From a903ea92dd736c560d21fe45063d4914765fa173 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 14 Feb 2021 17:01:17 +0100
Subject: challenge-directory now needs to be set to an *existing* directory.

Since lacme(8) spawns a builtin webserver by default the change doesn't
affect default configurations.

See https://bugs.debian.org/970800 for the rationale.
---
 config/lacme.conf | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

(limited to 'config')

diff --git a/config/lacme.conf b/config/lacme.conf
index 2955984..4c7dc86 100644
--- a/config/lacme.conf
+++ b/config/lacme.conf
@@ -64,17 +64,14 @@
 #
 #listen = @@runstatedir@@/lacme-www.socket
 
-# Non-existent directory under which an external HTTP daemon is
-# configured to serve GET requests for challenge files under
-# "/.well-known/acme-challenge/" (for each virtual host requiring
-# authorization) as static files.
+# Directory under which an external HTTP daemon is configured to serve
+# GET requests for challenge files under "/.well-known/acme-challenge/"
+# (for each virtual host requiring authorization) as static files.
+# NOTE: the directory must exist and be writable by the lacme client
+# user.
 #
 #challenge-directory =
 
-# Do not symlink the challenge-directory, but copy the challenge-files
-# explictly.
-#hard-copy-challenge-directory = No
-
 # username to drop privileges to (setting both effective and real uid).
 # Skip privilege drop if the value is empty (not recommended).
 #
-- 
cgit v1.2.3