diff options
Diffstat (limited to 'docs/reference/plugins/validation')
| -rw-r--r-- | docs/reference/plugins/validation/dns/acme-dns.md | 3 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/dns/index.md | 4 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/dns/script.md | 22 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/http/index.md | 11 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/http/sftp.md | 2 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/index.md | 2 |
6 files changed, 24 insertions, 20 deletions
diff --git a/docs/reference/plugins/validation/dns/acme-dns.md b/docs/reference/plugins/validation/dns/acme-dns.md index 9688fe7..8856cda 100644 --- a/docs/reference/plugins/validation/dns/acme-dns.md +++ b/docs/reference/plugins/validation/dns/acme-dns.md @@ -6,7 +6,8 @@ sidebar: reference Use an [acme-dns](https://github.com/joohoi/acme-dns) server to handle the validation records. The plugin will ask you to choose an endpoint to use. For testing the `https://auth.acme-dns.io/` endpoint is useful, but it is a security concern. As the readme of that project clearly states: -"You are encouraged to run your own acme-dns instance." + +> "You are encouraged to run your own acme-dns instance." ## Unattended Not supported, unless there is a pre-existing acme-dns registration for all the domains. diff --git a/docs/reference/plugins/validation/dns/index.md b/docs/reference/plugins/validation/dns/index.md index 16403f8..84251f5 100644 --- a/docs/reference/plugins/validation/dns/index.md +++ b/docs/reference/plugins/validation/dns/index.md @@ -5,8 +5,8 @@ sidebar: reference # DNS validation DNS validation works as follows: - For each domain, e.g. `sub.example.com`, the ACME server provides a -challenge consisting of an `x` and `y` value (it's a little more complicated than that, -but for the sake of this explanation it will suffice). +challenge consisting of an `x` and `y` value. The truth is actually a little +more complicated than that, but for the sake of this explanation it will suffice. - The client has to make sure that when the ACME server requests the TXT records for `_acme-challenge.sub.example.com`, there should be at least one record called `x` with content `"y"`. diff --git a/docs/reference/plugins/validation/dns/script.md b/docs/reference/plugins/validation/dns/script.md index f241d32..8e85f1f 100644 --- a/docs/reference/plugins/validation/dns/script.md +++ b/docs/reference/plugins/validation/dns/script.md @@ -7,19 +7,21 @@ Run an external script or program to create or update the validation records. ## Create A script to create the DNS record must be provided. The arguments passed to the -script will be `create {Identifier} {RecordName} {Token}` by default, with: +script will be `create {Identifier} {RecordName} {Token}` by default, where the +following replacements are made by win-acme: -- `create` - fixed value -- `{Identifier}` - host name that's being validated, e.g. `sub.example.com` -- `{RecordName}` - full name of the TXT record that is being expected, e.g. `_acme-challenge.sub.example.com` -- `{Token}` - content of the TXT record, e.g. `DGyRejmCefe7v4NfDGDKfA` +| Value | Replaced with | +|----------------|----------------| +| `{Identifier}` | host name that's being validated, e.g. `sub.example.com` | +| `{RecordName}` | full name of the TXT record that is being expected, e.g. `_acme-challenge.sub.example.com` | +| `{Token}` | content of the TXT record, e.g. `DGyRejmCefe7v4NfDGDKfA` | The order and format of arguments may be customized by providing a diffent argument string. -For example if your script needs arguments like... +For example if your script needs arguments like: `--host _acme-challenge.example.com --token DGyRejmCefe7v4NfDGDKfA` -...your argument string should be +...your argument string should like like this: `--host {RecordName} --token {Token}` @@ -35,9 +37,9 @@ A lot of good example scripts are available from the project. ## Unattended -- Create script only: +- ### Create script only `-validationmode dns-01 --validation dnsscript --dnscreatescript c:\create.ps1 [--dnscreatescriptarguments {args}]` -- Create and delete scripts seperate: +- ### Create and delete scripts seperate `-validationmode dns-01 --validation dnsscript --dnscreatescript c:\create.ps1 --dnsdeletescript c:\delete.ps1 [--dnscreatescriptarguments {args}] [--dnsdeletescriptarguments {args}]` -- Create and delete script (integrated): +- ### Create-delete script (integrated) `-validationmode dns-01 --validation dnsscript --dnsscript c:\create-and-delete.ps1 [--dnscreatescriptarguments {args}] [--dnsdeletescriptarguments {args}]`
\ No newline at end of file diff --git a/docs/reference/plugins/validation/http/index.md b/docs/reference/plugins/validation/http/index.md index 41a4f3d..25c8164 100644 --- a/docs/reference/plugins/validation/http/index.md +++ b/docs/reference/plugins/validation/http/index.md @@ -4,13 +4,14 @@ sidebar: reference # HTTP validation HTTP validation works as follows: -- For each domain, e.g. `sub.example.com`, the ACME server provides a -challenge consisting of an `x` and `y` value (it's a little more complicated than that, -but for the sake of this explanation it will suffice). +- For each domain (e.g. `sub.example.com`), the ACME server sends a +challenge consisting of an `x` and `y` value. The truth is actually a little +more complicated than that, but for the sake of this explanation it will suffice. - The client has to make sure that when the ACME server makes a request -to `http://sub.example.com/.well-known/acme-challenge/x`, the answer will be exactly `y`. +to `http://sub.example.com/.well-known/acme-challenge/x`, the content of the HTTP +response will be `y` with some specific headers set as well. - The validation request is *always* made to port 80, that cannot be changed. -- Let's Encrypt **does** follow 301/302 redirects +- The ACME server **does** follow 301/302 redirects. - There may be more than one validation request for the same token, e.g. from different locations or different protocols (IPv4/IPv6). - Let's Encrypt does **not** disclose the source locations of these requests, which diff --git a/docs/reference/plugins/validation/http/sftp.md b/docs/reference/plugins/validation/http/sftp.md index ab565fe..62d59cc 100644 --- a/docs/reference/plugins/validation/http/sftp.md +++ b/docs/reference/plugins/validation/http/sftp.md @@ -3,7 +3,7 @@ sidebar: reference --- # SFTP -This plugin uploads the validation challenge to a SSH FTP / SFTP server. +This plugin uploads the validation challenge to a SSH FTP, also known as SFTP, server. {% include validation-http-common.md %} diff --git a/docs/reference/plugins/validation/index.md b/docs/reference/plugins/validation/index.md index f5b8f0d..56e4254 100644 --- a/docs/reference/plugins/validation/index.md +++ b/docs/reference/plugins/validation/index.md @@ -7,7 +7,7 @@ sidebar: reference A validation plugin is responsible for providing the ACME server with proof that you own the identifiers (host names) that you want to create a certificate for. The [ACMEv2 protocol](https://tools.ietf.org/html/draft-ietf-acme-acme-18) defines different challenge types, -two whom are supported by Let's Encrypt and win-acme, namely [HTTP-0](/win-acme/reference/plugins/validation/http/) and +two whom are supported by Let's Encrypt and win-acme, namely [HTTP-01](/win-acme/reference/plugins/validation/http/) and [DNS-01](/win-acme/reference/plugins/validation/dns/). For wildcard identifiers, only DNS validation is accepted by Let's Encrypt. |