mirror of
https://github.com/certbot/certbot.git
synced 2026-01-26 07:41:33 +03:00
Remove trailing spaces from docs (#9064)
This commit is contained in:
Piotr Kasprzyk
GitHub
@@ -1,16 +1,16 @@
|
||||
Challenges
|
||||
==========
|
||||
|
||||
To receive a certificate from Let's Encrypt certificate authority (CA), you must pass a *challenge* to
|
||||
prove you control each of the domain names that will be listed in the certificate. A challenge is one of
|
||||
To receive a certificate from Let's Encrypt certificate authority (CA), you must pass a *challenge* to
|
||||
prove you control each of the domain names that will be listed in the certificate. A challenge is one of
|
||||
a list of specified tasks that only someone who controls the domain should be able to accomplish, such as:
|
||||
|
||||
* Posting a specified file in a specified location on a web site (the HTTP-01 challenge)
|
||||
* Posting a specified DNS record in the domain name system (the DNS-01 challenge)
|
||||
|
||||
It’s possible to complete each type of challenge *automatically* (Certbot directly makes the necessary
|
||||
changes itself, or runs another program that does so), or *manually* (Certbot tells you to make a
|
||||
certain change, and you edit a configuration file of some kind in order to accomplish it). Certbot's
|
||||
It’s possible to complete each type of challenge *automatically* (Certbot directly makes the necessary
|
||||
changes itself, or runs another program that does so), or *manually* (Certbot tells you to make a
|
||||
certain change, and you edit a configuration file of some kind in order to accomplish it). Certbot's
|
||||
design favors performing challenges automatically, and this is the normal case for most users of Certbot.
|
||||
|
||||
Some plugins offer an *authenticator*, meaning that they can satisfy challenges:
|
||||
@@ -22,29 +22,29 @@ Some plugins offer an *authenticator*, meaning that they can satisfy challenges:
|
||||
satisfy challenges from the certificate authority. Use the nginx plugin when you're running Certbot on a
|
||||
web server with nginx listening on port 80.
|
||||
* Webroot plugin: (HTTP-01) Tries to place a file where it can be served over HTTP on port 80 by a
|
||||
web server running on your system. Use the Webroot plugin when you're running Certbot on
|
||||
web server running on your system. Use the Webroot plugin when you're running Certbot on
|
||||
a web server with any server application listening on port 80 serving files from a folder on disk in response.
|
||||
* Standalone plugin: (HTTP-01) Tries to run a temporary web server listening on HTTP on port 80. Use the
|
||||
Standalone plugin if no existing program is listening to this port.
|
||||
* Manual plugin: (DNS-01 or HTTP-01) Either tells you what changes to make to your configuration or updates
|
||||
your DNS records using an external script (for DNS-01) or your webroot (for HTTP-01). Use the Manual
|
||||
* Manual plugin: (DNS-01 or HTTP-01) Either tells you what changes to make to your configuration or updates
|
||||
your DNS records using an external script (for DNS-01) or your webroot (for HTTP-01). Use the Manual
|
||||
plugin if you have the technical knowledge to make configuration changes yourself when asked to do so,
|
||||
and are prepared to repeat these steps every time the certificate needs to be renewed.
|
||||
and are prepared to repeat these steps every time the certificate needs to be renewed.
|
||||
|
||||
Tips for Challenges
|
||||
-------------------
|
||||
General tips:
|
||||
|
||||
* Run Certbot on your web server, not on your laptop or another server. It’s usually the easiest way to get a certificate.
|
||||
* Use a tool like the DNSchecker at dnsstuff.com to check your DNS records to make sure
|
||||
there are no serious errors. A DNS error can prevent a certificate authority from
|
||||
* Use a tool like the DNSchecker at dnsstuff.com to check your DNS records to make sure
|
||||
there are no serious errors. A DNS error can prevent a certificate authority from
|
||||
issuing a certificate, even if it does not prevent your site from loading in a browser.
|
||||
* If you are using Apache or NGINX plugins, make sure the configuration of your Apache or NGINX server is correct.
|
||||
|
||||
HTTP-01 Challenge
|
||||
~~~~~~~~~~~~~~~~~
|
||||
|
||||
* Make sure the domain name exists and is already pointed to the public IP address of the server where
|
||||
* Make sure the domain name exists and is already pointed to the public IP address of the server where
|
||||
you’re requesting the certificate.
