Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
253 Commits
12 Branches
27 Tags
2.2 MiB
Tree: 87f97ec334
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '87f97ec334'
${ noResults }
acmed/man/en/acmed.toml.5

691 lines
21 KiB
Raw Normal View History

ACMEd v0.7.0
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
ACMEd v0.8.0
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow the config file to include other files
6 years ago
Add Unix style globing for config file inclusion Close #6
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add env variable definition in the global section
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Update the acmed.toml man page
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to define a custom delay for renewal
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add rate limits for HTTPS requests
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add rate limits for HTTPS requests
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add rate limits for HTTPS requests
6 years ago
Allow to specify the account key type and signature alg in the config
4 years ago
Allow to define a custom delay for renewal
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add an option to stop or continue after a failed hook
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Fix config key: hook_type -> type
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to give a file path in a hook's stdin There is use-cases where a command's standard input should be filled with a file's content. In order to stay consistent with the names of the other fields, `stdin` is now the field which accepts such a path. `stdin_str` has been created in order to also support the use of a raw string.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Document how certificates are identified
5 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure environment variables for a given certificate Sometimes, you want hooks to use different parameters depending on the certificate. In order to achieve this, it is now now possible to configure environment variables at certificate scope. Thanks to this, the default hooks have been rewrote in order to use cover more use cases.
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure per-domain environment variables
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure per-domain environment variables
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Allow to configure per-domain environment variables
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to specify the account key type and signature alg in the config
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to define a custom delay for renewal
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Grammar fixes
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Grammar fixes
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
acmed.toml(5): Grammar fixes
5 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to give a file path in a hook's stdin There is use-cases where a command's standard input should be filled with a file's content. In order to stay consistent with the names of the other fields, `stdin` is now the field which accepts such a path. `stdin_str` has been created in order to also support the use of a raw string.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add the is_clean_hook variable to challenge hooks
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add environment variables to hook templates
6 years ago
Add the is_success variable to post-operation hooks
6 years ago
Add environment variables to hook templates
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Document the default hooks
6 years ago
Add rate limits for HTTPS requests
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the basic certificate config example
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the basic certificate config example
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Improve the http-01-echo example If someone used the example the way it was defined, file-access issues may arise. This new example add two new hooks to fix it. The example should now work in most environment although the path may need to be adapted.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to configure environment variables for a given certificate Sometimes, you want hooks to use different parameters depending on the certificate. In order to achieve this, it is now now possible to configure environment variables at certificate scope. Thanks to this, the default hooks have been rewrote in order to use cover more use cases.
6 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Add environment variables to hook templates
6 years ago
Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
Allow to specify the account key type and signature alg in the config
4 years ago
Add man pages Documentation is a crucial point for every project, and the most effective and traditional way to document a program is to write man page. Here, the mdoc is used because it is simple. Because the documentation is quite different from the project itself, the man pages and others helpful files are distributed under a different license. For this usage, the GNU All-Permissive License is adequate. https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html man 7 groff_mdoc
6 years ago
  1. .\" Copyright (c) 2019-2020 Rodolphe Bréard <rodolphe@breard.tf>
  2. .\"
  3. .\" Copying and distribution of this file, with or without modification,
  4. .\" are permitted in any medium without royalty provided the copyright
  5. .\" notice and this notice are preserved. This file is offered as-is,
  6. .\" without any warranty.
  7. .Dd June 12, 2020
  8. .Dt ACMED.TOML 5
  9. .Os
  10. .Sh NAME
  11. .Nm acmed.toml
  12. .Nd ACMEd configuration file
  13. .Sh DESCRIPTION
  14. .Nm
  15. is the configuration file for
  16. .Xr acmed 8 .
  17. It is written in the
  18. .Em TOML
  19. format. The allowed elements are described below.
  20. .Bl -tag
  21. .It Ic include
  22. Array containing the path to configuration file to include. The path can be either relative or absolute. If relative, it is relative to the configuration file which included it.
  23. .Pp
  24. In case or overlapping global option definition, the one of the last included file will be used. For example, if a file
  25. .Em A
  26. includes files
  27. .Em B
  28. and
  29. .Em C
  30. and all three defines the same global option, the final value will be the one defined in file
  31. .Em C .
