Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
257 Commits
12 Branches
27 Tags
2.2 MiB
Tree: 602d8c6cf6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '602d8c6cf6'
${ noResults }
acmed/man/en/acmed.toml.5

693 lines
21 KiB
Raw Normal View History

ACMEd v0.7.0
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
ACMEd v0.8.0
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow the config file to include other files
6 years ago
Add Unix style globing for config file inclusion Close #6
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add env variable definition in the global section
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to define a custom delay for renewal
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add rate limits for HTTPS requests
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add rate limits for HTTPS requests
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add rate limits for HTTPS requests
6 years ago
Allow to define a custom delay for renewal
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add an option to stop or continue after a failed hook
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Fix config key: hook_type -> type
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to give a file path in a hook's stdin There is use-cases where a command's standard input should be filled with a file's content. In order to stay consistent with the names of the other fields, `stdin` is now the field which accepts such a path. `stdin_str` has been created in order to also support the use of a raw string.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Move the account key type and signing algorithm Those options are tied with the account and should therefore be defined in the associated section, not in the endpoint section.
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Move the account key type and signing algorithm Those options are tied with the account and should therefore be defined in the associated section, not in the endpoint section.
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Document how certificates are identified
5 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure environment variables for a given certificate Sometimes, you want hooks to use different parameters depending on the certificate. In order to achieve this, it is now now possible to configure environment variables at certificate scope. Thanks to this, the default hooks have been rewrote in order to use cover more use cases.
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure per-domain environment variables
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure per-domain environment variables
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Allow to configure per-domain environment variables
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to specify the account key type and signature alg in the config
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to define a custom delay for renewal
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Grammar fixes
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Grammar fixes
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Grammar fixes
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to give a file path in a hook's stdin There is use-cases where a command's standard input should be filled with a file's content. In order to stay consistent with the names of the other fields, `stdin` is now the field which accepts such a path. `stdin_str` has been created in order to also support the use of a raw string.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add the is_success variable to post-operation hooks
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Add rate limits for HTTPS requests
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the basic certificate config example
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the basic certificate config example
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure environment variables for a given certificate Sometimes, you want hooks to use different parameters depending on the certificate. In order to achieve this, it is now now possible to configure environment variables at certificate scope. Thanks to this, the default hooks have been rewrote in order to use cover more use cases.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to specify the account key type and signature alg in the config
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
  1. .\" Copyright (c) 2019-2020 Rodolphe Bréard <rodolphe@breard.tf>
  2. .\"
  3. .\" Copying and distribution of this file, with or without modification,
  4. .\" are permitted in any medium without royalty provided the copyright
  5. .\" notice and this notice are preserved. This file is offered as-is,
  6. .\" without any warranty.
  7. .Dd June 12, 2020
  8. .Dt ACMED.TOML 5
  9. .Os
  10. .Sh NAME
  11. .Nm acmed.toml
  12. .Nd ACMEd configuration file
  13. .Sh DESCRIPTION
  14. .Nm
  15. is the configuration file for
  16. .Xr acmed 8 .
  17. It is written in the
  18. .Em TOML
  19. format. The allowed elements are described below.
  20. .Bl -tag
  21. .It Ic include
  22. Array containing the path to configuration file to include. The path can be either relative or absolute. If relative, it is relative to the configuration file which included it.
  23. .Pp
  24. In case or overlapping global option definition, the one of the last included file will be used. For example, if a file
  25. .Em A
  26. includes files
  27. .Em B
  28. and
  29. .Em C
  30. and all three defines the same global option, the final value will be the one defined in file
  31. .Em C .
  32. .Pp
  33. Unix style globing is supported.
  34. .It Ic global
  35. Table containing the global configuration options.
  36. .Bl -tag
  37. .It Cm accounts_directory Ar string
  38. Specify the directory where the accounts private and public keys are stored.
  39. .It Cm certificates_directory Ar string
  40. Specify the directory where the certificates and their associated private keys are stored.
  41. .It Cm cert_file_mode Ar integer
  42. Specify the permissions to use for newly-created certificates files. See
  43. .Xr chmod 2
  44. for more details.
  45. .It Cm cert_file_user Ar username|user_id Ft string
  46. Specify the user who will own newly-created certificates files. See
  47. .Xr chown 2
  48. for more details.
  49. .It Cm cert_file_group Ar group_name|group_id Ft string
  50. Specify the group who will own newly-created certificates files. See
  51. .Xr chown 2
  52. for more details.
  53. .It Ic env Ar table
  54. Table of environment variables that will be accessible from hooks.
  55. .It Cm pk_file_mode Ar integer
  56. Specify the permissions to use for newly-created private-key files. See
  57. .Xr chmod 2
  58. for more details.
  59. .It Cm pk_file_user Ar username|user_id Ft string
  60. Specify the user who will own newly-created private-key files. See
  61. .Xr chown 2
  62. for more details.
  63. .It Cm pk_file_group Ar group_name|group_id Ft string
  64. Specify the group who will own newly-created private-key files. See
  65. .Xr chown 2
  66. for more details.
  67. .It Cm renew_delay Ar string
  68. Period of time between the certificate renewal and its expiration date. The format is described in the
  69. .Sx TIME PERIODS
  70. section. Default is 3w.
  71. .El
  72. .It Ic rate-limit
  73. Array of table where each element defines a HTTPS rate limit.
  74. .Bl -tag
  75. .It Cm name Ar string
  76. The name the rate limit is registered under. Must be unique.
  77. .It Cm number Ar integer
  78. Number of requests authorized withing the time period.
  79. .It Cm period Ar string
  80. Period of time during which a maximal number of requests is authorized. The format is described in the
  81. .Sx TIME PERIODS
  82. section.
  83. .El
  84. .It Ic endpoint
  85. Array of table where each element defines a Certificate Authority
  86. .Pq CA
  87. which may be used to request certificates.
  88. .Bl -tag
  89. .It Cm name Ar string
  90. The name the endpoint is registered under. Must be unique.
  91. .It Cm rate_limits Ar array
  92. Array containing the names of the HTTPS rate limits to apply.
  93. .It Cm tos_agreed Ar boolean
  94. Set whether or not the user agrees to the Terms Of Service
  95. .Pq TOS .
  96. .It Cm url Ar string
  97. The endpoint's directory URL.
  98. .It Cm renew_delay Ar string
  99. Period of time between the certificate renewal and its expiration date. The format is described in the
  100. .Sx TIME PERIODS
  101. section. Default is the value defined in the global section.
  102. .El
  103. .It Ic hook
  104. Array of table where each element defines a command that will be launched at a defined point. See section
  105. .Sx WRITING A HOOK
  106. for more details.
  107. .Bl -tag
  108. .It Cm allow_failure Ar boolean
  109. Defines if an error return value for this hook is allowed or not. If not allowed, a failure in this hook will fail the whole certificate request process. Default is false.
  110. .It Cm name Ar string
  111. The name the hook is registered under. Must be unique.
  112. .It Cm type Ar array
  113. Array of strings. Possible types are:
  114. .Bl -dash -compact
  115. .It
  116. challenge-http-01
  117. .It
  118. challenge-http-01-clean
  119. .It
  120. challenge-dns-01
  121. .It
  122. challenge-dns-01-clean
  123. .It
  124. challenge-tls-alpn-01
  125. .It
  126. challenge-tls-alpn-01-clean
  127. .It
  128. file-pre-create
  129. .It
  130. file-pre-edit
  131. .It
  132. file-post-create
  133. .It
  134. file-post-edit
  135. .It
  136. post-operation
  137. .El
  138. .It Ic cmd Ar string
  139. The name of the command that will be launched.
  140. .It Ic args Ar array
  141. Array of strings representing the command's arguments.
  142. .It Ic stdin Ar string
  143. Path to the file that will be written into the command's standard intput. Mutually exclusive with
  144. .Em stdin_str .
  145. .It Ic stdin_str Ar string
  146. String that will be written into the command's standard input. Mutually exclusive with
  147. .Em stdin .
