<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>md_module</td></tr>
<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_md.c</td></tr>
-<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.5.0 and later</td></tr></table>
+<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.4.30 and later</td></tr></table>
<h3>Summary</h3>
<p>
DocumentRoot htdocs/a
SSLEngine on
- # no certificates specification needed!
+ # no certificates specification
</VirtualHost></pre>
<p>
</p>
</div>
+ <div class="note"><h3>Prerequisites</h3>
+ <p>
+ This module requires <code class="module"><a href="../mod/mod_watchdog.html">mod_watchdog</a></code> to be loaded as well.
+ </p><p>
+ Certificate signup and renewal with Let's Encrypt requires your server to be
+ reachable on port 80 (http:) from the outside. The alternative method over
+ port 443 (https:) is currently disabled for security reasons (status from
+ 2018-01-14).
+ </p><p>
+ The module will select from the methods offered by Let's Encrypt. If LE decides
+ at one point in the future, to re-enable it again, <code class="module"><a href="../mod/mod_md.html">mod_md</a></code> will
+ use it when suitable.
+ </p><p>
+ But for now, only the port 80 variant is available (termed "http-01"). Only
+ when LE can reach your server on port 80 will <code class="module"><a href="../mod/mod_md.html">mod_md</a></code> work for
+ you. For now, at least.
+ </p><p>
+ If you do not want to offer any sites on port 80 any more, you may leave it open
+ and redirect all requests to your https: sites instead. Use the
+ <code class="directive"><a href="#mdrequirehttps">MDRequireHttps</a></code> described below to do
+ that in a convenient fashion. This will continue to answer http: challenges
+ from Let's Encrypt.
+ </p>
+ </div>
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
<ul id="toc">
This directive sets the directory where you keep the certificates and
keys used for authentication of the proxy server to remote servers.
</p>
-<p>The files in this directory must be PEM-encoded and are accessed through
-hash filenames. Additionally, you must create symbolic links named
-<code><em>hash-value</em>.N</code>. And you should always make sure this
-directory contains the appropriate symbolic links.</p>
+<p>
+mod_ssl will attempt to load every file inside the specified
+directory, but will ignore any sub-directories. Each file should
+contain a PEM-encoded certificate and matching private key.
+</p>
<div class="warning">
<p>Currently there is no support for encrypted private keys</p>
</div>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.es.xsl"?>
-<!-- English Revision: 1817381:1824247 (outdated) -->
+<!-- English Revision: 1817381:1824779 (outdated) -->
<!-- Spanish Translation: Daniel Ferradal <dferradal@apache.org> -->
<!--
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1824247 -->
+<!-- English Revision: 1824247:1824779 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
projects / thirdparty / apache / httpd.git / commitdiff
