From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 6 Nov 2025 12:34:36 +0000 (+0100)
Subject: DOC: acme: crt-store allows you to start without a certificate
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=05036180d94516f5e7adb4b8b0d1101c913a8a25;p=thirdparty%2Fhaproxy.git

DOC: acme: crt-store allows you to start without a certificate

If your acme certificate is declared in a crt-store, and the certificate
file does not exist on the disk, HAProxy will start with a temporary key
pair.
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 7df51521b..42cd5f883 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -30805,6 +30805,12 @@ acme <string>
   This is an experimental feature which needs the
   "expose-experimental-directives" keyword in the global section.
 
+  When using the "acme" keyword in a crt-store, it is possible to start without
+  an existing certificate on the disk. Instead, a temporary key pair will be
+  used until the ACME certificate is generated. This behavior is exclusives to
+  crt-stores, neither a crt-list line nor an ssl-f-use line can achieve the
+  same without declaring a crt-store first.
+
   See also Section 12.8 ("ACME") and "domains" in this section.
 
 alias <string>