  148. .It Ic stdout Ar string
  149. Path to the file where the command's standard output if written.
  150. .It Ic stderr Ar string
  151. Path to the file where the command's standard error output if written.
  152. .El
  153. .It Ic group
  154. Array of table allowing to group several hooks as one. A group is considered as new hook.
  155. .Bl -tag
  156. .It Cm name Ar string
  157. The name the group is registered under. This name is considered as a hook name. Must be unique.
  158. .It Cm hooks Ar array
  159. Array containing the names of the hooks that are grouped. The hooks are guaranteed to be called sequentially in the declaration order.
  160. .El
  161. .It Ic account
  162. Array of table representing an account on one or several endpoint.
  163. .Bl -tag
  164. .It Ic name Ar string
  165. The name the account is registered under. Must be unique.
  166. .It Ic email Ar string
  167. The email address used to contact the account's holder.
  168. .It Cm key_type Ar string
  169. Name of the asymmetric cryptography algorithm used to generate the key pair. Possible values are :
  170. .Bl -dash -compact
  171. .It
  172. rsa2048
  173. .It
  174. rsa4096
  175. .It
  176. ecdsa_p256
  177. .Aq default
  178. .It
  179. ecdsa_p384
  180. .El
  181. .It Cm signature_algorithm Ar string
  182. Name of the signature algorithm used to sign the messages sent to the endpoint as defined in
  183. .Em RFC 7518 .
  184. The default value is derived from the key type. Possible values are:
  185. .Bl -dash -compact
  186. .It
  187. RS256
  188. .It
  189. ES256
  190. .It
  191. ES384
  192. .El
  193. .El
  194. .It Ic certificate
  195. Array of table representing a certificate that will be requested to a CA.
  196. .Pp
  197. Note that certificates are identified by the first identifier in the list of identifiers. That means that if you reorder the identifiers so that a different identifier is at the first position, a new certificate with a new name will be issued.
  198. .Bl -tag
  199. .It Ic account Ar string
  200. Name of the account to use.
  201. .It Ic endpoint Ar string
  202. Name of the endpoint to use.
  203. .It Ic env Ar table
  204. Table of environment variables that will be accessible from hooks.
  205. .It Ic identifiers Ar array
  206. Array of tables listing the identifiers that should be included in the certificate along with the challenge to use for each one. The
  207. .Em dns
  208. and
  209. .Em ip
  210. fields are mutually exclusive.
  211. .Bl -tag
  212. .It Ic challenge Ar string
  213. The name of the challenge to use to prove the identifier's ownership. Possible values are:
  214. .Bl -dash -compact
  215. .It
  216. http-01
  217. .It
  218. dns-01
  219. .It
  220. tls-alpn-01
  221. .El
  222. .It Ic dns Ar string
  223. The domain name.
  224. .It Ic ip Ar string
  225. The IP address.
  226. .It Ic env Ar table
  227. Table of environment variables that will be accessible from hooks.
  228. .El
  229. .It Ic algorithm Ar string
  230. Name of the asymmetric cryptography algorithm used to generate the certificate's key pair. Possible values are :
  231. .Bl -dash -compact
  232. .It
  233. rsa2048
  234. .Aq default
  235. .It
  236. rsa4096
  237. .It
  238. ecdsa_p256
  239. .It
  240. ecdsa_p384
  241. .El
  242. .It Ic kp_reuse Ar boolean
  243. Set whether or not the private key should be reused when renewing the certificate. Default is false.
  244. .It Ic directory Ar string
  245. Path to the directory where certificates and their associated private keys are stored.
  246. .It Ic hooks Ar array
  247. Names of hooks that will be called when requesting a new certificate. The hooks are guaranteed to be called sequentially in the declaration order.
  248. .It Cm renew_delay Ar string
  249. Period of time between the certificate renewal and its expiration date. The format is described in the
  250. .Sx TIME PERIODS
  251. section. Default is the value defined in the associated endpoint.
  252. .El
  253. .Sh WRITING A HOOK
  254. When requesting a certificate from a CA using ACME, there are three steps that are hard to automatize. The first one is solving challenges in order to prove the ownership of every identifier to be included: it requires to interact with the configuration of other services, hence depends on how the infrastructure works. The second one is restarting all the services that use a given certificate, for the same reason. The last one is archiving: although several default methods can be implemented, sometimes admins wants or are required to do it in a different way.
