@@ -214,8 +214,8 @@ Periodically, you can perform key rollovers on a schedule that suits you
214214(e.g., annually). An emergency key rollover is exactly the same.
215215
216216At any time, you can show the status (which certificate lineages are
217- current, which are next, which new TLSA records are not yet published in the
218- DNS, and which old TLSA records have not yet been removed from the DNS).
217+ " current" , which are " next" , which new TLSA records are not yet published in
218+ the DNS, and which old TLSA records have not yet been removed from the DNS).
219219
220220In addition to TLSA records, you can also generate SSHFP, OPENPGPKEY, and
221221SMIMEA records, and check that they are published in the DNS.
@@ -234,7 +234,7 @@ This outputs danectl's name and version, then exits.
234234
235235This enables quiet mode, causing danectl to pass -q to certbot. This only
236236affects the "new", "dup", and "rollover" commands, and is probably a good
237- idea, as it makes the output tidier.
237+ idea, as it makes the output tidier (especially for cronjobs) .
238238
239239-v, --verbose
240240
@@ -250,15 +250,16 @@ been performed.
250250-1, --oneline
251251
252252This causes each long DNS record to be output on a single very long line,
253- rather than on multiple lines enclosed by parentheses. This only applies to
254- OPENPGPKEY and SMIMEA records. Each TLSA and SSHFP record is always output
255- on a single line.
253+ rather than on multiple lines enclosed by parentheses ("(" and ")"). This
254+ only applies to OPENPGPKEY and SMIMEA records. Each TLSA and SSHFP record is
255+ always output on a single line.
256256
257257-s, --spaces
258258
259259This implies the --oneline option, and causes space characters (" ") to be
260- included in the output of long, single line DNS records. This only applies
261- to OPENPGPKEY and SMIMEA records. There's probably no real need for this.
260+ included in the output of long, single line DNS records (one every 56
261+ characters). This only applies to OPENPGPKEY and SMIMEA records. There's
262+ probably no real need for this.
262263
263264COMMANDS
264265
@@ -271,9 +272,9 @@ You can also show the aliases for all of the commands:
271272 danectl aliases
272273
273274Before you can use danectl to do anything interesting for TLS, you might
274- need to supply any command line options that certbot will need when it
275- creates new certificate lineages. This is for authentication and
276- installation. Don't use quotes and don't put spaces inside arguments
275+ need to supply any command line command and/or options that certbot will
276+ need when it creates new certificate lineages. This is for authentication
277+ and installation. Don't use quotes and don't put spaces inside arguments
277278(e.g., webroot paths must not contain spaces).
278279
279280 danectl certbot --apache
@@ -316,7 +317,7 @@ Note that you must use an existing certificate's cert-name, not the list of
316317certified domains. To see all of your cert-names, run "certbot
317318certificates", or look in /etc/letsencrypt/live.
318319
319- This will create a symlink in /etc/letsencrypt/current to each adopted
320+ This will create a symlink in /etc/letsencrypt/current to the adopted
320321certificate lineage.
321322
322323If you want to create a new certbot certificate lineage for DANE instead,
@@ -434,7 +435,7 @@ Occasionally (e.g., annually), perform a key rollover:
434435
435436 danectl rollover example.org
436437
437- This will redesignate the next key as the current key (and vice versa),
438+ This will redesignate the " next" key as the " current" key (and vice versa),
438439reload affected services, and create a new key/certificate as the new next
439440key. It also outputs the old TLSA records for the old current key that you
440441need to remove from the DNS (somehow). And it outputs the new TLSA records
@@ -445,10 +446,10 @@ At any time, you can show the status of all certificate pairs:
445446 danectl status
446447
447448This will show, for each base cert-name, which certificate lineage is
448- current (original or duplicate), and which is next. It will also show any
449- new TLSA records that should be, but are not, published in the DNS. It will
450- also show any old TLSA records that are published in the DNS, but should no
451- longer be.
449+ " current" (original or duplicate), and which is " next" . It will also show
450+ any new TLSA records that should be, but are not, published in the DNS. It
451+ will also show any old TLSA records that are published in the DNS, but
452+ should no longer be.
452453
453454If any of the symlinks in /etc/letsencrypt/{current,next} target certificate
454455lineages that no longer exist in /etc/letsencrypt/live, this is also
0 commit comments