All 3 are OK with me, if there are no objections I can commit them later (but would be happy if someone beats me to it :)
On 2018/08/02 14:49, Ross L Richardson wrote: > > This is the first of several diffs containing separate bits of the > earlier combined diff. > > "X509" to "X.509" for correctness and consistency with acme-client.conf.5 > > > Index: acme-client.1 > =================================================================== > RCS file: /cvs/src/usr.sbin/acme-client/acme-client.1,v > retrieving revision 1.24 > diff -u -p -r1.24 acme-client.1 > --- acme-client.1 13 Jun 2018 15:08:24 -0000 1.24 > +++ acme-client.1 2 Aug 2018 04:29:36 -0000 > @@ -44,7 +44,7 @@ Specify an alternative configuration fil > .It Fl n > No operation: check and print configuration. > .It Fl r > -Revoke the X509 certificate found in the certificates. > +Revoke the X.509 certificate. > .It Fl v > Verbose operation. > Specify twice to also trace communication and data transfers. > @@ -110,7 +110,7 @@ as above: > .Pp > A daily > .Xr cron 8 > -job can renew the certificates: > +job can renew the certificate: > .Pp > .Dl acme-client example.com && rcctl reload httpd > .Sh SEE ALSO > On 2018/08/02 14:57, Ross L Richardson wrote: > > It's an "X.509 certificate" rather than a "TLS certificate". > As pointed out by sthen@, TLS isn't the only possible use. > > > > Index: acme-client.1 > =================================================================== > RCS file: /cvs/src/usr.sbin/acme-client/acme-client.1,v > retrieving revision 1.24 > diff -u -p -r1.24 acme-client.1 > --- acme-client.1 13 Jun 2018 15:08:24 -0000 1.24 > +++ acme-client.1 2 Aug 2018 04:41:05 -0000 > @@ -56,7 +56,7 @@ The domain name. > looks in its configuration for a > .Ar domain > section corresponding to the domain given as command line argument. > -It then uses that configuration to retrieve a TLS certificate. > +It then uses that configuration to retrieve an X.509 certificate. > If the certificate already exists and is less than 30 days from expiry, > .Nm > will attempt to refresh the signature. > On 2018/08/02 15:09, Ross L Richardson wrote: > > According to code (and testing), each is optional but at least > one must be present. > > > Index: acme-client.conf.5 > =================================================================== > RCS file: /cvs/src/usr.sbin/acme-client/acme-client.conf.5,v > retrieving revision 1.13 > diff -u -p -r1.13 acme-client.conf.5 > --- acme-client.conf.5 8 Jul 2018 15:41:17 -0000 1.13 > +++ acme-client.conf.5 2 Aug 2018 04:33:57 -0000 > @@ -120,6 +120,9 @@ plain domain name forms. > The private key file for which the certificate will be obtained. > .It Ic domain certificate Ar file > The filename of the certificate that will be issued. > +This is optional if > +.Ar domain full chain certificate > +is specified. > .It Ic domain chain certificate Ar file > The filename in which to store the certificate chain > that will be returned by the certificate authority. > @@ -137,6 +140,9 @@ This is a combination of the > and the > .Ar domain chain certificate > in one file, and is required by most browsers. > +This is optional if > +.Ar domain certificate > +is specified. > .It Ic sign with Ar authority > The certificate authority (as declared above in the > .Sx AUTHORITIES >