  255. .Pp
  256. In order to allow full automation of the three above steps without imposing arbitrary restrictions or methods,
  257. .Xr acmed 8
  258. uses hooks. Fundamentally, a hook is a command line template that will be called at a specific time of the process. Such an approach allows admins to use any executable script or program located on the machine to customize the process.
  259. .Pp
  260. For a given certificate, hooks are guaranteed to be called sequentially in the declaration order. It is therefore possible to have a hook that depends on another one. Nevertheless, several certificates may be renewed at the same time. Hence, hooks shall not use globing or any other action that may disrupt hooks called by a different certificate.
  261. .Pp
  262. A hook has a type that will influence both the moment it is called and the available template variables. It is possible to declare several types. In such a case, the hook will be invoked whenever one of its type request it. When called, the hook only have access to template variable for the current type. If a hook uses a template variable that does not exists for the current type it is invoked for, the variable is empty.
  263. .Pp
  264. When writing a hook, the values of
  265. .Em args ,
  266. .Em stdin ,
  267. .Em stdin_str ,
  268. .Em stdout
  269. and
  270. .Em stderr
  271. are considered as template strings whereas
  272. .Em cmd
  273. is not. The template syntax is
  274. .Em Handlebars .
  275. See the
  276. .Sx STANDARDS
  277. section for a link to the
  278. .Em Handlebars
  279. specifications.
  280. .Pp
  281. The available types and the associated template variable are described below.
  282. .Bl -tag
  283. .It Ic challenge-http-01
  284. Invoked when the ownership of an identifier must be proved using the
  285. .Em http-01
  286. challenge. The available template variables are:
  287. .Bl -tag -compact
  288. .It Cm challenge Ar string
  289. The name of the challenge type
  290. .Aq http-01 .
  291. Mostly used in hooks with multiple types.
  292. .It Cm identifier Ar string
  293. The identifier name whom ownership is currently being validated.
  294. .It Cm identifier_tls_alpn Ar string
  295. The identifier name whom ownership is currently being validated, in a form suitable for the TLS ALPN challenge.
  296. .It Cm env Ar array
  297. Array containing all the environment variables.
  298. .It Cm file_name Ar string
  299. Name of the file containing the proof. This is not a full path and does not include the
  300. .Ql .well-known/acme-challenge/
  301. prefix.
  302. .It Cm is_clean_hook Ar bool
  303. False
  304. .It Cm proof Ar string
  305. The content of the proof that must be written to
  306. .Em file_name .
  307. .El
  308. .It Ic challenge-http-01-clean
  309. Invoked once an identifier ownership has been proven using the
  310. .Em http-01
  311. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  312. .Em challenge-http-01
  313. hook, excepted
  314. .Em is_clean_hook
  315. which is set to
  316. .Em true .
  317. .It Ic challenge-dns-01
  318. Invoked when the ownership of an identifier must be proved using the
  319. .Em dns-01
  320. challenge. The available template variables are:
  321. .Bl -tag -compact
  322. .It Cm challenge Ar string
  323. The name of the challenge type
  324. .Aq dns-01 .
  325. Mostly used in hooks with multiple types.
  326. .It Cm identifier Ar string
  327. The identifier name whom ownership is currently being validated.
  328. .It Cm identifier_tls_alpn Ar string
  329. The identifier name whom ownership is currently being validated, in a form suitable for the TLS ALPN challenge.
  330. .It Cm env Ar array
  331. Array containing all the environment variables.
  332. .It Cm is_clean_hook Ar bool
  333. False
  334. .It Cm proof Ar string
  335. The content of the proof that must be written to a
  336. .Ql TXT
  337. entry of the DNS zone for the
  338. .Ql _acme-challenge
  339. subdomain.
  340. .El
  341. .It Ic challenge-dns-01-clean
  342. Invoked once an identifier ownership has been proven using the
  343. .Em dns-01
  344. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  345. .Em challenge-dns-01
  346. hook, excepted
  347. .Em is_clean_hook
  348. which is set to
  349. .Em true .
