dnamic link in include

23 files changed, 239 insertions, 67 deletions

diff --git a/docs/_includes/plugin-seperate.md b/docs/_includes/plugin-seperate.md
new file mode 100644
index 0000000..8d94eb1
--- /dev/null
+++ b/docs/_includes/plugin-seperate.md
@@ -0,0 +1,10 @@
+## Seperate download
+
+This plugin is offered as a separate download, which can be downloaded from the 
+[releases]({{ site.github.releases_url }}) page on GitHub has to be unpacked into 
+the main program folder to able to use. Note that after unpacking you will have to 
+unblock them for the .NET CRL to trust them. You can do that from the Windows File 
+Explorer by using the right mouse button and then checking the `Unblock` box on 
+the General tab.
+
+![image](https://user-images.githubusercontent.com/11052380/52658411-3c9b7200-2efb-11e9-8e1b-8421295336fe.png)
\ No newline at end of file
diff --git a/docs/_includes/sidebar.html b/docs/_includes/sidebar.html
index 41abdda..95e6dd9 100644
--- a/docs/_includes/sidebar.html
+++ b/docs/_includes/sidebar.html
@@ -1,4 +1,4 @@
-<ul>
+<ul class="sidebar">
     {% for item in site.data.sitemap[page.sidebar] %}
         {% include sidebarlevel.html item=item %}
     {% endfor %}
diff --git a/docs/_includes/sidebarlevel.html b/docs/_includes/sidebarlevel.html
index 5a855e6..2de2ebf 100644
--- a/docs/_includes/sidebarlevel.html
+++ b/docs/_includes/sidebarlevel.html
@@ -3,7 +3,7 @@
 <li>
     <a href="{{ include.item.url }}" {% if z==x or z==include.item.url %}style="color: #e83e8c;" {% endif %}>{{ include.item.title }}</a>
     {% if include.item.subs %}
-        <ul>
+        <ul class="sidebar">
             {% for sub in include.item.subs %}
                 {% include sidebarlevel.html item=sub %}
             {% endfor %}
diff --git a/docs/_includes/validation-http-common.md b/docs/_includes/validation-http-common.md
new file mode 100644
index 0000000..92b2ab7
--- /dev/null
+++ b/docs/_includes/validation-http-common.md
@@ -0,0 +1,56 @@
+## Warmup
+
+Before allowing the ACME server to validate, the program will attempt to request
+the validation file itself and note the result of that request in the log. A side 
+effect of this is that it forces the application to start in case it's application pool
+or equivalent went to sleep, warming up the caches etc. This reduces the chance of 
+time-outs during validation. This used to be optional behaviour controlled by the 
+`--warmup` switch, but that is no longer in use.
+
+## web.config
+
+Optionally this plugin can place a `web.config` next to the validation file, to 
+help IIS properly serve the response. There are [many reasons](/win-acme/manual/validation-problems) 
+why IIS can fail to properly server the file. Some of them can be fixed this way. 
+
+In interactive mode the program will ask you if you want to do this. In unattended mode you 
+can request it with the parameter `--manualtargetisiis`
+
+### Changing the template
+
+The web.config that will be copied lives in the root of the program directory with the 
+name `web_config.xml`. You can modify it to fit your needs, e.g. for MVC sites you might need:
+
+```XML
+<configuration>
+    <system.webServer>
+        <staticContent>
+            <clear/>
+            <mimeMap fileExtension = ".*" mimeType="text/json" />
+        </staticContent>
+        <handlers>
+            <clear />
+            <add name="StaticFile" 
+				path="*" 
+				verb="*" 
+				type="" 
+				modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" 
+				scriptProcessor="" 
+				resourceType="Either"
+				requireAccess="Read" 
+				allowPathInfo="false" 
+				preCondition="" 
+				responseBufferLimit="4194304" />
+        </handlers>
+    </system.webServer>
+</configuration>
+```
+
+Or to disable URL Rewriting you might need to add this (in the beginning, right after `<clear />`).
+
+```XML
+<rule name="LetsEncrypt Rule" stopProcessing="true">
+    <match url="^\.well-known.*$" />
+    <action type="None" />
+</rule>
+```
\ No newline at end of file
diff --git a/docs/_includes/webconfig.md b/docs/_includes/webconfig.md
deleted file mode 100644
index 00a388a..0000000
--- a/docs/_includes/webconfig.md
+++ /dev/null
@@ -1,35 +0,0 @@
-## web.config
-
-Optionally this plugin can place a `web.config` next to the validation file, to 
-help IIS properly serve the response. 
-There are [many reasons](/win-acme/manual/validation-problems) why IIS can fail to 
-properly server the file and some of them can be solved this way. 
-
-### Changing the template
-
-The web.config that will be copied lives in the root of the program directory with the 
-name `web_config.xml`. You can modify it to fit your needs, e.g. for MVC sites you might need:
-
-```XML
-<configuration>
-    <system.webServer>
-        <staticContent>
-            <clear/>
-            <mimeMap fileExtension = ".*" mimeType="text/json" />
-        </staticContent>
-        <handlers>
-            <clear />
-            <add name="StaticFile" path="*" verb="*" type="" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" scriptProcessor="" resourceType="Either" requireAccess="Read" allowPathInfo="false" preCondition="" responseBufferLimit="4194304" />
-        </handlers>
-    </system.webServer>
-</configuration>
-```
-
-Or to disable URL Rewriting you might need to add this (in the beginning, right after `<clear />`).
-
-```XML
-<rule name="LetsEncrypt Rule" stopProcessing="true">
-    <match url="^\.well-known.*$" />
-    <action type="None" />
-</rule>
-```
\ No newline at end of file
diff --git a/docs/assets/template.css b/docs/assets/template.css
index 0e3937e..1f74cb7 100644
--- a/docs/assets/template.css
+++ b/docs/assets/template.css
@@ -430,7 +430,31 @@ img {
     max-width: 100%;
 }
 
