From 8cf2403ee43b38983df7e2c9a5a7cc314025a979 Mon Sep 17 00:00:00 2001 From: Christophe Jaillet Date: Tue, 20 Mar 2018 20:27:40 +0000 Subject: Improve highlight and fix a few typo. Mostly some missing and git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1827353 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_md.xml | 51 +++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/docs/manual/mod/mod_md.xml b/docs/manual/mod/mod_md.xml index afdc6052e9..e93645a2bb 100644 --- a/docs/manual/mod/mod_md.xml +++ b/docs/manual/mod/mod_md.xml @@ -67,7 +67,7 @@ MDomain example.org to request a certificate for the domain. If Let's Encrypt can verify the ownership of the domain, the module will retrieve the certificate and its chain, store it in the local file system (see MDStoreDir) - and provide it, on next restart, to mod_ssl. + and provide it, on next restart, to mod_ssl.

This happens while the server is already running. All other hosts will continue to work as before. While a certificate is not available, requests for the managed @@ -112,7 +112,7 @@ MDomain example.org

All the names in the list are managed as one Managed Domain (MD). - mod_md will request one single certificate that is valid for all these names. This + mod_md will request one single certificate that is valid for all these names. This directive uses the global settings (see other MD directives below). If you need specific settings for one MD, use the MDomainSet. @@ -183,7 +183,7 @@ MDomain example2.org auto In this example, the domain 'www.example.org' is automatically added to the MD 'example.org'. Similarly for 'example2.org' where 'auto' is configured explicitly. Whenever you add more ServerAlias names to this - virtual host, they will be added as well to the Manged Domain. + virtual host, they will be added as well to the Managed Domain.

If you prefer to explicitly declare all the domain names, use 'manual' mode. An error will be logged if the names do not match with the expected ones. @@ -224,7 +224,7 @@ MDomain example2.org auto MDCertificateAgreement The URL of the Terms-of-Service document, that the CA server requires you to accept. - MDCertificateAgreement url-of-terms-of-service + MDCertificateAgreement url-of-terms-of-service server config @@ -247,7 +247,7 @@ MDomain example.org www.example.org mail.example.org MDCertificateAuthority The URL of the ACME Certificate Authority service. - MDCertificateAuthority url + MDCertificateAuthority url MDCertificateAuthority https://acme-v01.api.letsencrypt.org/directory server config @@ -273,7 +273,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15- MDCertificateProtocol The protocol to use with the Certificate Authority. - MDCertificateProtocol protocol + MDCertificateProtocol protocol MDCertificateProtocol ACME server config @@ -300,7 +300,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15- renew it.

In 'manual' mode, it is your duty to do all this. The module will provide the existing - certificate to mod_ssl, if available. But it will not contact the CA for signup/renewal. + certificate to mod_ssl, if available. But it will not contact the CA for signup/renewal. This can be useful in clustered setups where you want just one node to perform the driving.

@@ -313,7 +313,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15- MDHttpProxy Define a proxy for outgoing connections. - MDHttpProxy url + MDHttpProxy url server config @@ -327,14 +327,14 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15- MDMember Additional hostname for the managed domain. - MDMember hostname + MDMember hostname server config

Instead of listing all dns names on the same line, you may use - MDMember to add such names + MDMember to add such names to a managed domain.

Example @@ -382,7 +382,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-

Defines if newly requested certificate should have the OCSP Must Staple flag set or not. If a certificate has this flag, the server is required to send a OCSP stapling response to every client. This only works if you configure - mod_ssl to generate this (see SSLUseStapling + mod_ssl to generate this (see SSLUseStapling and friends).

@@ -391,7 +391,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15- MDNotifyCmd Run a program when Managed Domain are ready. - MDNotifyCmd path + MDNotifyCmd path server config @@ -407,14 +407,14 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15- MDPortMap Map external to internal ports for domain ownership verification. - MDPortMap map1 [ map2 ] + MDPortMap map1 [ map2 ] MDPortMap 80:80 443:443 server config

- The ACME protocol provides two method to verify domain ownership: one that uses + The ACME protocol provides two methods to verify domain ownership: one that uses port 80 and one for port 443. If your server is not reachable by at least one of the two, ACME will not work for you.

@@ -427,8 +427,8 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15- another one. Your server might only listen on ports 5001 and 5002, but be reached on ports 443 and 80. How should mod_md figure that one out?

- With MDPortMap you can tell it which 'Internet port' corresponds to which local - port. + With MDPortMap you can tell it which 'Internet port' + corresponds to which local port.

Example @@ -445,7 +445,7 @@ MDPortMap 80:- 443:5002 MDPrivateKeys Set type and size of the private keys generated. - MDPrivateKeys type [ params... ] + MDPrivateKeys type [ params... ] MDPrivateKeys RSA 2048 server config @@ -479,17 +479,17 @@ MDPrivateKeys RSA 3072 MDRenewWindow Control when a certificate will be renewed. - MDRenewWindow duration + MDRenewWindow duration MDRenewWindow 33% server config

- If the validity of the certificate falls below duration, mod_md will get a - new signed certificate. + If the validity of the certificate falls below duration, mod_md + will get a new signed certificate.

- Normally, certificates are valid for around 90 days and mod_md will renew + Normally, certificates are valid for around 90 days and mod_md will renew them the earliest 33% of their complete lifetime before they expire (so for 90 days validity, 30 days before it expires). If you think this is not what you need, you can specify either the exact time, as in: @@ -559,10 +559,11 @@ MDRequireHttps permanent you cannot simply take it back again. -

You can achieve the same with mod_alias and some Redirect configuration, +

You can achieve the same with mod_alias and some + Redirect configuration, basically. If you do it yourself, please make sure to exclude the paths - /.well-known/* from your redirection, otherwise mod_md might have trouble - signing on new certificates. + /.well-known/* from your redirection, otherwise mod_md + might have trouble signing on new certificates.

If you set this globally, it applies to all managed domains. If you want it for a specific domain only, use: @@ -602,7 +603,7 @@ MDRequireHttps permanent MDCAChallenges Type of ACME challenge used to prove domain ownership. - MDCAChallenges name [ name ... ] + MDCAChallenges name [ name ... ] MDCAChallenges tls-sni-01 http-01 server config -- cgit v1.2.3