  32. .Pp
  33. Unix style globing is supported.
  34. .It Ic global
  35. Table containing the global configuration options.
  36. .Bl -tag
  37. .It Cm accounts_directory Ar string
  38. Specify the directory where the accounts private and public keys are stored.
  39. .It Cm certificates_directory Ar string
  40. Specify the directory where the certificates and their associated private keys are stored.
  41. .It Cm cert_file_mode Ar integer
  42. Specify the permissions to use for newly-created certificates files. See
  43. .Xr chmod 2
  44. for more details.
  45. .It Cm cert_file_user Ar username|user_id Ft string
  46. Specify the user who will own newly-created certificates files. See
  47. .Xr chown 2
  48. for more details.
  49. .It Cm cert_file_group Ar group_name|group_id Ft string
  50. Specify the group who will own newly-created certificates files. See
  51. .Xr chown 2
  52. for more details.
  53. .It Ic env Ar table
  54. Table of environment variables that will be accessible from hooks.
  55. .It Cm pk_file_mode Ar integer
  56. Specify the permissions to use for newly-created private-key files. See
  57. .Xr chmod 2
  58. for more details.
  59. .It Cm pk_file_user Ar username|user_id Ft string
  60. Specify the user who will own newly-created private-key files. See
  61. .Xr chown 2
  62. for more details.
  63. .It Cm pk_file_group Ar group_name|group_id Ft string
  64. Specify the group who will own newly-created private-key files. See
  65. .Xr chown 2
  66. for more details.
  67. .It Cm renew_delay Ar string
  68. Period of time between the certificate renewal and its expiration date. The format is described in the
  69. .Sx TIME PERIODS
  70. section. Default is 3w.
  71. .El
  72. .It Ic rate-limit
  73. Array of table where each element defines a HTTPS rate limit.
  74. .Bl -tag
  75. .It Cm name Ar string
  76. The name the rate limit is registered under. Must be unique.
  77. .It Cm number Ar integer
  78. Number of requests authorized withing the time period.
  79. .It Cm period Ar string
  80. Period of time during which a maximal number of requests is authorized. The format is described in the
  81. .Sx TIME PERIODS
  82. section.
  83. .El
  84. .It Ic endpoint
  85. Array of table where each element defines a Certificate Authority
  86. .Pq CA
  87. which may be used to request certificates.
  88. .Bl -tag
  89. .It Cm name Ar string
  90. The name the endpoint is registered under. Must be unique.
  91. .It Cm rate_limits Ar array
  92. Array containing the names of the HTTPS rate limits to apply.
  93. .It Cm tos_agreed Ar boolean
  94. Set whether or not the user agrees to the Terms Of Service
  95. .Pq TOS .
  96. .It Cm url Ar string
  97. The endpoint's directory URL.
  98. .It Cm key_type Ar string
  99. Name of the asymmetric cryptography algorithm used to generate the client account's key pair. Possible values are :
  100. .Bl -dash -compact
  101. .It
  102. rsa2048
  103. .It
  104. rsa4096
  105. .It
  106. ecdsa_p256
  107. .Aq default
  108. .It
  109. ecdsa_p384
  110. .El
  111. .It Cm signature_algorithm Ar string
  112. Name of the signature algorithm used to sign the messages sent to the endpoint. The default value is derived from the key type. Possible values are:
  113. .Bl -dash -compact
  114. .It
  115. RS256
  116. .It
  117. ES256
  118. .It
  119. ES384
  120. .El
  121. .It Cm renew_delay Ar string
  122. Period of time between the certificate renewal and its expiration date. The format is described in the
  123. .Sx TIME PERIODS
  124. section. Default is the value defined in the global section.
  125. .El
  126. .It Ic hook
  127. Array of table where each element defines a command that will be launched at a defined point. See section
  128. .Sx WRITING A HOOK
  129. for more details.
  130. .Bl -tag
  131. .It Cm allow_failure Ar boolean
  132. Defines if an error return value for this hook is allowed or not. If not allowed, a failure in this hook will fail the whole certificate request process. Default is false.
