From a903ea92dd736c560d21fe45063d4914765fa173 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 14 Feb 2021 17:01:17 +0100
Subject: challenge-directory now needs to be set to an *existing* directory.

Since lacme(8) spawns a builtin webserver by default the change doesn't
affect default configurations.

See https://bugs.debian.org/970800 for the rationale.
---
 lacme.8.md | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

(limited to 'lacme.8.md')

diff --git a/lacme.8.md b/lacme.8.md
index 404180c..76cdd0d 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -238,16 +238,13 @@ served during certificate issuance.
 
 *challenge-directory*
 
-:   Specify a non-existent directory under which an external HTTP daemon
-    is configured to serve `GET` requests for challenge files under
-    `/.well-known/acme-challenge/` (for each virtual host requiring
-    authorization) as static files.
-    This option is required when *listen* is empty.
-
-*hard-copy-challenge-directory*
+:   Directory under which an external HTTP daemon is configured to serve `GET`
+    requests for challenge files under `/.well-known/acme-challenge/` (for
+    each virtual host requiring authorization) as static files.
+    `lacme` _must_ exist beforehand, _must_ be empty, and be writable by the
+    lacme client user (by default @@lacme_client_user@@).
 
-:   Do not symlink the challenge-directory, but copy the challenge-files
-    explictly.
+    This option is required when *listen* is empty.
 
 *user*
 
@@ -275,6 +272,7 @@ served during certificate issuance.
 :   Whether to automatically install temporary [`iptables`(8)] rules to
     open the `ADDRESS[:PORT]` specified with *listen*.  The rules are
     automatically removed once `lacme` exits.
+    This option is ignored when *challenge-directory* is set.
     Default: `No`.
 
 `[accountd]` section
-- 
cgit v1.2.3