From: Christophe Jaillet Date: Tue, 20 Mar 2018 20:28:28 +0000 (+0000) Subject: rebuild X-Git-Tag: 2.5.0-alpha2-ci-test-only~2773 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3d0e237eaa13f11acd5abd7a5198236d449cb13b;p=thirdparty%2Fapache%2Fhttpd.git rebuild git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1827354 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_md.html.en b/docs/manual/mod/mod_md.html.en index 716ff345f96..945d556b32b 100644 --- a/docs/manual/mod/mod_md.html.en +++ b/docs/manual/mod/mod_md.html.en @@ -72,7 +72,7 @@ to request a certificate for the domain. If Let's Encrypt can verify the ownership of the domain, the module will retrieve the certificate and its chain, store it in the local file system (see MDStoreDir) - and provide it, on next restart, to mod_ssl. + and provide it, on next restart, to mod_ssl.

This happens while the server is already running. All other hosts will continue to work as before. While a certificate is not available, requests for the managed @@ -152,7 +152,7 @@

MDCAChallenges Directive

- + @@ -171,7 +171,7 @@

MDCertificateAgreement Directive

Description:Type of ACME challenge used to prove domain ownership.
Syntax:MDCAChallenges name [ name ... ]
Syntax:MDCAChallenges name [ name ... ]
Default:MDCAChallenges tls-sni-01 http-01
Context:server config
Status:Extension
- + @@ -191,7 +191,7 @@ MDomain example.org www.example.org mail.example.org

MDCertificateAuthority Directive

Description:The URL of the Terms-of-Service document, that the CA server requires you to accept.
Syntax:MDCertificateAgreement url-of-terms-of-service
Syntax:MDCertificateAgreement url-of-terms-of-service
Context:server config
Status:Extension
Module:mod_md
- + @@ -214,7 +214,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-

MDCertificateProtocol Directive

Description:The URL of the ACME Certificate Authority service.
Syntax:MDCertificateAuthority url
Syntax:MDCertificateAuthority url
Default:MDCertificateAuthority https://acme-v01.api.letsencrypt.org/directory
Context:server config
Status:Extension
- + @@ -241,7 +241,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15- renew it.

In 'manual' mode, it is your duty to do all this. The module will provide the existing - certificate to mod_ssl, if available. But it will not contact the CA for signup/renewal. + certificate to mod_ssl, if available. But it will not contact the CA for signup/renewal. This can be useful in clustered setups where you want just one node to perform the driving.

@@ -254,7 +254,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-

MDHttpProxy Directive

Description:The protocol to use with the Certificate Authority.
Syntax:MDCertificateProtocol protocol
Syntax:MDCertificateProtocol protocol
Default:MDCertificateProtocol ACME
Context:server config
Status:Extension
- + @@ -268,14 +268,14 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-

MDMember Directive

Description:Define a proxy for outgoing connections.
Syntax:MDHttpProxy url
Syntax:MDHttpProxy url
Context:server config
Status:Extension
Module:mod_md
- +
Description:Additional hostname for the managed domain.
Syntax:MDMember hostname
Syntax:MDMember hostname
Context:server config
Status:Extension
Module:mod_md

Instead of listing all dns names on the same line, you may use - MDMember to add such names + MDMember to add such names to a managed domain.

Example

<MDomainSet example.org>
@@ -320,7 +320,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-
             
Defines if newly requested certificate should have the OCSP Must Staple flag 
             set or not. If a certificate has this flag, the server is required to send a 
             OCSP stapling response to every client. This only works if you configure 
-            mod_ssl to generate this (see SSLUseStapling
+            mod_ssl to generate this (see SSLUseStapling
             and friends).
             