  350. .It Ic challenge-tls-alpn-01
  351. Invoked when the ownership of an identifier must be proved using the
  352. .Em tls-alpn-01
  353. challenge. The available template variables are:
  354. .Bl -tag -compact
  355. .It Cm challenge Ar string
  356. The name of the challenge type
  357. .Aq tls-alpn-01 .
  358. Mostly used in hooks with multiple types.
  359. .It Cm identifier Ar string
  360. The identifier name whom ownership is currently being validated.
  361. .It Cm identifier_tls_alpn Ar string
  362. The identifier name whom ownership is currently being validated, in a form suitable for the TLS ALPN challenge.
  363. .It Cm env Ar array
  364. Array containing all the environment variables.
  365. .It Cm is_clean_hook Ar bool
  366. False
  367. .It Cm proof Ar string
  368. Plain-text representation of the
  369. .Em acmeIdentifier
  370. extension that should be used in the self-signed certificate presented when a TLS connection is initiated with the
  371. .Qd acme-tls/1
  372. ALPN extension value.
  373. .Xr acmed 8
  374. will not generate the certificate itself since it can be done using
  375. .Xr tacd 8 .
  376. .El
  377. .It Ic challenge-tls-alpn-01-clean
  378. Invoked once an identifier ownership has been proven using the
  379. .Em tls-alpn-01
  380. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  381. .Em challenge-tls-alpn-01
  382. hook, excepted
  383. .Em is_clean_hook
  384. which is set to
  385. .Em true .
  386. .It Ic file-pre-create
  387. Invoked
  388. .Em before
  389. a non-existent file
  390. .Em created .
  391. The available template variables are:
  392. .Bl -tag -compact
  393. .It Cm env Ar array
  394. Array containing all the environment variables.
  395. .It Cm file_directory Ar string
  396. Name of the directory where the impacted file is located.
  397. .It Cm file_name Ar string
  398. Name of the impacted file.
  399. .It Cm file_path Ar string
  400. Full path to the impacted file.
  401. .El
  402. .It Ic file-pre-edit
  403. Invoked
  404. .Em before
  405. an existent file
  406. .Em modified .
  407. The available template variables are the same as those available for the
  408. .Em file-pre-create
  409. type.
  410. .It Ic file-post-create
  411. Invoked
  412. .Em after
  413. a non-existent file
  414. .Em created .
  415. The available template variables are the same as those available for the
  416. .Em file-pre-create
  417. type.
  418. .It Ic file-post-edit
  419. Invoked
  420. .Em after
  421. an existent file
  422. .Em modified .
  423. The available template variables are the same as those available for the
  424. .Em file-pre-create
  425. type.
  426. .It Ic post-operation
  427. Invoked at the end of the certificate request process. The available template variables are:
  428. .Bl -tag -compact
  429. .It Cm algorithm Ar string
  430. Name of the algorithm used in the certificate.
  431. .It Cm identifiers Ar string
  432. Array containing the identifiers included in the requested certificate.
  433. .It Cm env Ar array
  434. Array containing all the environment variables.
  435. .It Cm is_success Ar boolean
  436. True if the certificate request is successful.
  437. .It Cm status Ar string
  438. Human-readable status. If the certificate request failed, it contains the error description.
  439. .El
  440. .El
  441. .Sh DEFAULT HOOKS
  442. Because many people have the same needs, ACMEd comes with a set of hooks that should serve most situations. Hook names being unique, the following names and any other name starting by those is reserved and should not be used.
  443. .Bl -tag
  444. .It Pa git
  445. This hook uses
  446. .Xr git 1
  447. to archive private keys, public keys and certificates. It is possible to customize the commit username and email by using respectively the
  448. .Ev GIT_USERNAME
  449. and
  450. .Ev GIT_EMAIL
  451. environment variables.
  452. .It Pa http-01-echo
  453. This hook is designed to solve the http-01 challenge. For this purpose, it will write the proof into
  454. .Pa {{env.HTTP_ROOT}}/{{identifier}}/.well-known/acme-challenge/{{file_name}} .
  455. .Pp
  456. The web server must be configured so the file
  457. .Pa http://{{identifier}}/.well-known/acme-challenge/{{file_name}}
  458. can be accessed from the CA.
  459. .Pp
  460. If
  461. .Ev HTTP_ROOT
  462. is not specified, it will be set to
  463. .Pa /var/www .
  464. .It Pa tls-alpn-01-tacd-tcp
  465. This hook is designed to solve the tls-alpn-01 challenge using
  466. .Xr tacd 8 .
  467. It requires
  468. .Xr pkill 1
  469. to support the
  470. .Em Ar -F
  471. option.
  472. .Pp
  473. .Xr tacd 8
  474. will listen on the host defined by the
  475. .Ev TACD_HOST
  476. environment variable (default is the identifier to be validated) and on the port defined by the
  477. .Ev TACD_PORT
  478. environment variable (default is 5001).
  479. .Pp
  480. .Xr tacd 8
  481. will store its pid into
  482. .Pa {{TACD_PID_ROOT}}/tacd_{{identifier}}.pid .
  483. If
  484. .Ev TACD_PID_ROOT
  485. is not specified, it will be set to
  486. .Pa /run .
  487. .It Pa tls-alpn-01-tacd-unix
  488. This hook is designed to solve the tls-alpn-01 challenge using
  489. .Xr tacd 8 .
  490. It requires
  491. .Xr pkill 1
  492. to support the
  493. .Em Ar -F
  494. option.
  495. .Pp
  496. .Xr tacd 8
  497. will listen on the unix socket
  498. .Pa {{env.TACD_SOCK_ROOT}}/tacd_{{identifier}}.sock .
  499. If
  500. .Ev TACD_SOCK_ROOT
  501. is not specified, it will be set to
  502. .Pa /run .
  503. .Pp
  504. .Xr tacd 8
  505. will store its pid into
  506. .Pa {{TACD_PID_ROOT}}/tacd_{{identifier}}.pid .
  507. If
  508. .Ev TACD_PID_ROOT
  509. is not specified, it will be set to
  510. .Pa /run .
  511. .El
  512. .Sh TIME PERIODS
  513. ACMEd uses its own time period format, which is vaguely inspired by the ISO 8601 one. Periods are formatted as
  514. .Ar PM[PM...]
  515. where
  516. .Ar M
  517. is case sensitive character representing a length and
  518. .Ar P
  519. is an integer representing a multiplayer for the following length. The authorized length are:
  520. .Bl -dash -compact
  521. .It
  522. .Ar s :
  523. second
  524. .It
  525. .Ar m :
  526. minute
  527. .It
  528. .Ar h :
  529. hour
  530. .It
  531. .Ar d :
  532. day
  533. .It
  534. .Ar w :
  535. week
  536. .El
  537. The
  538. .Ar PM
  539. couples can be specified multiple times and in any order.
  540. .Pp
  541. For example,
  542. .Dq 1d42s and
  543. .Dq 40s20h4h2s
  544. both represents a period of one day and forty-two seconds.
  545. .Sh FILES
  546. .Bl -tag
  547. .It Pa /etc/acmed/acmed.toml
  548. Default
  549. .Xr acmed 8
  550. configuration file.
  551. .It Pa /etc/acmed/accounts
  552. Default accounts private and public keys directory.
  553. .It Pa /etc/acmed/certs
  554. Default certificates and associated private keys directory.
  555. .Sh EXAMPLES
  556. The following example defines a typical endpoint, account and certificate for a domain, several subdomains and an IP address.
  557. .Bd -literal -offset indent
  558. [[endpoint]]
  559. name = "example name"
  560. url = "https://acme.example.org/directory"
  561. tos_agreed = true
  563. [[account]]
  564. name = "my test account"
  565. email = "certs@exemple.net"
  567. [[certificate]]
  568. endpoint = "example name"
  569. account = "my test account"
  570. identifiers = [
  571. { dns = "exemple.net", challenge = "http-01"},
  572. { dns = "1.exemple.net", challenge = "dns-01"},
  573. { dns = "2.exemple.net", challenge = "tls-alpn-01", env.TACD_PORT="5010"},
  574. { dns = "3.exemple.net", challenge = "tls-alpn-01", env.TACD_PORT="5011"},
  575. { ip = "203.0.113.1", challenge = "http-01"},
  576. ]
  577. hooks = ["git", "http-01-echo", "tls-alpn-01-tacd-tcp", "some-dns-01-hook"]
  578. env.HTTP_ROOT = "/srv/http"
  579. .Ed
  580. .Pp
  581. It is possible to use
  582. .Xr echo 1
  583. to solve the
  584. .Em http-01
  585. challenge and
  586. .Xr rm 1
  587. to clean it.
