From e802ffb7c028f6a39dd4fc790b7858ee60effbe5 Mon Sep 17 00:00:00 2001
From: Lexi Winter <ivy@FreeBSD.org>
Date: Tue, 3 Jun 2025 13:06:16 +0100
Subject: make "http" the default challenge handler

---
 domains.conf.5 | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'domains.conf.5')

diff --git a/domains.conf.5 b/domains.conf.5
index 287d19d..0f587e7 100644
--- a/domains.conf.5
+++ b/domains.conf.5
@@ -62,6 +62,26 @@ and
 The challenge script is passed to
 .Xr uacme 1 ;
 see the uacme documentation for details on the calling convention.
+.Pp
+Two challenge scripts are provided with
+.Nm lfacme :
+.Bl -tag -width kerberos
+.It Sy http
+Use HTTP-based validation.
+This requires
+.Va ACME_HTTP_CHALLENGE_DIR
+to be set in
+.Xr acme.conf 5 .
+This is the default challenge handler.
+.It Sy kerberos
+Use DNS-based validation with
+.Xr nsupdate 1
+using Kerberos authentication.
+This requires
+.Va ACME_KERBEROS_PRINCIPAL
+to be set in
+.Xr acme.conf 5 .
+.El
 .It Sy hook Ns Li = Ns Ar filename
 Invoke
 .Ar filename
-- 
cgit v1.2.3