-ul {
+ul.sidebar {
    font-size: small;
    padding-inline-start: 20px;
-}
\ No newline at end of file
+}
+
+.h1, h1 {
+    font-size: 2.5rem
+}
+
+.h2, h2 {
+    font-size: 2rem
+}
+
+.h3, h3 {
+    font-size: 1.5rem
+}
+
+.h4, h4 {
+    font-size: 1.25rem
+}
+
+.h5, h5 {
+    font-size: 1rem
+}
+
+.h6, h6 {
+    font-size: 1rem
+}
diff --git a/docs/docs.csproj b/docs/docs.csproj
index 8943e99..b5d3b25 100644
--- a/docs/docs.csproj
+++ b/docs/docs.csproj
@@ -87,7 +87,8 @@
     <None Include="support\index.md" />
     <None Include="_config.yml" />
     <None Include="_data\sitemap.yml" />
-    <None Include="_includes\webconfig.md" />
+    <None Include="_includes\plugin-seperate.md" />
+    <None Include="_includes\validation-http-common.md" />
   </ItemGroup>
   <ItemGroup>
     <Content Include="assets\bg-pattern.png" />
diff --git a/docs/reference/plugins/validation/dns/acme-dns.md b/docs/reference/plugins/validation/dns/acme-dns.md
index 9cbb12c..9688fe7 100644
--- a/docs/reference/plugins/validation/dns/acme-dns.md
+++ b/docs/reference/plugins/validation/dns/acme-dns.md
@@ -1,3 +1,15 @@
 ---
 sidebar: reference
----
\ No newline at end of file
+---
+
+# acme-dns
+Use an [acme-dns](https://github.com/joohoi/acme-dns) server to handle the validation records. 
+The plugin will ask you to choose an endpoint to use. For testing the `https://auth.acme-dns.io/` 
+endpoint is useful, but it is a security concern. As the readme of that project clearly states: 
+"You are encouraged to run your own acme-dns instance."
+
+## Unattended
+Not supported, unless there is a pre-existing acme-dns registration for all the domains. 
+The reason for this is that acme-dns requires you to create CNAME records. In the future this 
+might be scripted the same way we can script DNS validation itself, but so far there hasn't been
+enough demand for that feature to make it worth developing.
\ No newline at end of file
diff --git a/docs/reference/plugins/validation/dns/azure.md b/docs/reference/plugins/validation/dns/azure.md
index 9cbb12c..6224367 100644
--- a/docs/reference/plugins/validation/dns/azure.md
+++ b/docs/reference/plugins/validation/dns/azure.md
@@ -1,3 +1,48 @@
 ---
 sidebar: reference
----
\ No newline at end of file
+---
+
+# Azure DNS 
+Create the record in Azure DNS.
+
+{% include validation-dns-seperate.md %}
+
+## Setup
+This assumes you already have your DNS managed in Azure; if not, you'll need to set that up first. If you are 
+using the Azure DNS option for validation, you'll need to get certain info from your Azure Tenant, and create 
+a service principal for Let's Encrypt to use (you'll only need to create on of these for your entire domain 
+- it's basically an account that has authority to create DNS records). 
+
+### Create Azure AD Service Principal Account
+Run the following commands in Powershell. You will need to install the AzureRM Powershell module first if 
+you don't have it installed already.
+
+`Login-AzureRmAccount`
+`$sp = New-AzureRmADServicePrincipal -DisplayName LetsEncrypt -Password "SuperSecretPasswordGoesHere"`
+
+You can change the DisplayName to something else if you like, and you should certainly change the password. 
+Keep a note of the password as you'll need it to set up the client in a minute.