         
@@ -329,7 +329,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-
 
MDNotifyCmd Directive

 
-
+
@@ -352,7 +352,7 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-
 

 
Description:Run a program when Managed Domain are ready.
Syntax:MDNotifyCmd  path
Syntax:MDNotifyCmd path

 
Context:server config

 
Status:Extension

 
Module:mod_md

             

                 All the names in the list are managed as one Managed Domain (MD). 
-                mod_md will request one single certificate that is valid for all these names. This
+                mod_md will request one single certificate that is valid for all these names. This
                 directive uses the global settings (see other MD directives below). If you
                 need specific settings for one MD, use
                 the <MDomainSet>.
@@ -417,7 +417,7 @@ MDomain example2.org auto
                 In this example, the domain 'www.example.org' is automatically added to
                 the MD 'example.org'. Similarly for 'example2.org' where 'auto' is configured
                 explicitly. Whenever you add more ServerAlias names to this
-                virtual host, they will be added as well to the Manged Domain.
+                virtual host, they will be added as well to the Managed Domain.
             

                 If you prefer to explicitly declare all the domain names, use 'manual' mode. 
                 An error will be logged if the names do not match with the expected ones.
@@ -454,14 +454,14 @@ MDomain example2.org auto
 
MDPortMap Directive

 
-
+

 
Description:Map external to internal ports for domain ownership verification.
Syntax:MDPortMap map1 [ map2 ]
Syntax:MDPortMap map1 [ map2 ]

 
Default:MDPortMap 80:80 443:443

 
Context:server config

 
Status:Extension

 
Module:mod_md

 

             

-                The ACME protocol provides two method to verify domain ownership: one that uses
+                The ACME protocol provides two methods to verify domain ownership: one that uses
                 port 80 and one for port 443. If your server is not reachable by at least one
                 of the two, ACME will not work for you.
             

@@ -474,8 +474,8 @@ MDomain example2.org auto
                 another one. Your server might only listen on ports 5001 and 5002, but be reached
                 on ports 443 and 80. How should mod_md figure that one out?
             

-                With MDPortMap you can tell it which 'Internet port' corresponds to which local
-                port.
+                With MDPortMap you can tell it which 'Internet port'
+                corresponds to which local port.
             

             
Example
MDPortMap 80:- 443:5002

 

@@ -489,7 +489,7 @@ MDomain example2.org auto
 
MDPrivateKeys Directive

 
-
+
@@ -520,17 +520,17 @@ MDomain example2.org auto
 
MDRenewWindow Directive

 

 
Description:Set type and size of the private keys generated.
Syntax:MDPrivateKeys type [ params... ]
Syntax:MDPrivateKeys type [ params... ]

 
Default:MDPrivateKeys RSA 2048

 
Context:server config

 
Status:Extension

-
+

 
Description:Control when a certificate will be renewed.
Syntax:MDRenewWindow duration
Syntax:MDRenewWindow duration

 
Default:MDRenewWindow 33%

 
Context:server config

 
Status:Extension

 
Module:mod_md

 

             

-            If the validity of the certificate falls below duration, mod_md will get a 
-            new signed certificate.
+            If the validity of the certificate falls below duration, mod_md
+            will get a new signed certificate.
             

-            Normally, certificates are valid for around 90 days and mod_md will renew 
+            Normally, certificates are valid for around 90 days and mod_md will renew 
             them the earliest 33% of their complete lifetime before they expire (so for 
             90 days validity, 30 days before it expires). If you think this is not what 
             you need, you can specify either the exact time, as in:
@@ -591,10 +591,11 @@ MDRenewWindow 10%
you cannot simply take it back again. -

You can achieve the same with mod_alias and some Redirect configuration, +

You can achieve the same with mod_alias and some + Redirect configuration, basically. If you do it yourself, please make sure to exclude the paths - /.well-known/* from your redirection, otherwise mod_md might have trouble - signing on new certificates. + /.well-known/* from your redirection, otherwise mod_md + might have trouble signing on new certificates.

If you set this globally, it applies to all managed domains. If you want it for a specific domain only, use: