From: Joe Orton <jorton@apache.org>
Date: Mon, 19 Feb 2018 16:52:28 +0000 (+0000)
Subject: Transforms.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~2838
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4276b8beac5675580422f93f9dee97e3995e013a;p=thirdparty%2Fapache%2Fhttpd.git

Transforms.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1824780 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/howto/encrypt.html.en b/docs/manual/howto/encrypt.html.en
index ef0a404b674..10b87136b7c 100644
--- a/docs/manual/howto/encrypt.html.en
+++ b/docs/manual/howto/encrypt.html.en
@@ -163,7 +163,7 @@
     Internet."
     </p>
     <p>
-    They not offer free certificates, they also developed a interface that can be used by
+    They not only offer free certificates, they also developed an interface that can be used by
     your Apache httpd to get one. This is where <a href="../mod/mod_md.html">mod_md</a>
     comes in.
     </p>
diff --git a/docs/manual/mod/mod_md.html.en b/docs/manual/mod/mod_md.html.en
index a7e534facaf..96d65fa184d 100644
--- a/docs/manual/mod/mod_md.html.en
+++ b/docs/manual/mod/mod_md.html.en
@@ -34,7 +34,7 @@
 <tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>md_module</td></tr>
 <tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_md.c</td></tr>
-<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.5.0 and later</td></tr></table>
+<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.4.30 and later</td></tr></table>
 <h3>Summary</h3>
 
         <p>
@@ -63,7 +63,7 @@
     DocumentRoot htdocs/a
 
     SSLEngine on
-    # no certificates specification needed!
+    # no certificates specification
 &lt;/VirtualHost&gt;</pre>
 
         <p>
@@ -80,6 +80,30 @@
         </p>
         </div>
 
+        <div class="note"><h3>Prerequisites</h3>
+        <p>
+            This module requires <code class="module"><a href="../mod/mod_watchdog.html">mod_watchdog</a></code> to be loaded as well.
+        </p><p>
+            Certificate signup and renewal with Let's Encrypt requires your server to be
+            reachable on port 80 (http:) from the outside. The alternative method over
+            port 443 (https:) is currently disabled for security reasons (status from
+            2018-01-14).
+        </p><p>
+            The module will select from the methods offered by Let's Encrypt. If LE decides
+            at one point in the future, to re-enable it again, <code class="module"><a href="../mod/mod_md.html">mod_md</a></code> will
+            use it when suitable.
+        </p><p>
+            But for now, only the port 80 variant is available (termed "http-01"). Only
+            when LE can reach your server on port 80 will <code class="module"><a href="../mod/mod_md.html">mod_md</a></code> work for
+            you. For now, at least.
+        </p><p>
+            If you do not want to offer any sites on port 80 any more, you may leave it open
+            and redirect all requests to your https: sites instead. Use the
+            <code class="directive"><a href="#mdrequirehttps">MDRequireHttps</a></code> described below to do
+            that in a convenient fashion. This will continue to answer http: challenges
+            from Let's Encrypt. 
+        </p>
+        </div>
     </div>
 <div id="quickview"><h3 class="directives">Directives</h3>
 <ul id="toc">
diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index b44a7d20847..68295425591 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -2033,10 +2033,11 @@ or additionally to <code>SSLProxyMachineCertificatePath</code>.
 This directive sets the directory where you keep the certificates and
 keys used for authentication of the proxy server to remote servers.
 </p>
-<p>The files in this directory must be PEM-encoded and are accessed through
-hash filenames. Additionally, you must create symbolic links named
-<code><em>hash-value</em>.N</code>. And you should always make sure this
-directory contains the appropriate symbolic links.</p>
+<p>
+mod_ssl will attempt to load every file inside the specified
+directory, but will ignore any sub-directories. Each file should
+contain a PEM-encoded certificate and matching private key.
+</p>
 <div class="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </div>
diff --git a/docs/manual/mod/mod_ssl.xml.es b/docs/manual/mod/mod_ssl.xml.es
index 5d2a0eee138..248984d7678 100644
--- a/docs/manual/mod/mod_ssl.xml.es
+++ b/docs/manual/mod/mod_ssl.xml.es
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.es.xsl"?>
-<!-- English Revision: 1817381:1824247 (outdated) -->
+<!-- English Revision: 1817381:1824779 (outdated) -->
 <!-- Spanish Translation: Daniel Ferradal <dferradal@apache.org> -->
 
 <!--
diff --git a/docs/manual/mod/mod_ssl.xml.fr b/docs/manual/mod/mod_ssl.xml.fr
index a995dd57a4b..91143366915 100644
--- a/docs/manual/mod/mod_ssl.xml.fr
+++ b/docs/manual/mod/mod_ssl.xml.fr
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1824247 -->
+<!-- English Revision: 1824247:1824779 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 
diff --git a/docs/manual/mod/mod_ssl.xml.meta b/docs/manual/mod/mod_ssl.xml.meta
index d50eb9de390..194507ef078 100644
--- a/docs/manual/mod/mod_ssl.xml.meta
+++ b/docs/manual/mod/mod_ssl.xml.meta
@@ -9,6 +9,6 @@
   <variants>
     <variant>en</variant>
     <variant outdated="yes">es</variant>
-    <variant>fr</variant>
+    <variant outdated="yes">fr</variant>
   </variants>
 </metafile>