+
+You then need to give this Service Principal access to change DNS entries. In the Azure Portal:
+* Go to `DNS Zones` > `sub.example.com` > `Access Control (IAM)`
+* Click `Add`
+* For Role, choose `DNS Zone Contributor`
+* Assign access to `Azure AD user, group, or application`
+* Select `LetsEncrypt` (or whatever you called your Service Principal above)
+* Click `Save`
+
+### Configuring the plugin
+* Run `wacs.exe`, and choose which site you want to secure.
+* At the section 'How you you like to validate this certificate' choose `Azure DNS`
+* For **Tenant ID**: in the Azure Portal: Azure Active Directory > Properties > Directory ID.
+* For **Client ID**: in the Azure Portal: Azure Active Directory > App registrations > LetsEncrypt (or whatever you called your Service Principal before), and find the Application ID.
+* For the **Secret**: enter the password you created before.
+* For the **DNS Subscription ID**: in the Azure Portal: DNS zones -> your.dns.zone.net -> Subscription ID
+* For the **DNS Resource Group Name**: the name of the Resource Group your DNS zone is in (you can find this in Azure Portal: DNS zones -> your.dns.zone.net -> Resource Group
+
+### Resources
+[How to: Use Azure PowerShell to create a service principal with a certificate](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-authenticate-service-principal-powershell)
+[DNS SDK](https://docs.microsoft.com/en-us/azure/dns/dns-sdk)
+
+## Unattended 
+`--validationmode dns-01 --validation azure --azuretenantid x --azureclientid x --azuresecret *** --azuresubscriptionid x --azureresourcegroupname x`
\ No newline at end of file
diff --git a/docs/reference/plugins/validation/dns/dreamhost.md b/docs/reference/plugins/validation/dns/dreamhost.md
index 9cbb12c..1ff6fbe 100644
--- a/docs/reference/plugins/validation/dns/dreamhost.md
+++ b/docs/reference/plugins/validation/dns/dreamhost.md
@@ -1,3 +1,14 @@
 ---
 sidebar: reference
----
\ No newline at end of file
+---
+
+# Dreamhost
+Update record for [Dreamhost](https://www.dreamhost.com/)
+
+{% include validation-dns-seperate.md %}
+
+## Setup
+Requires an API key
+
+## Unattended 
+`--validation dreamhost --validationmode dns-01 --apikey x`
\ No newline at end of file
diff --git a/docs/reference/plugins/validation/dns/manual.md b/docs/reference/plugins/validation/dns/manual.md
index 9cbb12c..2ab0dcd 100644
--- a/docs/reference/plugins/validation/dns/manual.md
+++ b/docs/reference/plugins/validation/dns/manual.md
@@ -1,3 +1,12 @@
 ---
 sidebar: reference
----
\ No newline at end of file
+---
+
+# Manual
+The client will show the record that is supposed to be created on screen and it will have 
+to be created manually by whatever means necessary. Obviously not good for unattended operation 
+but it is a good way to get started as a proof of concept, before investing in further 
+automation.
+
+## Unattended
+Not supported (obviously)
\ No newline at end of file
diff --git a/docs/reference/plugins/validation/dns/route53.md b/docs/reference/plugins/validation/dns/route53.md
index 9cbb12c..17aa9a6 100644
--- a/docs/reference/plugins/validation/dns/route53.md
+++ b/docs/reference/plugins/validation/dns/route53.md
@@ -1,3 +1,18 @@
 ---
 sidebar: reference
----
\ No newline at end of file
+---
+
+# Route 53
+Create the record in Amazon Route53
+
+{% include validation-dns-seperate.md %}
+
+## Setup
+This requires either a user or an IAM role with the following permissions on the zone: 
+`route53:GetChange`, `route53:ListHostedZones` and`route53:ChangeResourceRecordSets`
+
+## Unattended 
+User:
+`--validation route53 --validationmode dns-01 --route53accesskeyid x --route53secretaccesskey ***`
+IAM  role:
+`--validation route53 --validationmode dns-01 --route53iamrole x`
\ No newline at end of file
diff --git a/docs/reference/plugins/validation/dns/script.md b/docs/reference/plugins/validation/dns/script.md
index 9cbb12c..1846b08 100644
--- a/docs/reference/plugins/validation/dns/script.md
+++ b/docs/reference/plugins/validation/dns/script.md
@@ -1,3 +1,37 @@
 ---
 sidebar: reference
----
\ No newline at end of file
+---
+
+# Script
+Run an external script or program to create or update the validation records.
+
+## Create
+A script to create the DNS record must be provided. The arguments passed to the 
+script will be `create {Identifier} {RecordName} {Token}` by default, with:
+	- `create` - fixed value
+	- `{Identifier}` - host name that's being validated, e.g. `sub.example.com`
+	- `{RecordName}` - full name of the TXT record that is being expected, e.g. `_acme-challenge.sub.example.com`
+	- `{Token}` - content of the TXT record, e.g. `DGyRejmCefe7v4NfDGDKfA`
+
+The order and format of arguments may be customized by providing a diffent argument string. 
+For example if your script needs arguments like `--host _acme-challenge.example.com --token DGyRejmCefe7v4NfDGDKfA`,
+your argument string should be `--host {RecordName} --token {Token}`
+
+## Delete
+Optionally, another script may be provided to delete the record after validation. The arguments passed to the 
+script will be `delete {Identifier} {RecordName} {Token}` by default. The order and format of arguments may be 
+customized by providing a diffent argument string, just like for the create script. You can also choose to use 
+the same script for create and delete, with each their own argument string.
+
+## Resources
+A lot of good example scripts are available from the 
+[POSH-ACME](https://github.com/rmbolger/Posh-ACME/tree/master/Posh-ACME/DnsPlugins)
+project.
+
+## Unattended
+Create script only:
+`-validationmode dns-01 --validation dnsscript --dnscreatescript c:\create.ps1 [--dnscreatescriptarguments {args}]`
+Create and delete scripts seperate:
+`-validationmode dns-01 --validation dnsscript --dnscreatescript c:\create.ps1 --dnsdeletescript c:\delete.ps1 [--dnscreatescriptarguments {args}] [--dnsdeletescriptarguments {args}]`
+Create and delete script (integrated):
+`-validationmode dns-01 --validation dnsscript --dnsscript c:\create-and-delete.ps1 [--dnscreatescriptarguments {args}] [--dnsdeletescriptarguments {args}]`
\ No newline at end of file
diff --git a/docs/reference/plugins/validation/http/filesystem.md b/docs/reference/plugins/validation/http/filesystem.md
index b5d61ca..4ae8996 100644
--- a/docs/reference/plugins/validation/http/filesystem.md
+++ b/docs/reference/plugins/validation/http/filesystem.md
@@ -5,7 +5,7 @@ sidebar: reference
 # Filesystem
 This plugin saves the validation challenge to a local path, which may of course also be a network path.
 
