diff options
author | pennae <github@quasiparticle.net> | 2023-01-04 06:56:24 +0100 |
---|---|---|
committer | pennae <github@quasiparticle.net> | 2023-01-10 10:31:59 +0100 |
commit | 23ea73b4169d68c0d22c3d9aed6e2a692a793ff5 (patch) | |
tree | 393a187a611654ac8b341b10f86efa8cd05f2dfc /nixos/modules/security/acme/doc.xml | |
parent | 03c72f224cc721b359c5477aeef4bcfa185477bd (diff) |
nixos/manual: enable smart quotes for all MD chapters
Diffstat (limited to 'nixos/modules/security/acme/doc.xml')
-rw-r--r-- | nixos/modules/security/acme/doc.xml | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/nixos/modules/security/acme/doc.xml b/nixos/modules/security/acme/doc.xml index c21f802caf4b7..42c73300d8b98 100644 --- a/nixos/modules/security/acme/doc.xml +++ b/nixos/modules/security/acme/doc.xml @@ -3,7 +3,7 @@ <para> NixOS supports automatic domain validation & certificate retrieval and renewal using the ACME protocol. Any provider can be - used, but by default NixOS uses Let's Encrypt. The alternative ACME + used, but by default NixOS uses Let’s Encrypt. The alternative ACME client <link xlink:href="https://go-acme.github.io/lego/">lego</link> is used under the hood. @@ -17,15 +17,15 @@ <section xml:id="module-security-acme-prerequisites"> <title>Prerequisites</title> <para> - To use the ACME module, you must accept the provider's terms of + To use the ACME module, you must accept the provider’s terms of service by setting <xref linkend="opt-security.acme.acceptTerms"></xref> to - <literal>true</literal>. The Let's Encrypt ToS can be found + <literal>true</literal>. The Let’s Encrypt ToS can be found <link xlink:href="https://letsencrypt.org/repository/">here</link>. </para> <para> You must also set an email address to be used when creating - accounts with Let's Encrypt. You can set this for all certs with + accounts with Let’s Encrypt. You can set this for all certs with <xref linkend="opt-security.acme.defaults.email"></xref> and/or on a per-cert basis with <xref linkend="opt-security.acme.certs._name_.email"></xref>. This @@ -93,7 +93,7 @@ services.nginx = { <para> Using ACME certificates with Apache virtual hosts is identical to using them with Nginx. The attribute names are all the same, just - replace "nginx" with "httpd" where + replace <quote>nginx</quote> with <quote>httpd</quote> where appropriate. </para> </section> @@ -257,7 +257,7 @@ systemd.services.dns-rfc2136-conf = { }; </programlisting> <para> - Now you're all set to generate certs! You should monitor the first + Now you’re all set to generate certs! You should monitor the first invocation by running <literal>systemctl start acme-example.com.service & journalctl -fu acme-example.com.service</literal> and watching its log output. @@ -270,15 +270,14 @@ systemd.services.dns-rfc2136-conf = { including those automatically configured via the Nginx/Apache <link linkend="opt-services.nginx.virtualHosts._name_.enableACME"><literal>enableACME</literal></link> option. This configuration pattern is fully supported and part of - the module's test suite for Nginx + Apache. + the module’s test suite for Nginx + Apache. </para> <para> You must follow the guide above on configuring DNS-01 validation first, however instead of setting the options for one certificate - (e.g. - <xref linkend="opt-security.acme.certs._name_.dnsProvider"></xref>) - you will set them as defaults (e.g. - <xref linkend="opt-security.acme.defaults.dnsProvider"></xref>). + (e.g. <xref linkend="opt-security.acme.certs._name_.dnsProvider"></xref>) + you will set them as defaults + (e.g. <xref linkend="opt-security.acme.defaults.dnsProvider"></xref>). </para> <programlisting> # Configure ACME appropriately @@ -304,7 +303,7 @@ services.nginx = { } </programlisting> <para> - And that's it! Next time your configuration is rebuilt, or when + And that’s it! Next time your configuration is rebuilt, or when you add a new virtualHost, it will be DNS-01 validated. </para> </section> @@ -316,7 +315,7 @@ services.nginx = { are not owned by root. PostgreSQL and OpenSMTPD are examples of these. There is no way to change the user the ACME module uses (it will always be <literal>acme</literal>), however you can use - systemd's <literal>LoadCredential</literal> feature to resolve + systemd’s <literal>LoadCredential</literal> feature to resolve this elegantly. Below is an example configuration for OpenSMTPD, but this pattern can be applied to any service. </para> @@ -360,7 +359,7 @@ in { <title>Regenerating certificates</title> <para> Should you need to regenerate a particular certificate in a hurry, - such as when a vulnerability is found in Let's Encrypt, there is + such as when a vulnerability is found in Let’s Encrypt, there is now a convenient mechanism for doing so. Running <literal>systemctl clean --what=state acme-example.com.service</literal> will remove all certificate files and the account data for the |