ref: eb660ee7845ad084894ec4f656187dc8e357df31
parent: a72852fc35e506bb7e866c694b17052cf73132cf
author: sl <sl@stanleylieber.com>
date: Tue Apr 12 18:23:53 EDT 2022
fqa7.ms: fix print formatting for acmed section
--- a/fqa7.ms
+++ b/fqa7.ms
@@ -1947,14 +1947,18 @@
.P1
ramfs -p
cd /tmp
-auth/rsagen -t 'service=acme role=sign hash=sha256 acct=user@domain.com'\\
+auth/rsagen -t service'='acme role=sign \e
+ hash'='sha256 acct'='user@domain.com \e
>user@domain.com.key
-auth/rsa2jwk user@domain.com.key >/sys/lib/tls/acmed/user@domain.com.pub
+auth/rsa2jwk user@domain.com.key \e
+ >/sys/lib/tls/acmed/user@domain.com.pub
cat user@domain.com.key > /mnt/factotum/ctl
-auth/rsagen -t 'service=tls owner=*' >domain.com.key
+auth/rsagen -t service'='tls owner'=*' >domain.com.key
chmod 600 user@domain.com.key domain.com.key
-cp user@domain.com.key domain.com.key /sys/lib/tls/acmed/
-auth/rsa2csr 'CN=domain.com' /sys/lib/tls/acmed/domain.com.key \\
+cp user@domain.com.key domain.com.key \e
+ /sys/lib/tls/acmed/
+auth/rsa2csr CN'='domain.com \e
+ /sys/lib/tls/acmed/domain.com.key \e
>/sys/lib/tls/acmed/domain.com.csr
.P2
@@ -1966,8 +1970,9 @@
The following uses the CSR from above, and fetches a newly signed certificate:
.P1
-auth/acmed -t http -o /path/to/.well-known/acme-challenge user@domain.com \\
- /sys/lib/tls/acmed/domain.com.csr >/sys/lib/tls/acmed/domain.com.crt
+auth/acmed -t http -o /path/to/.well-known/acme-challenge \e
+ user@domain.com /sys/lib/tls/acmed/domain.com.csr \e
+ >/sys/lib/tls/acmed/domain.com.crt
.P2
This requires the output directory (by default, /usr/web/.well-known/acme-challenge) to be served over
@@ -1993,7 +1998,8 @@
.P1
database=
...
- file=/lib/ndb/dnschallenge # add this line under what you already have
+ # add this line under what you already have
+ file=/lib/ndb/dnschallenge
.P2
In addition, the domain that you'd like to get verified needs to have a certificate authority authorization record of your ACME provider declared: