We put *a lot* of work in so that a simple search & replace of example.com in
acme-client.conf and httpd.conf examples would give a working configuration.
So I would object to the previous diff.
I'm not convinced this one will help(*) but no objection from me either.
*) People don't read, we already know that.
On 9 May 2023 21:45:30 CEST, Theo Buehler <t...@theobuehler.org> wrote:
>On Tue, May 09, 2023 at 08:48:06PM +0200, Theo Buehler wrote:
>> espie mentioned that the clue to use the staging server could be more
>> explicit.
>> Maybe this is enough and not too intrusive?
>
>Some expressed concern that it should be done the other way around,
>i.e., leave the default at letsencrypt. Perhaps it's indeed better
>this way to avoid creating servers with bad certs.
>
>Index: examples/acme-client.conf
>===================================================================
>RCS file: /cvs/src/etc/examples/acme-client.conf,v
>retrieving revision 1.4
>diff -u -p -r1.4 acme-client.conf
>--- examples/acme-client.conf 17 Sep 2020 09:13:06 -0000 1.4
>+++ examples/acme-client.conf 9 May 2023 19:39:12 -0000
>@@ -27,5 +27,7 @@ domain example.com {
> alternative names { secure.example.com }
> domain key "/etc/ssl/private/example.com.key"
> domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
>+ # Test with the staging server to avoid aggressive rate-limiting.
>+ #sign with letsencrypt-staging
> sign with letsencrypt
> }
>
--
Sent from a mobile device. Please excuse poor formatting.
