From c0fcf9b9bf0a5162cf75f2c5e588a70004321c8d Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 30 Jun 2016 17:37:41 +0200 Subject: Minor manpage fixes. --- lacme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lacme.md') diff --git a/lacme.md b/lacme.md index b7a7f49..ebf54d2 100644 --- a/lacme.md +++ b/lacme.md @@ -117,7 +117,7 @@ Generic options *socket* option of the [`[client]` section](#client-section) of the configuration file. -`-?`, `--help` +`-h`, `--help` : Display a brief help and exit. @@ -282,7 +282,7 @@ Valid options are: following command can be used to generate a new 4096-bits RSA key in PEM format with mode 0600: - openssl genrsa 4096 | install -m0600 /dev/stdin /path/to/priv.key + openssl genrsa 4096 | install -m0600 /dev/stdin /path/to/srv.key *min-days* -- cgit v1.2.3 From 880b0f357bbc48589db0de8b9800956801fbe35e Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 10 Oct 2016 13:30:38 +0200 Subject: Manpage: update Subscriber Agreement URL to v1.1.1. Cf. https://letsencrypt.org/repository/ . --- lacme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lacme.md') diff --git a/lacme.md b/lacme.md index ebf54d2..f29f24f 100644 --- a/lacme.md +++ b/lacme.md @@ -339,7 +339,7 @@ Examples ======== ~$ sudo lacme new-reg mailto:noreply@example.com - ~$ sudo lacme reg=/acme/reg/137760 --agreement-uri=https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf + ~$ sudo lacme reg=/acme/reg/137760 --agreement-uri=https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf ~$ sudo lacme new-cert ~$ sudo lacme revoke-cert /path/to/server/certificate.pem -- cgit v1.2.3 From 27788fd4a399642eddbdb1934ccaa13f7fd00124 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 1 Dec 2016 00:16:18 +0100 Subject: Make lacme able to spawn lacme-accountd. --- lacme.md | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) (limited to 'lacme.md') diff --git a/lacme.md b/lacme.md index f29f24f..93f348c 100644 --- a/lacme.md +++ b/lacme.md @@ -26,7 +26,9 @@ with its own executable: the [ACME] client.) One can use the UNIX-domain socket forwarding facility of OpenSSH 6.7 and later to run [`lacme-accountd`(1)] and `lacme` on different - hosts. + hosts. Alternatively, the [`lacme-accountd`(1)] process can be + spawned by the “master” `lacme` process below; the communication + between the two then goes through a socket pair. 2. A “master” `lacme` process, which runs as root and is the only component with access to the private key material of the server @@ -249,6 +251,44 @@ This section is used for configuring the [ACME] webserver. automatically removed once `lacme` exits. Default: `Yes`. +`[accountd]` section +--------------------- + +This section is used for configuring the [`lacme-accountd`(1)] process. +If the section (including its header) is absent or commented out, +`lacme` connects to an existing UNIX-domain socket bound by a running +[`lacme-accountd`(1)]. + +*user* + +: The username to drop privileges to (setting both effective and real + uid). Preserve root privileges if the value is empty. + +*group* + +: The groupname to drop privileges to (setting both effective and real + gid, and also setting the list of supplementary gids to that single + group). + +*command* + +: Path to the [`lacme-accountd`(1)] executable. + Default: `/usr/bin/lacme-accountd`. + +*config* + +: Path to the [`lacme-accountd`(1)] configuration file. + Default: `/etc/lacme/lacme-accountd.conf`. + +*privkey* + +: The (private) account key to use for signing requests. See + [`lacme-accountd`(1)] for details. + +*quiet* + +: Be quiet. Possible values: `Yes`/`No`. + Certificate configuration file ============================== -- cgit v1.2.3 From 458acba80be362c9f59e976a62b9749a7809c4aa Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 1 Dec 2016 00:19:11 +0100 Subject: wibble --- lacme.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lacme.md') diff --git a/lacme.md b/lacme.md index 93f348c..550aa49 100644 --- a/lacme.md +++ b/lacme.md @@ -27,8 +27,8 @@ with its own executable: One can use the UNIX-domain socket forwarding facility of OpenSSH 6.7 and later to run [`lacme-accountd`(1)] and `lacme` on different hosts. Alternatively, the [`lacme-accountd`(1)] process can be - spawned by the “master” `lacme` process below; the communication - between the two then goes through a socket pair. + spawned by the “master” `lacme` process below; in that case, the + two processes communicate through a socket pair. 2. A “master” `lacme` process, which runs as root and is the only component with access to the private key material of the server @@ -257,7 +257,7 @@ This section is used for configuring the [ACME] webserver. This section is used for configuring the [`lacme-accountd`(1)] process. If the section (including its header) is absent or commented out, `lacme` connects to an existing UNIX-domain socket bound by a running -[`lacme-accountd`(1)]. +[`lacme-accountd`(1)] process. *user* -- cgit v1.2.3 From e33088685aa300b903cb4216585a108d1f638ce4 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 1 Dec 2016 00:21:03 +0100 Subject: wibble --- lacme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lacme.md') diff --git a/lacme.md b/lacme.md index 550aa49..ea744b0 100644 --- a/lacme.md +++ b/lacme.md @@ -268,7 +268,7 @@ If the section (including its header) is absent or commented out, : The groupname to drop privileges to (setting both effective and real gid, and also setting the list of supplementary gids to that single - group). + group). Preserve root privileges if the value is empty. *command* -- cgit v1.2.3 From 844edd3dd60590bafcaa863eedb6cda94a0e07a3 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 1 Dec 2016 00:37:52 +0100 Subject: lacme: add an option --quiet to avoid mentioning valid certs. --- lacme.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lacme.md') diff --git a/lacme.md b/lacme.md index ea744b0..b086fe7 100644 --- a/lacme.md +++ b/lacme.md @@ -123,6 +123,10 @@ Generic options : Display a brief help and exit. +`-q`, `--quiet` + +: Be quiet. + `--debug` : Turn on debug mode. -- cgit v1.2.3