  133. .It Cm name Ar string
  134. The name the hook is registered under. Must be unique.
  135. .It Cm type Ar array
  136. Array of strings. Possible types are:
  137. .Bl -dash -compact
  138. .It
  139. challenge-http-01
  140. .It
  141. challenge-http-01-clean
  142. .It
  143. challenge-dns-01
  144. .It
  145. challenge-dns-01-clean
  146. .It
  147. challenge-tls-alpn-01
  148. .It
  149. challenge-tls-alpn-01-clean
  150. .It
  151. file-pre-create
  152. .It
  153. file-pre-edit
  154. .It
  155. file-post-create
  156. .It
  157. file-post-edit
  158. .It
  159. post-operation
  160. .El
  161. .It Ic cmd Ar string
  162. The name of the command that will be launched.
  163. .It Ic args Ar array
  164. Array of strings representing the command's arguments.
  165. .It Ic stdin Ar string
  166. Path to the file that will be written into the command's standard intput. Mutually exclusive with
  167. .Em stdin_str .
  168. .It Ic stdin_str Ar string
  169. String that will be written into the command's standard input. Mutually exclusive with
  170. .Em stdin .
  171. .It Ic stdout Ar string
  172. Path to the file where the command's standard output if written.
  173. .It Ic stderr Ar string
  174. Path to the file where the command's standard error output if written.
  175. .El
  176. .It Ic group
  177. Array of table allowing to group several hooks as one. A group is considered as new hook.
  178. .Bl -tag
  179. .It Cm name Ar string
  180. The name the group is registered under. This name is considered as a hook name. Must be unique.
  181. .It Cm hooks Ar array
  182. Array containing the names of the hooks that are grouped. The hooks are guaranteed to be called sequentially in the declaration order.
  183. .El
  184. .It Ic account
  185. Array of table representing an account on one or several CA.
  186. .Bl -tag
  187. .It Ic name Ar string
  188. The name the account is registered under. Must be unique.
  189. .It Ic email Ar string
  190. The email address used to contact the account's holder.
  191. .El
  192. .It Ic certificate
  193. Array of table representing a certificate that will be requested to a CA.
  194. .Pp
  195. Note that certificates are identified by the first identifier in the list of identifiers. That means that if you reorder the identifiers so that a different identifier is at the first position, a new certificate with a new name will be issued.
  196. .Bl -tag
  197. .It Ic account Ar string
  198. Name of the account to use.
  199. .It Ic endpoint Ar string
  200. Name of the endpoint to use.
  201. .It Ic env Ar table
  202. Table of environment variables that will be accessible from hooks.
  203. .It Ic identifiers Ar array
  204. Array of tables listing the identifiers that should be included in the certificate along with the challenge to use for each one. The
  205. .Em dns
  206. and
  207. .Em ip
  208. fields are mutually exclusive.
  209. .Bl -tag
  210. .It Ic challenge Ar string
  211. The name of the challenge to use to prove the identifier's ownership. Possible values are:
  212. .Bl -dash -compact
  213. .It
  214. http-01
  215. .It
  216. dns-01
  217. .It
  218. tls-alpn-01
  219. .El
  220. .It Ic dns Ar string
  221. The domain name.
  222. .It Ic ip Ar string
  223. The IP address.
  224. .It Ic env Ar table
  225. Table of environment variables that will be accessible from hooks.
  226. .El
  227. .It Ic algorithm Ar string
  228. Name of the asymmetric cryptography algorithm used to generate the certificate's key pair. Possible values are :
  229. .Bl -dash -compact
  230. .It
  231. rsa2048
  232. .Aq default
  233. .It
  234. rsa4096
  235. .It
  236. ecdsa_p256
  237. .It
  238. ecdsa_p384
  239. .El
  240. .It Ic kp_reuse Ar boolean
  241. Set whether or not the private key should be reused when renewing the certificate. Default is false.
  242. .It Ic directory Ar string
  243. Path to the directory where certificates and their associated private keys are stored.
  244. .It Ic hooks Ar array
  245. Names of hooks that will be called when requesting a new certificate. The hooks are guaranteed to be called sequentially in the declaration order.
  246. .It Cm renew_delay Ar string
  247. Period of time between the certificate renewal and its expiration date. The format is described in the
  248. .Sx TIME PERIODS
  249. section. Default is the value defined in the associated endpoint.
  250. .El
  251. .Sh WRITING A HOOK
  252. When requesting a certificate from a CA using ACME, there are three steps that are hard to automatize. The first one is solving challenges in order to prove the ownership of every identifier to be included: it requires to interact with the configuration of other services, hence depends on how the infrastructure works. The second one is restarting all the services that use a given certificate, for the same reason. The last one is archiving: although several default methods can be implemented, sometimes admins wants or are required to do it in a different way.
  253. .Pp
  254. In order to allow full automation of the three above steps without imposing arbitrary restrictions or methods,
  255. .Xr acmed 8
  256. uses hooks. Fundamentally, a hook is a command line template that will be called at a specific time of the process. Such an approach allows admins to use any executable script or program located on the machine to customize the process.
  257. .Pp
  258. For a given certificate, hooks are guaranteed to be called sequentially in the declaration order. It is therefore possible to have a hook that depends on another one. Nevertheless, several certificates may be renewed at the same time. Hence, hooks shall not use globing or any other action that may disrupt hooks called by a different certificate.
  259. .Pp
  260. A hook has a type that will influence both the moment it is called and the available template variables. It is possible to declare several types. In such a case, the hook will be invoked whenever one of its type request it. When called, the hook only have access to template variable for the current type. If a hook uses a template variable that does not exists for the current type it is invoked for, the variable is empty.
  261. .Pp
  262. When writing a hook, the values of
  263. .Em args ,
  264. .Em stdin ,
  265. .Em stdin_str ,
  266. .Em stdout
  267. and
  268. .Em stderr
  269. are considered as template strings whereas
  270. .Em cmd
  271. is not. The template syntax is
  272. .Em Handlebars .
  273. See the
  274. .Sx STANDARDS
  275. section for a link to the
  276. .Em Handlebars
  277. specifications.
  278. .Pp
  279. The available types and the associated template variable are described below.
  280. .Bl -tag
  281. .It Ic challenge-http-01
  282. Invoked when the ownership of an identifier must be proved using the
  283. .Em http-01
  284. challenge. The available template variables are:
  285. .Bl -tag -compact
  286. .It Cm challenge Ar string
  287. The name of the challenge type
  288. .Aq http-01 .
  289. Mostly used in hooks with multiple types.
  290. .It Cm identifier Ar string
  291. The identifier name whom ownership is currently being validated.
  292. .It Cm identifier_tls_alpn Ar string
  293. The identifier name whom ownership is currently being validated, in a form suitable for the TLS ALPN challenge.
  294. .It Cm env Ar array
  295. Array containing all the environment variables.
  296. .It Cm file_name Ar string
  297. Name of the file containing the proof. This is not a full path and does not include the
  298. .Ql .well-known/acme-challenge/
  299. prefix.
  300. .It Cm is_clean_hook Ar bool
  301. False
  302. .It Cm proof Ar string
  303. The content of the proof that must be written to
  304. .Em file_name .
  305. .El
  306. .It Ic challenge-http-01-clean
  307. Invoked once an identifier ownership has been proven using the
  308. .Em http-01
  309. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  310. .Em challenge-http-01
  311. hook, excepted
  312. .Em is_clean_hook
  313. which is set to
  314. .Em true .
  315. .It Ic challenge-dns-01
  316. Invoked when the ownership of an identifier must be proved using the
  317. .Em dns-01
  318. challenge. The available template variables are:
  319. .Bl -tag -compact
  320. .It Cm challenge Ar string
  321. The name of the challenge type
  322. .Aq dns-01 .
  323. Mostly used in hooks with multiple types.
  324. .It Cm identifier Ar string
  325. The identifier name whom ownership is currently being validated.
  326. .It Cm identifier_tls_alpn Ar string
  327. The identifier name whom ownership is currently being validated, in a form suitable for the TLS ALPN challenge.
  328. .It Cm env Ar array
  329. Array containing all the environment variables.
  330. .It Cm is_clean_hook Ar bool
  331. False
  332. .It Cm proof Ar string
  333. The content of the proof that must be written to a
  334. .Ql TXT
  335. entry of the DNS zone for the
  336. .Ql _acme-challenge
  337. subdomain.