  588. .Xr mkdir 1
  589. and
  590. .Xr chmod 1
  591. are used to prevent issues related to file access.
  592. .Bd -literal -offset indent
  593. [[hook]]
  594. name = "http-01-echo-mkdir"
  595. type = ["challenge-http-01"]
  596. cmd = "mkdir"
  597. args = [
  598. "-m", "0755",
  599. "-p", "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge"
  600. ]
  602. [[hook]]
  603. name = "http-01-echo-echo"
  604. type = ["challenge-http-01"]
  605. cmd = "echo"
  606. args = ["{{proof}}"]
  607. stdout = "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge/{{file_name}}"
  609. [[hook]]
  610. name = "http-01-echo-chmod"
  611. type = ["challenge-http-01-clean"]
  612. cmd = "chmod"
  613. args = [
  614. "a+r",
  615. "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge/{{file_name}}"
  616. ]
  618. [[hook]]
  619. name = "http-01-echo-clean"
  620. type = ["challenge-http-01-clean"]
  621. cmd = "rm"
  622. args = [
  623. "-f",
  624. "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge/{{file_name}}"
  625. ]
  626. .Ed
  627. .Pp
  628. The hooks from the previous example can be grouped in order to reduce the number of hooks to define in the certificate.
  629. .Bd -literal -offset indent
  630. [[group]]
  631. name = "http-01-echo-var-www"
  632. hooks = [
  633. "http-01-echo-mkdir",
  634. "http-01-echo-echo",
  635. "http-01-echo-chmod",
  636. "http-01-echo-clean"
  637. ]
  639. [[certificate]]
  640. # Some fields omitted
  641. hooks = ["http-01-echo"]
  642. env.HTTP_ROOT = "/srv/http"
  643. .Ed
  644. .Pp
  646. It is also possible to use
  647. .Xr sendmail 8
  648. in a hook in order to notif someone when the certificate request process is done.
  649. .Bd -literal -offset indent
  650. [[hook]]
  651. name = "email-report"
  652. type = ["post-operation"]
  653. cmd = "sendmail"
  654. args = [
  655. "-f", "noreply.certs@example.net",
  656. "contact@example.net"
  657. ]
  658. stdin_str = """Subject: Certificate renewal {{#if is_success}}succeeded{{else}}failed{{/if}} for {{identifiers.[0]}}
  660. The following certificate has {{#unless is_success}}*not* {{/unless}}been renewed.
  661. identifiers: {{#each identifiers}}{{#if @index}}, {{/if}}{{this}}{{/each}}
  662. algorithm: {{algorithm}}
  663. status: {{status}}"""
  664. .Ed
  665. .Sh SEE ALSO
  666. .Xr acmed 8 ,
  667. .Xr tacd 8
  668. .Sh STANDARDS
  669. .Bl
  670. .It
  671. .Rs
  672. .%A Tom Preston-Werner
  673. .%D July 2018
  674. .%T TOML v0.5.0
  675. .%U https://github.com/toml-lang/toml
  676. .Re
  677. .It
  678. .Rs
  679. .%A Yehuda Katz
  680. .%T Handlebars
  681. .%U https://handlebarsjs.com/
  682. .Re
  683. .It
  684. .Rs
  685. .%A M. Jones
  686. .%D May 2015
  687. .%R RFC 7518
  688. .%T JSON Web Algorithms (JWA)
  689. .Re
  690. .El
  691. .Sh AUTHORS
  692. .An Rodolphe Bréard
  693. .Aq rodolphe@breard.tf