From 2827edd42ffff75ee30c494d4d1dbbf4df7ac20b Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Sun, 14 Jan 2018 11:47:21 +0000 Subject: [PATCH] mod_md manual: updated version and added note about current port requirements git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1821095 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_md.xml | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/docs/manual/mod/mod_md.xml b/docs/manual/mod/mod_md.xml index c995c2a4f7..c1759dea4a 100644 --- a/docs/manual/mod/mod_md.xml +++ b/docs/manual/mod/mod_md.xml @@ -29,7 +29,7 @@ Extension mod_md.c md_module - Available in version 2.5.0 and later + Available in version 2.4.30 and later

This module manages common properties of domains for one or more virtual hosts. @@ -58,7 +58,7 @@ MDomain example.org DocumentRoot htdocs/a SSLEngine on - # no certificates specification needed! + # no certificates specification </VirtualHost>

@@ -75,6 +75,30 @@ MDomain example.org

+ Prerequisites +

+ This module requires mod_watchdog to be loaded as well. +

+ Certificate signup and renewal with Let's Encrypt requires your server to be + reachable on port 80 (http:) from the outside. The alternative method over + port 443 (https:) is currently disabled for security reasons (status from + 2018-01-14). +

+ The module will select from the methods offered by Let's Encrypt. If LE decides + at one point in the future, to re-enable it again, mod_md will + use it when suitable. +

+ But for now, only the port 80 variant is available (termed "http-01"). Only + when LE can reach your server on port 80 will mod_md work for + you. For now, at least. +

+ If you do not want to offer any sites on port 80 any more, you may leave it open + and redirect all requests to your https: sites instead. Use the + MDRequireHttps described below to do + that in a convenient fashion. This will continue to answer http: challenges + from Let's Encrypt. +

+ -- 2.40.0