  338. .El
  339. .It Ic challenge-dns-01-clean
  340. Invoked once an identifier ownership has been proven using the
  341. .Em dns-01
  342. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  343. .Em challenge-dns-01
  344. hook, excepted
  345. .Em is_clean_hook
  346. which is set to
  347. .Em true .
  348. .It Ic challenge-tls-alpn-01
  349. Invoked when the ownership of an identifier must be proved using the
  350. .Em tls-alpn-01
  351. challenge. The available template variables are:
  352. .Bl -tag -compact
  353. .It Cm challenge Ar string
  354. The name of the challenge type
  355. .Aq tls-alpn-01 .
  356. Mostly used in hooks with multiple types.
  357. .It Cm identifier Ar string
  358. The identifier name whom ownership is currently being validated.
  359. .It Cm identifier_tls_alpn Ar string
  360. The identifier name whom ownership is currently being validated, in a form suitable for the TLS ALPN challenge.
  361. .It Cm env Ar array
  362. Array containing all the environment variables.
  363. .It Cm is_clean_hook Ar bool
  364. False
  365. .It Cm proof Ar string
  366. Plain-text representation of the
  367. .Em acmeIdentifier
  368. extension that should be used in the self-signed certificate presented when a TLS connection is initiated with the
  369. .Qd acme-tls/1
  370. ALPN extension value.
  371. .Xr acmed 8
  372. will not generate the certificate itself since it can be done using
  373. .Xr tacd 8 .
  374. .El
  375. .It Ic challenge-tls-alpn-01-clean
  376. Invoked once an identifier ownership has been proven using the
  377. .Em tls-alpn-01
  378. challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding
  379. .Em challenge-tls-alpn-01
  380. hook, excepted
  381. .Em is_clean_hook
  382. which is set to
  383. .Em true .
  384. .It Ic file-pre-create
  385. Invoked
  386. .Em before
  387. a non-existent file
  388. .Em created .
  389. The available template variables are:
  390. .Bl -tag -compact
  391. .It Cm env Ar array
  392. Array containing all the environment variables.
  393. .It Cm file_directory Ar string
  394. Name of the directory where the impacted file is located.
  395. .It Cm file_name Ar string
  396. Name of the impacted file.
  397. .It Cm file_path Ar string
  398. Full path to the impacted file.
  399. .El
  400. .It Ic file-pre-edit
  401. Invoked
  402. .Em before
  403. an existent file
  404. .Em modified .
  405. The available template variables are the same as those available for the
  406. .Em file-pre-create
  407. type.
  408. .It Ic file-post-create
  409. Invoked
  410. .Em after
  411. a non-existent file
  412. .Em created .
  413. The available template variables are the same as those available for the
  414. .Em file-pre-create
  415. type.
  416. .It Ic file-post-edit
  417. Invoked
  418. .Em after
  419. an existent file
  420. .Em modified .
  421. The available template variables are the same as those available for the
  422. .Em file-pre-create
  423. type.
  424. .It Ic post-operation
  425. Invoked at the end of the certificate request process. The available template variables are:
  426. .Bl -tag -compact
  427. .It Cm algorithm Ar string
  428. Name of the algorithm used in the certificate.
  429. .It Cm identifiers Ar string
  430. Array containing the identifiers included in the requested certificate.
  431. .It Cm env Ar array
  432. Array containing all the environment variables.
  433. .It Cm is_success Ar boolean
  434. True if the certificate request is successful.
  435. .It Cm status Ar string
  436. Human-readable status. If the certificate request failed, it contains the error description.
  437. .El
  438. .El
  439. .Sh DEFAULT HOOKS
  440. Because many people have the same needs, ACMEd comes with a set of hooks that should serve most situations. Hook names being unique, the following names and any other name starting by those is reserved and should not be used.
  441. .Bl -tag
  442. .It Pa git
  443. This hook uses
  444. .Xr git 1
  445. to archive private keys, public keys and certificates. It is possible to customize the commit username and email by using respectively the
  446. .Ev GIT_USERNAME
  447. and
  448. .Ev GIT_EMAIL
  449. environment variables.
  450. .It Pa http-01-echo
  451. This hook is designed to solve the http-01 challenge. For this purpose, it will write the proof into
  452. .Pa {{env.HTTP_ROOT}}/{{identifier}}/.well-known/acme-challenge/{{file_name}} .
