Skip to content

Commit

Permalink
chore: fix grammar and typo (#1978)
Browse files Browse the repository at this point in the history
Co-authored-by: Dominik Menke <[email protected]>
  • Loading branch information
ldez and dmke authored Jul 29, 2023
1 parent f582d12 commit 3cefc7a
Show file tree
Hide file tree
Showing 74 changed files with 109 additions and 118 deletions.
12 changes: 6 additions & 6 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -477,7 +477,7 @@ Cancelled due to a CI issue, replaced by v4.5.2.
- **[dnsprovider]** azure: Allow for the use of MSI
- **[dnsprovider]** constellix: improve challenge.
- **[dnsprovider]** godaddy: allow parallel solve.
- **[dnsprovider]** namedotcom: get the actual registered domain so we can remove just that from the hostname to be created
- **[dnsprovider]** namedotcom: get the actual registered domain, so we can remove just that from the hostname to be created
- **[dnsprovider]** transip: updated the client to v6

### Fixed:
Expand Down Expand Up @@ -581,7 +581,7 @@ Cancelled due to a CI issue, replaced by v4.5.2.

## [v3.0.1] - 2019-08-14

There was a problem when creating the tag v3.0.1, this tag has been invalidate.
There was a problem when creating the tag v3.0.1, this tag has been invalidated.

## [v3.0.0] - 2019-08-05

Expand Down Expand Up @@ -873,7 +873,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
- lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client.
- lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR.
- CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line.
- CLI: The `--pem` flag. This will change the certificate output so it outputs a .pem file concatanating the .key and .crt files together.
- CLI: The `--pem` flag. This will change the certificate output, so it outputs a .pem file concatanating the .key and .crt files together.
- CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup.
- lib: Added a memcached provider for the HTTP challenge.
- CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage.
Expand All @@ -895,11 +895,11 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
- lib: The library will now skip challenge solving if a valid Authz already exists.

### Removed:
- lib: The library will no longer check for auto renewed certificates. This has been removed from the spec and is not supported in Boulder.
- lib: The library will no longer check for auto-renewed certificates. This has been removed from the spec and is not supported in Boulder.

### Fixed:
- lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone.
- lib: Loading an account from file should fail if a integral part is nil
- lib: Loading an account from file should fail if an integral part is nil
- lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone.
- lib: If a registration encounteres a conflict, the old registration is now recovered.
- CLI: The account.json file no longer has the executable flag set.
Expand Down Expand Up @@ -967,7 +967,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.

### Changed:
- lib: NewClient does no longer accept the optPort parameter
- lib: ObtainCertificate now returns a SAN certificate if you pass more then one domain.
- lib: ObtainCertificate now returns a SAN certificate if you pass more than one domain.
- lib: GetOCSPForCert now returns the parsed OCSP response instead of just the status.
- lib: ObtainCertificate has a new parameter `privKey crypto.PrivateKey` which lets you reuse an existing private key for new certificates.
- lib: RenewCertificate now expects the PrivateKey property of the CertificateResource to be set only if you want to reuse the key.
Expand Down
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ To ensure a great and easy experience for everyone, please review the few guidel

- Use the issue search to see if the issue has already been reported.
- Also look for closed issues to see if your issue has already been fixed.
- If both of the above do not apply create a new issue and include as much information as possible.
- If both of the above do not apply, create a new issue and include as much information as possible.

Bug reports should include all information a person could need to reproduce your problem without the need to
follow up for more information. If possible, provide detailed steps for us to reproduce it, the expected behaviour and the actual behaviour.
Expand Down
2 changes: 1 addition & 1 deletion acme/api/internal/nonces/nonce_manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ func (n *Manager) getNonce() (string, error) {
return GetFromResponse(resp)
}

// GetFromResponse Extracts a nonce from a HTTP response.
// GetFromResponse Extracts a nonce from an HTTP response.
func GetFromResponse(resp *http.Response) (string, error) {
if resp == nil {
return "", errors.New("nil response")
Expand Down
8 changes: 4 additions & 4 deletions acme/commons.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,12 +71,12 @@ type Meta struct {

// externalAccountRequired (optional, boolean):
// If this field is present and set to "true",
// then the CA requires that all new- account requests include an "externalAccountBinding" field
// then the CA requires that all new-account requests include an "externalAccountBinding" field
// associating the new account with an external account.
ExternalAccountRequired bool `json:"externalAccountRequired"`
}

// ExtendedAccount a extended Account.
// ExtendedAccount an extended Account.
type ExtendedAccount struct {
Account
// Contains the value of the response header `Location`
Expand All @@ -91,7 +91,7 @@ type Account struct {
// The status of this account.
// Possible values are: "valid", "deactivated", and "revoked".
// The value "deactivated" should be used to indicate client-initiated deactivation
// whereas "revoked" should be used to indicate server- initiated deactivation. (See Section 7.1.6)
// whereas "revoked" should be used to indicate server-initiated deactivation. (See Section 7.1.6)
Status string `json:"status,omitempty"`

