improve some docs

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-06 22:30:56 +03:00 · 2022-05-27 10:09:53 +02:00
parent 7c724e18fe
commit 91dfa501f8
3 changed files with 9 additions and 5 deletions
--- a/docs/howto/lets-encrypt-certificate.md
+++ b/docs/howto/lets-encrypt-certificate.md
@@ -17,9 +17,11 @@ In this tutorial we'll focus on `HTTP-01` challenge type and make the following
 - we need a TLS certificate for the `sftpgo.com` domain
 - we have an existing web server already running on port `80` for the `sftpgo.com` domain and the web root path is `/var/www/sftpgo.com`
 ## Overview
 - [Obtaining a certificate using the Lego CLI tool](#Obtaining-a-certificate-using-the-Lego-CLI-tool)
  - [Automatic certificate renewal using the Lego CLI tool](#Automatic-certificate-renewal-using-the-Lego-CLI-tool)
- [## Obtaining a certificate using the ACME protocol built into SFTPGo](#Obtaining-a-certificate-using-the-ACME-protocol-built-into-SFTPGo)
+- [Obtaining a certificate using the ACME protocol built into SFTPGo](#Obtaining-a-certificate-using-the-ACME-protocol-built-into-SFTPGo)
 - [Enable HTTPS for SFTPGo Web UI and REST API](#Enable-HTTPS-for-SFTPGo-Web-UI-and-REST-API)
 - [Enable HTTPS for WebDAV service](#Enable-HTTPS-for-WebDAV-service)
 - [Enable explicit FTP over TLS](#Enable-explicit-FTP-over-TLS)
@@ -139,13 +141,13 @@ Open the SFTPGo configuration file, search for the `acme` section and change it
 Make sure that the `sftpgo` user can write to the `/var/www/sftpgo.com` directory or pre-create the `/var/www/sftpgo.com/.well-known/acme-challenge` directory with the appropriate permissions.
 This directory must be publicly served by your web server.
-Register your account and obtain the certificates with the following command.
+Register your account and obtain certificates by running the following command as the root user.
 ```bash
-sftpgo acme run -c /etc/sftpgo
+su - sftpgo -s /bin/bash -c 'sftpgo acme run -c /etc/sftpgo'
 ```
-If this command completes successfully, you are done. The SFTPGo service will take care of the automatic renewal of certificates for the configured domains.
+If this command completes successfully, you are done. The SFTPGo service will take care of the automatic renewal of certificates for the configured domains. Make sure that the `sftpgo` system user can read and write to `/var/lib/sftpgo/certs` directory otherwise the certificate renewal will fail.
 ## Enable HTTPS for SFTPGo Web UI and REST API
--- a/tests/ipfilter/go.mod
+++ b/tests/ipfilter/go.mod
@@ -22,4 +22,5 @@ require (
 	google.golang.org/genproto v0.0.0-20220526192754-51939a95c655 // indirect
 	google.golang.org/grpc v1.46.2 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0 // indirect
 )
--- a/tests/ipfilter/go.sum
+++ b/tests/ipfilter/go.sum
@@ -169,7 +169,8 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=