Update agent guidance and sidebar nav

Author: webprofusion-chrisc

docs/hub/guides/agent.md

@@ -0,0 +1,66 @@
+---
+title: Certify Management Agent (Linux, macOS)
+---
+
+## Summary
+
+The *Certify Management Agent* is a service which can be use on Linux or macOS to perform certificate renewals and deployment tasks, or to monitor renewals managed by external certificate managers (including Certbot, acme.sh, win-acme/simple-acme and Posh-ACME). The agent is functionally the same as [Certify Certificate Manager](ccm.md) on Windows, but without a Desktop UI.
+
+## Installation and Upgrades
+
+See our [install guide](../installation/linux#certify-management-agent) for details installing and upgrading.
+
+## Joining the Management Hub
+
+Joining your existing *Certify Management Agent* instance to a Management Hub allows you to control the instance settings, renewals and monitoring.
+
+The basic steps are:
+
+1. Set up a Joining API key in the hub (one is automatically created when the hub is installed).
+2. Configure the agent to join the hub (via the command line)
+3. Verify that the joining has completed in the hub UI
+
+## Before Joining the Hub
+
+### Security Considerations
+
+:::warning Important
+
+The Management Hub will have complete control over the Certify Management Agent instance settings, including the ability to specify deployment tasks which may include locally executed code (PowerShell etc).
+
+ **Do not join a hub you don't control or trust.**
+
+ :::
+
+## Joining the Hub
+
+By default a joining API key is created when you install the hub. This is found under *Settings > Security > API Access*. You will need the API URL (e.g. `https://hub.internal.yourdomain.com:9697` depending on your configuration), Client Id and Client Secret values.
+
+```
+curl -X POST http://127.0.0.2:9696/api/system/hub/join -H 'Content-Type: application/json' -d '{"clientId":"managedinstance_sp_01","secret":"<secret>","url":"<hub url>"}'
+```
+
+## Verification
+
+After joining, confirm that your instance appears in the Management Hub UI's **Instances** list.
+
+## Using the Hub to manage the agent
+
+When you are working with individual settings such as Stored Credentials, Certificate Authority accounts etc these remain per-instance settings, so each instance of the app has it's own set of settings and you will selected the target 
+instance when working with those. 
+
+### Monitoring External Certificate Managers
+
+The agent can provide monitoring of renewals that are managed by a selected number of ACME certificate management tools including Certbot, acme.sh, win-acme/simple-acme and Posh-ACME.
+
+With your agent installed on your target machine and joined to the hub, configure the paths for your chosen certificate manager under *Settings > General > External Certificate Managers*, ensuring to select your target instance from the Target Instance dropdown list at the top the page. By default the system will attempt to discover existing config using the default paths. Configuration of log paths is only required where logs are stored separately from the other config (e.g. Certbot).
+
+| Cert Manager  | Default Config Path  | Default Log Path  |
+|---|---|---|
+| acme.sh  | ~/.acme.sh/ |  - |
+| certbot  | /etc/letsencrypt | /var/log/letsencrypt  |
+| posh-acme  | %APPDATA%\Local\Posh-ACME  | -  |
+| simple-acme  | %PROGRAMDATA%\simple-acme | -  |
+| win-acme  | %PROGRAMDATA%\simple-acme |  - |
+
+The agent will cache results from each certificate manager and periodically refresh results, so changes to renewals etc will take a few minutes to show up in the hub UI.

docs/hub/guides/ccm.md

@@ -1,11 +1,13 @@
 ---
-title: Joining the Hub
+title: Certify Certificate Manager (Desktop)
 ---
 
 ## Summary
 
 Joining your existing *Certify Certificate Manager* (CCM) instance to a Management Hub allows you to control the instance settings as if you were working in the conventional desktop app, without having to remote into the desktop of each instance.
 
+If you are using *Certify Management Agent* on Linux or macOS, [see our agent guide](agent.md).
+
 Start by [downloading the latest version](https://downloads.certifytheweb.com/beta/latest/certify-ccm-windows-x64-latest.exe) of Certify Certificate Manager (v7+) with the option to connect to a management hub.
 
 To use Certify Management Hub with existing installations:

docs/hub/index.md

@@ -7,9 +7,9 @@ title: Getting Started
 
 *Certify Management Hub* is our new cross-platform product for centralized administration of managed certificates. 
 
