diff options
Diffstat (limited to 'lacme.md')
| -rw-r--r-- | lacme.md | 17 |
1 files changed, 15 insertions, 2 deletions
@@ -223,7 +223,8 @@ of [ACME] commands and dialogues with the remote [ACME] server). `[webserver]` section --------------------- -This section is used for configuring the [ACME] webserver. +This section is used to configure how [ACME] challenge responses are +served during certificate issuance. *listen* @@ -233,6 +234,16 @@ This section is used for configuring the [ACME] webserver. absolute path of a UNIX-domain socket (created with mode `0666`). Default: `/var/run/lacme.socket`. + **Note**: The default value is only suitable when an external HTTP + daemon is publicly reachable and passes all ACME challenge requests + to the webserver component through the UNIX-domain socket + `/var/run/lacme.socket` (for instance using the provided + `/etc/lacme/apache2.conf` or `/etc/lacme/nginx.conf` configuration + snippets for each virtual host requiring authorization). If there + is no HTTP daemon bound to port 80 one needs to set *listen* to + `[::]` (or `0.0.0.0 [::]` when dual IPv4/IPv6 stack is disabled or + unavailable), and possibly also set *iptables* to `Yes`. + *challenge-directory* : Specify a non-existent directory under which an external HTTP daemon @@ -258,7 +269,9 @@ This section is used for configuring the [ACME] webserver. *command* -: Path to the [ACME] webserver executable. +: Path to the [ACME] webserver executable. A separate process is + spawned for each address to *listen* on. (In particular no + webserver process is forked when the *listen* option is empty.) Default: `/usr/lib/lacme/webserver`. *iptables* |