wm: doc

Download patch

ref: 3333b526d23726e0fb87beee79c4332b88a3a088
parent: 581bb4edf342d41e13610c5761e1b5f73c4bd95b
author: jrmu <jrmu@cloud9p.org>
date: Mon Sep 23 17:52:25 EDT 2024 

Add explanations for each step and clean up formatting


--- a/acmed.ms
+++ b/acmed.ms
@@ -1,24 +1,36 @@
-This guide is not yet finished
+This guide provides a quick setup for requesting a TLS certificate with acmed.
 
+First, we generate our private key:
+
 cpu% ramfs -p
 cpu% cd /tmp
 cpu% auth/rsagen -t 'service=acme role=sign hash=sha256 acct=username@example.com' > username@example.com.key
+
+Next, we generate the public key, formatted as a JSON Web Key:
+
 cpu% auth/rsa2jwk username@example.com.key > /sys/lib/tls/acmed/username@example.com.pub
-% cd /tmp
-% auth/secstore -g factotum
+
+We store our private key into secstore, then factotum:
+
+cpu% auth/secstore -g factotum
 secstore password:
-% cat username@example.com.key >> factotum
-% auth/secstore -v -p factotum
+cpu% cat username@example.com.key >> factotum
+cpu% auth/secstore -v -p factotum
 secstore password:
-% read -m factotum > /mnt/factotum/ctl
+cpu% read -m factotum > /mnt/factotum/ctl
 
+We next generate a private key for the host, and set the proper file permissions,
+and copy it into /sys/lib/tls/acmed/:
+
 cpu% auth/rsagen -t 'service=tls owner=*' > example.com.key
 cpu% chmod 600 username@example.com.key example.com.key 
-cp username@example.com.key example.com.key /sys/lib/tls/acmed/
-cpu% auth/rsa2csr 'CN=example.com' /sys/lib/tls/acmed/example.com.key >/sys/lib/tls/acmed/example.com.csr
-webfs; auth/acmed -t http -o /usr/web/.well-known/acme-challenge username@example.com /sys/lib/tls/acmed/example.com.csr >/sys/lib/tls/acmed/example.com.crt
+cpu% cp username@example.com.key example.com.key /sys/lib/tls/acmed/
 
+We generate a certificate signing request, then create the .well-known/acme-challenge
+directory, then pass the CSR to acmed:
+
+cpu% auth/rsa2csr 'CN=example.com' /sys/lib/tls/acmed/example.com.key >/sys/lib/tls/acmed/example.com.csr
 cpu% mkdir -p /usr/$user/www/example.com/.well-known/acme-challenge
-cpu% auth/acmed -t http -o /usr/$user/www/example.com/.well-known/acme-challenge username@example.com /sys/lib/tls/acmed/example.com.csr >/sys/lib/tls/acmed/example.com.crt
+cpu% webfs; auth/acmed -t http -o /usr/$user/www/example.com/.well-known/acme-challenge username@example.com /sys/lib/tls/acmed/example.com.csr >/sys/lib/tls/acmed/example.com.crt
 
 If all went well, you should find the certificate in /sys/lib/tls/acmed/example.com.crt