  453. .Pp
  454. The web server must be configured so the file
  455. .Pa http://{{identifier}}/.well-known/acme-challenge/{{file_name}}
  456. can be accessed from the CA.
  457. .Pp
  458. If
  459. .Ev HTTP_ROOT
  460. is not specified, it will be set to
  461. .Pa /var/www .
  462. .It Pa tls-alpn-01-tacd-tcp
  463. This hook is designed to solve the tls-alpn-01 challenge using
  464. .Xr tacd 8 .
  465. It requires
  466. .Xr pkill 1
  467. to support the
  468. .Em Ar -F
  469. option.
  470. .Pp
  471. .Xr tacd 8
  472. will listen on the host defined by the
  473. .Ev TACD_HOST
  474. environment variable (default is the identifier to be validated) and on the port defined by the
  475. .Ev TACD_PORT
  476. environment variable (default is 5001).
  477. .Pp
  478. .Xr tacd 8
  479. will store its pid into
  480. .Pa {{TACD_PID_ROOT}}/tacd_{{identifier}}.pid .
  481. If
  482. .Ev TACD_PID_ROOT
  483. is not specified, it will be set to
  484. .Pa /run .
  485. .It Pa tls-alpn-01-tacd-unix
  486. This hook is designed to solve the tls-alpn-01 challenge using
  487. .Xr tacd 8 .
  488. It requires
  489. .Xr pkill 1
  490. to support the
  491. .Em Ar -F
  492. option.
  493. .Pp
  494. .Xr tacd 8
  495. will listen on the unix socket
  496. .Pa {{env.TACD_SOCK_ROOT}}/tacd_{{identifier}}.sock .
  497. If
  498. .Ev TACD_SOCK_ROOT
  499. is not specified, it will be set to
  500. .Pa /run .
  501. .Pp
  502. .Xr tacd 8
  503. will store its pid into
  504. .Pa {{TACD_PID_ROOT}}/tacd_{{identifier}}.pid .
  505. If
  506. .Ev TACD_PID_ROOT
  507. is not specified, it will be set to
  508. .Pa /run .
  509. .El
  510. .Sh TIME PERIODS
  511. ACMEd uses its own time period format, which is vaguely inspired by the ISO 8601 one. Periods are formatted as
  512. .Ar PM[PM...]
  513. where
  514. .Ar M
  515. is case sensitive character representing a length and
  516. .Ar P
  517. is an integer representing a multiplayer for the following length. The authorized length are:
  518. .Bl -dash -compact
  519. .It
  520. .Ar s :
  521. second
  522. .It
  523. .Ar m :
  524. minute
  525. .It
  526. .Ar h :
  527. hour
  528. .It
  529. .Ar d :
  530. day
  531. .It
  532. .Ar w :
  533. week
  534. .El
  535. The
  536. .Ar PM
  537. couples can be specified multiple times and in any order.
  538. .Pp
  539. For example,
  540. .Dq 1d42s and
  541. .Dq 40s20h4h2s
  542. both represents a period of one day and forty-two seconds.
  543. .Sh FILES
  544. .Bl -tag
  545. .It Pa /etc/acmed/acmed.toml
  546. Default
  547. .Xr acmed 8
  548. configuration file.
  549. .It Pa /etc/acmed/accounts
  550. Default accounts private and public keys directory.
  551. .It Pa /etc/acmed/certs
  552. Default certificates and associated private keys directory.
  553. .Sh EXAMPLES
  554. The following example defines a typical endpoint, account and certificate for a domain, several subdomains and an IP address.
  555. .Bd -literal -offset indent
  556. [[endpoint]]
  557. name = "example name"
  558. url = "https://acme.example.org/directory"
  559. tos_agreed = true
  561. [[account]]
  562. name = "my test account"
  563. email = "certs@exemple.net"
  565. [[certificate]]
  566. endpoint = "example name"
  567. account = "my test account"
  568. identifiers = [
  569. { dns = "exemple.net", challenge = "http-01"},
  570. { dns = "1.exemple.net", challenge = "dns-01"},
  571. { dns = "2.exemple.net", challenge = "tls-alpn-01", env.TACD_PORT="5010"},
  572. { dns = "3.exemple.net", challenge = "tls-alpn-01", env.TACD_PORT="5011"},
  573. { ip = "203.0.113.1", challenge = "http-01"},
  574. ]
  575. hooks = ["git", "http-01-echo", "tls-alpn-01-tacd-tcp", "some-dns-01-hook"]
  576. env.HTTP_ROOT = "/srv/http"
  577. .Ed
  578. .Pp
  579. It is possible to use
  580. .Xr echo 1
  581. to solve the
  582. .Em http-01
  583. challenge and
  584. .Xr rm 1
  585. to clean it.