// contact (optional, array of string):
Expand Down Expand Up @@ -321,7 +321,7 @@ type RenewalInfoResponse struct {
// SuggestedWindow contains two fields, start and end,
// whose values are timestamps which bound the window of time in which the CA recommends renewing the certificate.
SuggestedWindow Window `json:"suggestedWindow"`
// ExplanationURL is a optional URL pointing to a page which may explain why the suggested renewal window is what it is.
// ExplanationURL is an optional URL pointing to a page which may explain why the suggested renewal window is what it is.
// For example, it may be a page explaining the CA's dynamic load-balancing strategy,
// or a page documenting which certificates are affected by a mass revocation event.
// Callers SHOULD provide this URL to their operator, if present.
Expand Down
2 changes: 1 addition & 1 deletion certcrypto/crypto.go
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ func ParsePEMBundle(bundle []byte) ([]*x509.Certificate, error) {
// ParsePEMPrivateKey parses a private key from key, which is a PEM block.
// Borrowed from Go standard library, to handle various private key and PEM block types.
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L291-L308
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238)
// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238
func ParsePEMPrivateKey(key []byte) (crypto.PrivateKey, error) {
keyBlockDER, _ := pem.Decode(key)
if keyBlockDER == nil {
Expand Down
2 changes: 1 addition & 1 deletion certificate/certificates.go
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,7 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
}

if respOrder.Status == acme.StatusValid {
// if the certificate is available right away, short cut!
// if the certificate is available right away, shortcut!
ok, errR := c.checkResponse(respOrder, certRes, bundle, preferredChain)
if errR != nil {
return nil, errR
Expand Down
2 changes: 1 addition & 1 deletion challenge/dns01/nameserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@ func sendDNSQuery(m *dns.Msg, ns string) (*dns.Msg, error) {

if in != nil && in.Truncated {
tcp := &dns.Client{Net: "tcp", Timeout: dnsTimeout}
// If the TCP request succeeds, the err will reset to nil
// If the TCP request succeeds, the "err" will reset to nil
in, _, err = tcp.Exchange(m, ns)
}

Expand Down
4 changes: 2 additions & 2 deletions challenge/dns01/precheck_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ func TestCheckDNSPropagation(t *testing.T) {

ok, err := check.checkDNSPropagation(test.fqdn, test.value)
if test.expectError {
assert.Errorf(t, err, "PreCheckDNS must failed for %s", test.fqdn)
assert.False(t, ok, "PreCheckDNS must failed for %s", test.fqdn)
assert.Errorf(t, err, "PreCheckDNS must fail for %s", test.fqdn)
assert.False(t, ok, "PreCheckDNS must fail for %s", test.fqdn)
} else {
assert.NoErrorf(t, err, "PreCheckDNS failed for %s", test.fqdn)
assert.True(t, ok, "PreCheckDNS failed for %s", test.fqdn)
Expand Down
2 changes: 1 addition & 1 deletion challenge/resolver/prober.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ func sequentialSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
}

func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
// For all valid preSolvers, first submit the challenges so they have max time to propagate
// For all valid preSolvers, first submit the challenges, so they have max time to propagate
for _, authSolver := range authSolvers {
authz := authSolver.authz
if solvr, ok := authSolver.solver.(preSolver); ok {
Expand Down
2 changes: 1 addition & 1 deletion challenge/tlsalpn01/tls_alpn_challenge_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func (s *ProviderServer) GetAddress() string {
return net.JoinHostPort(s.iface, s.port)
}

// Present generates a certificate with a SHA-256 digest of the keyAuth provided
// Present generates a certificate with an SHA-256 digest of the keyAuth provided
// as the acmeValidation-v1 extension value to conform to the ACME-TLS-ALPN spec.
func (s *ProviderServer) Present(domain, token, keyAuth string) error {
if s.port == "" {
Expand Down
4 changes: 2 additions & 2 deletions cmd/zz_gen_cmd_dnshelp.go
Original file line number Diff line number Diff line change
Expand Up @@ -1310,7 +1310,7 @@ func displayDNSHelp(w io.Writer, name string) error {

ew.writeln(`Credentials:`)
ew.writeln(` - "SOFTLAYER_API_KEY": Classic Infrastructure API key`)
ew.writeln(` - "SOFTLAYER_USERNAME": User name (IBM Cloud is <accountID>_<emailAddress>)`)
ew.writeln(` - "SOFTLAYER_USERNAME": Username (IBM Cloud is <accountID>_<emailAddress>)`)
ew.writeln()

ew.writeln(`Additional Configuration:`)
Expand Down Expand Up @@ -2709,7 +2709,7 @@ func displayDNSHelp(w io.Writer, name string) error {