-{% include webconfig.md %}
+{% include validation-http-common.md %}
 
 ## Unattended 
 `--validation filesystem [--validationsiteid x] [--webroot c:\httpdocs\]`
\ No newline at end of file
diff --git a/docs/reference/plugins/validation/http/ftps.md b/docs/reference/plugins/validation/http/ftps.md
index 4e2e430..01369a4 100644
--- a/docs/reference/plugins/validation/http/ftps.md
+++ b/docs/reference/plugins/validation/http/ftps.md
@@ -5,7 +5,7 @@ sidebar: reference
 # FTP(S)
 This plugin uploads the validation challenge to a (secure) FTP server.
 
-{% include webconfig.md %}
+{% include validation-http-common.md %}
 
 ## Unattended 
 `--validation ftp --webroot ftps://x/ --username admin --password ******`
\ No newline at end of file
diff --git a/docs/reference/plugins/validation/http/sftp.md b/docs/reference/plugins/validation/http/sftp.md
index bb5e74a..ab565fe 100644
--- a/docs/reference/plugins/validation/http/sftp.md
+++ b/docs/reference/plugins/validation/http/sftp.md
@@ -5,7 +5,7 @@ sidebar: reference
 # SFTP
 This plugin uploads the validation challenge to a SSH FTP / SFTP server.
 
-{% include webconfig.md %}
+{% include validation-http-common.md %}
 
 ## Unattended 
 `--validation sftp --webroot ftps://x/ --username admin --password ******`
\ No newline at end of file
diff --git a/docs/reference/plugins/validation/http/webdav.md b/docs/reference/plugins/validation/http/webdav.md
index a317635..94bfeaf 100644
--- a/docs/reference/plugins/validation/http/webdav.md
+++ b/docs/reference/plugins/validation/http/webdav.md
@@ -5,7 +5,7 @@ sidebar: reference
 # SFTP
 This plugin pushes the validation challenge to a WebDav path.
 
