shithub: acmed

Download patch

ref: 6e12ebe0bdeae7519ba142caa1dc7c71d4d6fe09
parent: b96a6c3ebfde70209c94154454b002d1a74bfb7f
author: Ori Bernstein <ori@eigenstate.org>
date: Wed Sep 22 19:27:47 EDT 2021 

manpage: update

document dns challenge, remove lies about flags, make
examples work with existing system


--- a/acmed.man
+++ b/acmed.man
@@ -1,17 +1,13 @@
 .TH ACMED 8
 .SH NAME
-acmed \- acme certificate client
+ip/acmed \- acme certificate client
 .SH SYNOPSIS
-.B acmed
+.B ip/acmed
 [
 .B -a
 .I acctkey
 ]
 [
-.B -d
-.I domain
-]
-[
 .B -o
 .I chalout
 ]
@@ -49,12 +45,6 @@
 .I jwk
 formatted RSA key.
 .TP
-.B -d
-specifies the domain name that will be used
-for
-.I DNS
-challenges.
-.TP
 .B -o
 .I chalout
 specifies that the challenge material is
@@ -105,14 +95,12 @@
 is run, the keys must be generated.
 .IP
 .EX
-auth/rsagen -t 'service=acme role=sign hash=sha256 acct=me@example.org' \\
-	| tee >{auth/rsa2jwk \\
-		>/sys/lib/tls/acmed/me@example.org.pub}
-	| ipso -r -l factotum
-auth/rsagen -t 'service=tls owner=*' \\
-	| tee >{auth/rsa2csr 'CN=mydomain.com' \\
-		>/sys/lib/tls/acmed/mydomain.com.csr} \\
-	| ipso -r -l factotum
+auth/rsagen -t 'service=acme role=sign hash=sha256 acct=a@b.org'\\
+	>acct.key
+auth/rsa2jwk acct.key >/sys/lib/tls/acmed/me@example.org.pub
+auth/rsagen -t 'service=tls owner=*' >cert.key
+auth/rsa2csr 'CN=mydomain.com' cert.key \\
+	>/sys/lib/tls/acmed/mydomain.com.csr} \\
 .EE
 .PP
 This need only be run once.
@@ -121,14 +109,29 @@
 The certificate for the domain can now be fetched:
 .IP
 .EX
-acmed me@example.org mydomain.com \\
+acmed me@example.org /sys/lib/tls/acmed/mydomain.com.csr \\
 	>/sys/lib/tls/acmed/mydomain.com.crt
 .EE
+.PP
+When using a DNS challenge, your DNS server must be
+configured, and must be configured to include the
+DNS challenge file:
+.EX
+database=
+	file=/net/ndb
+	file=/lib/ndb/local
+	file=/lib/ndb/common
+	file=/lib/ndb/dnschallenge
+.EE
+And
+.I acmed
+must be invoked with the domain:
+.EX
+acmed me@example.org \\
+	/sys/lib/tls/acmed/mydomain.com.csr \\
+	mydomain.com \\
+	>/sys/lib/tls/acmed/mydomain.com.crt
+.EE
 .SH SOURCE
-.B /sys/src/cmd/$somewhere/acmed.c
-.SH BUGS
-.I Acmed only supports HTTP challenges that are
-placed in static directories.
-It should add support for DNS challenges, and provide
-a way for a script to be invoked while handling them.
+.B /sys/src/cmd/ip/acmed.c