatically install temporary [`iptables`(8)] rules to open the `ADDRESS[:PORT]` specified with *listen*. The rules are automatically removed once `lacme` exits. - This option is ignored when *challenge-directory* is set. + This setting is ignored when *challenge-directory* is set. Default: `No`. `[accountd]` section @@ -327,7 +327,7 @@ For certificate issuances (`newOrder` command), a separate file is used to configure paths to the certificate and key, as well as the subject, subjectAltName, etc. to generate Certificate Signing Requests. Each section denotes a separate certificate issuance. -Valid options are: +Valid settings are: *certificate* @@ -342,7 +342,7 @@ Valid options are: *certificate-key* -: Path to the service's private key. This option is required. The +: Path to the service's private key. This setting is required. The [`genpkey`(1ssl)] command can be used to generate a new service RSA key: @@ -377,7 +377,7 @@ Valid options are: *subject* : Subject field of the Certificate Signing Request, in the form - `/type0=value0/type1=value1/type2=…`. This option is required. + `/type0=value0/type1=value1/type2=…`. This setting is required. *subjectAltName* |