From bb35126a2cf76d18187f9c7eec746cd1917c6c37 Mon Sep 17 00:00:00 2001 From: Osiris Inferi Date: Mon, 27 Feb 2017 20:39:42 +0100 Subject: [PATCH] Deprecated standalone-preferred-challenges --- docs/using.rst | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/using.rst b/docs/using.rst index 628043ff9..c162e2fde 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -151,14 +151,17 @@ order to perform domain validation, so you may need to stop your existing webserver. To control which port the plugin uses, include one of the options shown below on the command line. - * ``--standalone-supported-challenges http-01`` to use port 80 - * ``--standalone-supported-challenges tls-sni-01`` to use port 443 + * ``--preferred-challenges http`` to use port 80 + * ``--preferred-challenges tls-sni`` to use port 443 The standalone plugin does not rely on any other server software running on the machine where you obtain the certificate. It must still be possible for that machine to accept inbound connections from the Internet on the specified port using each requested domain name. +.. note:: The ``--standalone-supported-challenges`` option has been + deprecated since ``certbot`` version 0.9.0. + Manual ------ @@ -170,6 +173,23 @@ the UI, you can use the plugin to obtain a cert by specifying to copy and paste commands into another terminal session, which may be on a different computer. +The manual plugin can use either the ``http`` or the ``dns`` challenge. You +can use the ``--preferred-challenges`` option to chose the challenge of your +preference. +The ``http`` challenge will ask you to place a file with a specific name and +specific content in the ``/.well-known/acme-challenge/`` directory directly +in the top-level directory (“web root”) containing the files served by your +webserver. In essence it's the same as the webroot_ plugin, but not automated. +When using the ``dns`` plugin, ``certbot`` will ask you to place a TXT DNS +record with specific contents under the domain name consisting of the hostname +for which you want a certificate issued, prepended by ``_acme-challenge``. + +For example, for the domain ``example.com``, a zone file entry would look like: + +:: + + _acme-challenge.example.com. 300 IN TXT "gfj9Xq...Rg85nM" + Additionally you can specify scripts to prepare for validation and perform the authentication procedure and/or clean up after it by using the ``--manual-auth-hook`` and ``--manual-cleanup-hook`` flags. This is described in