-:::warning[Alpha Version]
+:::warning[Beta Version]
 
-The product is available to try out as an alpha version (e.g. not the finished product). The documentation shown here is provisional and subject to major changes. To provide feedback contact `support at certifytheweb.com` or post to https://community.certifytheweb.com/. If testing, see current [Known Issues](known-issues.md)
+The product is available to try out as an beta version (e.g. not the finished product). The documentation shown here is provisional and subject to major changes. To provide feedback contact `support at certifytheweb.com` or post to https://community.certifytheweb.com/. If testing, see current [Known Issues](known-issues.md)
 :::
 
 **All the core features of [Certify Certificate Manager](../intro.md), with a web based management UI and API.**

docs/hub/installation/containers.md

@@ -58,7 +58,7 @@ For simplest setup you can fetch the combined Certify Management Hub image from:
 Add Storage > persistent volume claim `certifydata` with mount path `/usr/share/certifydata`, see also `CERTIFY_APP_DATA` below.
 
 ## Certify Management Agent
-Certify Management Agent is a version of the *Certify Certificate Manager* service which can run "headless" (with no UI) on many different platforms.
+[Certify Management Agent](../guides/agent.md) is a version of the *Certify Certificate Manager* service which can run "headless" (with no UI) on many different platforms.
 
 - Docker Hub: https://hub.docker.com/r/certifytheweb/certify-agent
 - GitHub Packages: https://github.com/certifytheweb?tab=packages

docs/hub/installation/index.md

@@ -21,8 +21,6 @@ The product runs in Community Edition mode by default, see [Licensing](../../gui
 
 :::danger
 Due to the nature of the work the management hub performs we do not recommend hosting on a public facing web server. While logins are required for most actions, the app and API are not considered to be security hardened for public exposure unless we explicitly state that they are. Default admin credentials should be changed immediately after setup.
-
-*This alpha version may have some unguarded API endpoints and is not suitable for public hosting.*
 :::
 
 ## Upgrading
@@ -35,7 +33,7 @@ The latest release notes for the app can be found at https://certifytheweb.com/h
 
 You can self-host on Windows, macOS or Linux, or you can use your own choice of container environment (Docker, Kubernetes, Red Hat/IBM OpenShift etc).
 
-The product internally uses .NET 9.0 or higher and specific supported operating systems are detailed here: https://github.com/dotnet/core/blob/main/release-notes/9.0/supported-os.md
+The product internally uses .NET 9.0 or higher (self contained, you do not need to install .net) and specific supported operating systems are detailed here: https://github.com/dotnet/core/blob/main/release-notes/9.0/supported-os.md
 
 For the web app, "evergreen" desktop web browsers are supported, typically this is Google Chrome, Microsoft Edge, Safari and Firefox.
 

docs/hub/installation/linux.md

@@ -49,7 +49,8 @@ Suggested Configuration for multi-user access:
 
 ## Certify Management Agent
 
-The following commands:
+[Certify Management Agent](../guides/agent.md) is a version of the *Certify Certificate Manager* service which can run "headless" (with no UI).
+
 - Download the latest version, ensuring any old download and old install files are removed if present
 - Extract the downloaded archive to the temporary ./certify-agent-install path
 - Runs the install script to install under /opt/certify-agent, and sets up the agent as a systemd service running as user `certify`.
@@ -65,4 +66,6 @@ sudo ./certify-agent-install/scripts/install-agent.sh
 To then clean up the temporary install files:
 ```
 rm -rf ./certify-agent*
-```
+```
+
+By default the agent will install to `/opt/certify-agent` as a systemd service called `certify-agent` with config stored at `/usr/share/certify`.

sidebars.js

@@ -104,9 +104,10 @@ export default {
                 'hub/installation/containers',
                 'hub/installation/windows',
                 'hub/installation/linux',
-                'hub/guides/ccm',
+               
               ],
             },
+
             'hub/guides/request-certificate',
             'hub/known-issues'
           ]
@@ -117,6 +118,14 @@ export default {
           items: [
             'hub/managedchallenges',
           ]
+        },
+         {
+          type: 'category',
+          label: 'Management Agent & CCM',
+          items: [
+            'hub/guides/ccm',
+            'hub/guides/agent',
+          ]
         },
         {
           type: 'category',

src/pages/index.mdx

@@ -32,7 +32,7 @@ You can find out more about our products at https://certifytheweb.com or see bel
 
   </TabItem>
     <TabItem value="hub" label="Certify Management Hub" default>
-    Our new **cross-platform** centralized management hub features a web based UI, all the main features of *Certify Certificate Manager*, plus new features like multi-instance management and managed challenges to help support other ACME clients. **alpha-release for testing**
+    Our new **cross-platform** centralized management hub features a web based UI, all the main features of *Certify Certificate Manager*, plus new features like multi-instance management and managed challenges to help support other ACME clients. 
 
     [Certify Management Hub Documentation](docs/hub/)