From 550d8e8e6ccef95a119bc265101792b0475a7aa0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 15:42:57 +0200 Subject: Adding upstream version 2.4.59. Signed-off-by: Daniel Baumann --- docs/manual/mod/mod_md.html.en | 72 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 62 insertions(+), 10 deletions(-) (limited to 'docs/manual/mod/mod_md.html.en') diff --git a/docs/manual/mod/mod_md.html.en b/docs/manual/mod/mod_md.html.en index 95c5e1b..33b0e46 100644 --- a/docs/manual/mod/mod_md.html.en +++ b/docs/manual/mod/mod_md.html.en @@ -335,10 +335,12 @@
  • MDCertificateProtocol
  • MDCertificateStatus
  • MDChallengeDns01
    • +
  • MDChallengeDns01Version
  • MDContactEmail
  • MDDriveMode
  • MDExternalAccountBinding
  • MDHttpProxy
    • +
  • MDMatchNames
  • MDMember
  • MDMembers
  • MDMessageCmd
    • @@ -369,7 +371,7 @@
    top

    MDActivationDelay Directive

    - + @@ -483,7 +485,7 @@
    top

    MDCertificateCheck Directive

    Description:
    Description:How long to delay activation of new certificates
    Syntax:MDActivationDelay duration
    Context:server config
    Status:Experimental
    - + @@ -628,7 +630,7 @@
    top

    MDChallengeDns01 Directive

    Description:
    Description:Set name and URL pattern for a certificate monitoring sitSet name and URL pattern for a certificate monitoring sitee
    Syntax:MDCertificateCheck name url
    Context:server config
    Status:Experimental
    - + @@ -637,7 +639,9 @@

    Define a program to be called when the `dns-01` challenge needs to be setup/torn down. The program is given the argument `setup` or `teardown` followed by the domain name. - For `setup` the challenge content is additionally given. + For `setup` the challenge content is additionally given. When + MDChallengeDns01Version is set to 2, + the `teardown` also gets the challenge content as argument.

    You do not need to specify this, as long as a 'http:' or 'https:' challenge method is possible. However, Let's Encrypt makes 'dns-01' the only @@ -651,11 +655,30 @@ See the section about wildcard certificates above for more details.

    + +
    top
    +

    MDChallengeDns01Version Directive

    +
    Description:
    Description:Set the command for setup/teardown of dns-01 challenges
    Syntax:MDChallengeDns01 path-to-command
    Context:server config
    Status:Experimental
    + + + + + + + +
    Description:Set the type of arguments to call MDChallengeDns01 with
    Syntax:MDChallengeDns01Version 1|2
    Default:MDChallengeDns01Version 1
    Context:server config
    Status:Experimental
    Module:mod_md
    Compatibility:Available in version 2.4.58 and later
    +

    + Set the way MDChallengeDns01 command is invoked, e.g the number and + types of arguments. See MDChallengeDns01 + for the differences. + This setting is global and cannot be varied per domain. +

    +
    top

    MDContactEmail Directive

    - + @@ -690,7 +713,7 @@
    top

    MDExternalAccountBinding Directive

    Description:
    Description:Email address used for account registration
    Syntax:MDContactEmail address
    Context:server config
    Status:Experimental
    - + @@ -741,6 +764,35 @@ if your webserver can only reach the internet with a forward proxy.

    + +
    top
    +

    MDMatchNames Directive

    +
    Description:
    Description:Set the external account binding keyid and hmac values to use at CA
    Syntax:MDExternalAccountBinding key-id hmac-64 | none | file
    Default:MDExternalAccountBinding none
    Context:server config
    + + + + + + + +
    Description:Determines how DNS names are matched to vhosts
    Syntax:MDMatchNames all|servernames
    Default:MDMatchNames all
    Context:server config
    Status:Experimental
    Module:mod_md
    Compatibility:Available in version 2.4.58 and later
    +

    + The mode `all` is the behaviour as in all previous versions. Both ServerName + and ServerAlias are inspected to find the MDomain matching a VirtualHost. + This automatically detects coverage, even when you only have added + one of the names to an MDomain. +

    + However, this auto-magic has drawbacks in more complex setups. If you set + this directive to `servernames`, only the ServerName of a virtual host is + used for matching. ServerAliases are disregarded then, for matching. + Aliases will still be added to the certificate obtained, unless you also + run `MDMembers manual`. +

    + Another advantage of `servernames` is that it gives you more flexibility + with sub-domains and wildcards. You can define one MDomain with a wildcard + and have other MDomains for specific sub-domain names. +

    +
    top

    MDMember Directive

    @@ -1208,7 +1260,7 @@ MDRenewWindow 10%
    top

    MDRetryDelay Directive

    - + @@ -1230,7 +1282,7 @@ MDRenewWindow 10%
    top

    MDRetryFailover Directive

    Description:
    Description:Time length for first retry, doubled on every consecutive error.
    Syntax:MDRetryDelay duration
    Default:MDRetryDelay 5s
    Context:server config
    - + @@ -1398,7 +1450,7 @@ MDRenewWindow 10%
    top

    MDStoreLocks Directive

    Description:
    Description:The number of errors before a failover to another CA is triggered
    Syntax:MDRetryFailover number
    Default:MDRetryFailover 13
    Context:server config
    - + @@ -1475,7 +1527,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_md.html'; } })(window, document); //-->
    Description:
    Description:Configure locking of store for updates
    Syntax:MDStoreLocks on|off|duration
    Default:MDStoreLocks off
    Context:server config