-{% include webconfig.md %}
+{% include validation-http-common.md %}
 
 ## Unattended 
 `--validation webdav --webroot ftps://x/ --username admin --password ******`
\ No newline at end of file
diff --git a/src/main/Plugins/ValidationPlugins/Http/HttpValidation.cs b/src/main/Plugins/ValidationPlugins/Http/HttpValidation.cs
index 504f7b9..ae3abbd 100644
--- a/src/main/Plugins/ValidationPlugins/Http/HttpValidation.cs
+++ b/src/main/Plugins/ValidationPlugins/Http/HttpValidation.cs
@@ -121,15 +121,7 @@ namespace PKISharp.WACS.Plugins.ValidationPlugins
         /// <param name="uri"></param>
         private string WarmupSite()
         {
-            return GetContent(new Uri(_challenge.HttpResourceUrl));
-        }
-
-        /// <summary>
-        /// Read content from Uri
-        /// </summary>
-        /// <param name="uri"></param>
-        /// <returns></returns>
-        protected string GetContent(Uri uri) {
+            var uri = new Uri(_challenge.HttpResourceUrl));
             var request = WebRequest.Create(uri);
             request.Proxy = _proxy.GetWebProxy();
             using (var response = request.GetResponse())
diff --git a/src/main/Plugins/ValidationPlugins/Http/HttpValidationArgumentsProvider.cs b/src/main/Plugins/ValidationPlugins/Http/HttpValidationArgumentsProvider.cs
index f00ee53..092f0f7 100644
--- a/src/main/Plugins/ValidationPlugins/Http/HttpValidationArgumentsProvider.cs
+++ b/src/main/Plugins/ValidationPlugins/Http/HttpValidationArgumentsProvider.cs
@@ -17,7 +17,7 @@ namespace PKISharp.WACS.Plugins.ValidationPlugins.Http
                 .WithDescription("Root path of the site that will serve the HTTP validation requests.");
             parser.Setup(o => o.Warmup)
                 .As("warmup")
-                .WithDescription("Warm up website(s) before attempting HTTP validation.");
+                .WithDescription("Not used (warmup is the new default).");
             parser.Setup(o => o.ManualTargetIsIIS)
                 .As("manualtargetisiis")
                 .WithDescription("Copy default web.config to the .well-known directory.");
diff --git a/src/main/Plugins/ValidationPlugins/Http/HttpValidationOptionsFactory.cs b/src/main/Plugins/ValidationPlugins/Http/HttpValidationOptionsFactory.cs
index 0101fd7..14c2c0c 100644
--- a/src/main/Plugins/ValidationPlugins/Http/HttpValidationOptionsFactory.cs
+++ b/src/main/Plugins/ValidationPlugins/Http/HttpValidationOptionsFactory.cs
@@ -1,5 +1,4 @@
-using PKISharp.WACS.Clients.IIS;
-using PKISharp.WACS.DomainObjects;
+using PKISharp.WACS.DomainObjects;
 using PKISharp.WACS.Plugins.Base.Factories;
 using PKISharp.WACS.Plugins.Interfaces;
 using PKISharp.WACS.Services;
@@ -20,9 +19,8 @@ namespace PKISharp.WACS.Plugins.ValidationPlugins
         /// </summary>
         public HttpValidationOptions<TPlugin> BaseAquire(Target target, IArgumentsService options, IInputService input, RunLevel runLevel)
         {
-            string path = null;
             var allowEmtpy = AllowEmtpy(target);
-            path = options.TryGetArgument(null, input, WebrootHint(allowEmtpy));
+            string path = options.TryGetArgument(null, input, WebrootHint(allowEmtpy));
             while (
                 (!string.IsNullOrEmpty(path) && !PathIsValid(path)) || 
                 (string.IsNullOrEmpty(path) && !allowEmtpy))
diff --git a/src/plugin.validation.dns.azure/AzureOptions.cs b/src/plugin.validation.dns.azure/AzureOptions.cs
index 8d34a23..2c246ac 100644
--- a/src/plugin.validation.dns.azure/AzureOptions.cs
+++ b/src/plugin.validation.dns.azure/AzureOptions.cs
@@ -10,7 +10,7 @@ namespace PKISharp.WACS.Plugins.ValidationPlugins.Dns
     class AzureOptions : ValidationPluginOptions<Azure>
     {
         public override string Name => "Azure";
-        public override string Description => "Change records in Azure DNS";
+        public override string Description => "Create verification records in Azure DNS";
         public override string ChallengeType { get => Constants.Dns01ChallengeType; }
 
         public string ClientId { get; set; }
diff --git a/src/plugin.validation.dns.dreamhost/DreamhostOptions.cs b/src/plugin.validation.dns.dreamhost/DreamhostOptions.cs
index bcc7f85..a304383 100644
--- a/src/plugin.validation.dns.dreamhost/DreamhostOptions.cs
+++ b/src/plugin.validation.dns.dreamhost/DreamhostOptions.cs
@@ -11,7 +11,7 @@ namespace PKISharp.WACS.Plugins.ValidationPlugins
     {
         public override string Name => "Dreamhost";
 
-        public override string Description => "Change records in Dreamhost DNS";
+        public override string Description => "Create verification records in Dreamhost DNS";
 
         public override string ChallengeType => Constants.Dns01ChallengeType;
 
diff --git a/src/plugin.validation.dns.route53/Route53Options.cs b/src/plugin.validation.dns.route53/Route53Options.cs
index 4db7c05..b3db446 100644
--- a/src/plugin.validation.dns.route53/Route53Options.cs
+++ b/src/plugin.validation.dns.route53/Route53Options.cs
@@ -10,7 +10,7 @@ namespace PKISharp.WACS.Plugins.ValidationPlugins.Dns
     internal sealed class Route53Options : ValidationPluginOptions<Route53>
     {
         public override string Name { get; } = "Route53";
-        public override string Description { get; } = "Verify through AWS Route 53 DNS";
+        public override string Description { get; } = "Create verification records in AWS Route 53";
         public override string ChallengeType { get; } = Constants.Dns01ChallengeType;
         public string IAMRole { get; set; }
         public string AccessKeyId { get; set; }