  586. .Xr mkdir 1
  587. and
  588. .Xr chmod 1
  589. are used to prevent issues related to file access.
  590. .Bd -literal -offset indent
  591. [[hook]]
  592. name = "http-01-echo-mkdir"
  593. type = ["challenge-http-01"]
  594. cmd = "mkdir"
  595. args = [
  596. "-m", "0755",
  597. "-p", "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge"
  598. ]
  600. [[hook]]
  601. name = "http-01-echo-echo"
  602. type = ["challenge-http-01"]
  603. cmd = "echo"
  604. args = ["{{proof}}"]
  605. stdout = "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge/{{file_name}}"
  607. [[hook]]
  608. name = "http-01-echo-chmod"
  609. type = ["challenge-http-01-clean"]
  610. cmd = "chmod"
  611. args = [
  612. "a+r",
  613. "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge/{{file_name}}"
  614. ]
  616. [[hook]]
  617. name = "http-01-echo-clean"
  618. type = ["challenge-http-01-clean"]
  619. cmd = "rm"
  620. args = [
  621. "-f",
  622. "{{%if env.HTTP_ROOT}}{{env.HTTP_ROOT}}{{else}}/var/www{{/if}}/{{identifier}}/.well-known/acme-challenge/{{file_name}}"
  623. ]
  624. .Ed
  625. .Pp
  626. The hooks from the previous example can be grouped in order to reduce the number of hooks to define in the certificate.
  627. .Bd -literal -offset indent
  628. [[group]]
  629. name = "http-01-echo-var-www"
  630. hooks = [
  631. "http-01-echo-mkdir",
  632. "http-01-echo-echo",
  633. "http-01-echo-chmod",
  634. "http-01-echo-clean"
  635. ]
  637. [[certificate]]
  638. # Some fields omitted
  639. hooks = ["http-01-echo"]
  640. env.HTTP_ROOT = "/srv/http"
  641. .Ed
  642. .Pp
  644. It is also possible to use
  645. .Xr sendmail 8
  646. in a hook in order to notif someone when the certificate request process is done.
  647. .Bd -literal -offset indent
  648. [[hook]]
  649. name = "email-report"
  650. type = ["post-operation"]
  651. cmd = "sendmail"
  652. args = [
  653. "-f", "noreply.certs@example.net",
  654. "contact@example.net"
  655. ]
  656. stdin_str = """Subject: Certificate renewal {{#if is_success}}succeeded{{else}}failed{{/if}} for {{identifiers.[0]}}
  658. The following certificate has {{#unless is_success}}*not* {{/unless}}been renewed.
  659. identifiers: {{#each identifiers}}{{#if @index}}, {{/if}}{{this}}{{/each}}
  660. algorithm: {{algorithm}}
  661. status: {{status}}"""
  662. .Ed
  663. .Sh SEE ALSO
  664. .Xr acmed 8 ,
  665. .Xr tacd 8
  666. .Sh STANDARDS
  667. .Bl
  668. .It
  669. .Rs
  670. .%A Tom Preston-Werner
  671. .%D July 2018
  672. .%T TOML v0.5.0
  673. .%U https://github.com/toml-lang/toml
  674. .Re
  675. .It
  676. .Rs
  677. .%A Yehuda Katz
  678. .%T Handlebars
  679. .%U https://handlebarsjs.com/
  680. .Re
  681. .It
  682. .Rs
  683. .%A M. Jones
  684. .%D May 2015
  685. .%R RFC 7518
  686. .%T JSON Web Algorithms (JWA)
  687. .Re
  688. .El
  689. .Sh AUTHORS
  690. .An Rodolphe Bréard
  691. .Aq rodolphe@breard.tf