|
||||
* Make sure port 80 is open, publicly reachable from the Internet, and not blocked by a router or firewall.
|
||||
* When using the Webroot plugin or the manual plugin, make sure the the webroot directory exists and that you
|
||||
@@ -52,12 +52,12 @@ HTTP-01 Challenge
|
||||
then a file placed in `/var/www/example.com/.well-known/acme-challenge/testfile` should appear on
|
||||
your web site at `http://example.com/.well-known/acme-challenge/testfile` (A redirection to HTTPS
|
||||
is OK here and should not stop the challenge from working.)
|
||||
* In some web server configurations, all pages are dynamically generated by some kind of framework,
|
||||
usually using a database backend. In this case, there might not be a particular directory
|
||||
from which the web server can serve filesdirectly. Using the Webroot plugin in this case
|
||||
* In some web server configurations, all pages are dynamically generated by some kind of framework,
|
||||
usually using a database backend. In this case, there might not be a particular directory
|
||||
from which the web server can serve filesdirectly. Using the Webroot plugin in this case
|
||||
requires making a change to your web server configuration first.
|
||||
* Make sure your web server serves files properly from the directory where the challenge
|
||||
file is placed (e. g. `/.well-known/acme-challenge`) to the expected location on the
|
||||
* Make sure your web server serves files properly from the directory where the challenge
|
||||
file is placed (e. g. `/.well-known/acme-challenge`) to the expected location on the
|
||||
website without adding a header or footer.
|
||||
* When using the Standalone plugin, make sure another program is not already listening to port 80 on the server.
|
||||
* When using the Webroot plugin, make sure there is a web server listening on port 80.
|
||||
@@ -65,6 +65,6 @@ HTTP-01 Challenge
|
||||
DNS-01 Challenge
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
* When using the manual plugin, make sure your DNS records are correctly updated;
|
||||
* When using the manual plugin, make sure your DNS records are correctly updated;
|
||||
you must be able to make appropriate changes to your DNS zone in order to pass the challenge.
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
usage:
|
||||
usage:
|
||||
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
|
||||
|
||||
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
What is a Certificate?
|
||||
======================
|
||||
|
||||
A public key or digital *certificate* (formerly called an SSL certificate) uses a public key
|
||||
and a private key to enable secure communication between a client program (web browser, email client,
|
||||
A public key or digital *certificate* (formerly called an SSL certificate) uses a public key
|
||||
and a private key to enable secure communication between a client program (web browser, email client,
|
||||
etc.) and a server over an encrypted SSL (secure socket layer) or TLS (transport layer security) connection.
|
||||
The certificate is used both to encrypt the initial stage of communication (secure key exchange)
|
||||
The certificate is used both to encrypt the initial stage of communication (secure key exchange)
|
||||
and to identify the server. The certificate
|
||||
includes information about the key, information about the server identity, and the digital signature
|
||||
of the certificate issuer. If the issuer is trusted by the software that initiates the communication,
|
||||
and the signature is valid, then the key can be used to communicate securely with the server identified by
|
||||
and the signature is valid, then the key can be used to communicate securely with the server identified by
|
||||
the certificate. Using a certificate is a good way to prevent "man-in-the-middle" attacks, in which
|
||||
someone in between you and the server you think you are talking to is able to insert their own (harmful)
|
||||
content.
|
||||
@@ -23,9 +23,9 @@ Certificates and Lineages
|
||||
Certbot introduces the concept of a *lineage,* which is a collection of all the versions of a certificate
|
||||
plus Certbot configuration information maintained for that certificate from
|
||||
renewal to renewal. Whenever you renew a certificate, Certbot keeps the same configuration unless
|
||||
you explicitly change it, for example by adding or removing domains. If you add domains, you can
|
||||
you explicitly change it, for example by adding or removing domains. If you add domains, you can
|
||||
either add them to an existing lineage or create
|
||||
a new one.
|
||||
a new one.
|
||||
|
||||
See also:
|
||||
:ref:`updating_certs`
|
||||
|
||||
Reference in New Issue
Block a user