DOC: acme: add details about key pair generation in ACME section

In 3.3 it is possible to generate a key pair without needing a
existing certificate on the disk.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 9db057d70ffa9f263d4916be32365d77eaa99378..4a61fee95a74df275a6f366abe46c7c8b0b378ad 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -31029,13 +31029,14 @@ The ACME section allows to configure HAProxy as an ACMEv2 client. This feature
 is experimental meaning that "expose-experimental-directives" must be in the
 global section so this can be used.
 
-Current limitations as of 3.2:
+Current limitations as of 3.3:
 - The feature is limited to the HTTP-01 or DNS-01 challenges for now. HTTP-01
   is completely handled by HAProxy, but DNS-01 needs either the dataplaneAPI or
   another 3rd party tool to talk to a DNS provider API.
-- Configuring acme needs a configuration with a crt, it's currently not
-  possible to start without this crt on the disk, a key-pair must already exist
-  to start haproxy. It is recommanded to use an expired certificate for that.
+- It is possible to start without an existing certificate on the disk. To do
+  so, the certificate must configured in a crt-store.
+  When using the "acme" keyword in a crt-store, a temporary key pair will be
+  used until the ACME certificate is generated.
 - The current HAProxy architecture is a non-blocking model, access to the disk
   is not supposed to be done after the configuration is loaded, because it
   could block the event loop, blocking the traffic on the same thread. Meaning