ew.writeln(`Credentials:`)
ew.writeln(` - "YANDEX_CLOUD_FOLDER_ID": The string id of folder (aka project) in Yandex Cloud`)
ew.writeln(` - "YANDEX_CLOUD_IAM_TOKEN": The base64 encoded json which contains inforamtion about iam token of serivce account with 'dns.admin' permissions`)
ew.writeln(` - "YANDEX_CLOUD_IAM_TOKEN": The base64 encoded json which contains information about iam token of serivce account with 'dns.admin' permissions`)
ew.writeln()

ew.writeln(`Additional Configuration:`)
Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/manual.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ To start using the CLI prompt "provider", start lego with `--dns manual`:
$ lego --email "[email protected]" --domains="example.com" --dns "manual" run
```

What follows are a few log print outs, interspersed with some prompts, asking for you to do perform some actions:
What follows are a few log print-outs, interspersed with some prompts, asking for you to do perform some actions:

```txt
No key found for account [email protected]. Generating a P256 key.
Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_cloudflare.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ very specific access can be granted to your resources at Cloudflare.
See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.

The main resources Lego cares for are the DNS entries for your Zones.
It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.

Hence, you should create an API token with the following permissions:

Expand Down
4 changes: 2 additions & 2 deletions docs/content/dns/zz_gen_dnsimple.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,15 +61,15 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.

While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge.
DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.

To authenticate you need to provide a valid API token.
HTTP Basic Authentication is intentionally not supported.

### API tokens

You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
Only Account API tokens are supported, if you try to use an User API token you will receive an error message.
Only Account API tokens are supported, if you try to use a User API token you will receive an error message.



Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_edgedns.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here]({{< ref "dns#configuration-and-credentials" >}}).

Akamai credentials are automatically detected in the following locations and prioritized in the following order:
Akamai's credentials are automatically detected in the following locations and prioritized in the following order:

1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
- `AKAMAI_{SECTION}_HOST`
Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_httpreq.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ The server must provide:
- `POST` `/present`
- `POST` `/cleanup`

The URL of the server must be define by `HTTPREQ_ENDPOINT`.
The URL of the server must be defined by `HTTPREQ_ENDPOINT`.

### Mode

Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_ibmcloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ lego --email [email protected] --dns ibmcloud --domains my.example.org run
| Environment Variable Name | Description |
|-----------------------|-------------|
| `SOFTLAYER_API_KEY` | Classic Infrastructure API key |
| `SOFTLAYER_USERNAME` | User name (IBM Cloud is <accountID>_<emailAddress>) |
| `SOFTLAYER_USERNAME` | Username (IBM Cloud is <accountID>_<emailAddress>) |

The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_joker.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ In the SVC mode, username and passsword are not your email and account passwords

As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):

> 1. please login at Joker.com, visit 'My Domains',
> 1. please log in at Joker.com, visit 'My Domains',
> find the domain you want to add Let's Encrypt certificate for, and chose "DNS" in the menu
>
> 2. on the top right, you will find the setting for 'Dynamic DNS'.
Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_nicmanager.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).

## Description

You can login using your account name + username or using your email address.
You can log in using your account name + username or using your email address.
Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.


Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_ovh.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).

Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).

When requesting the consumer key, the following configuration can be use to define access rights:
When requesting the consumer key, the following configuration can be used to define access rights:

```json
{
Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_rcodezero.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
## Description

Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
This are special tokens with limited access for ACME requests only.
These are special tokens with limited access for ACME requests only.

RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.

Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_route53.md
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ so it is recommended to narrow them down as much as possible if you are using th

### Least privilege policy for production purposes

The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge.
The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.

Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_sonic.md
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de

This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).

Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`.
Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`.



Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_vkcloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here]({{< ref "dns#configuration-and-credentials" >}}).

## Credential inforamtion
## Credential information

You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.

Expand Down
2 changes: 1 addition & 1 deletion docs/content/dns/zz_gen_yandexcloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ lego --email [email protected] --dns yandexcloud --domains "example.org" --domains
| Environment Variable Name | Description |
|-----------------------|-------------|
| `YANDEX_CLOUD_FOLDER_ID` | The string id of folder (aka project) in Yandex Cloud |
| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions |
| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions |

The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
More information [here]({{< ref "dns#configuration-and-credentials" >}}).
Expand Down
2 changes: 1 addition & 1 deletion docs/content/usage/cli/Obtain-a-Certificate.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers,
and you need to pick the one where your domain's DNS settings are set up.
Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.

For this example, let's assume you have setup CloudFlare for your domain.
For this example, let's assume you have set up CloudFlare for your domain.

Execute this command:

Expand Down
6 changes: 3 additions & 3 deletions docs/content/usage/cli/Options.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,11 @@ To run the CLI without `sudo`, you have four options:

## Port Usage

By default lego assumes it is able to bind to ports 80 and 443 to solve challenges.
By default, lego assumes it is able to bind to ports 80 and 443 to solve challenges.
If this is not possible in your environment, you can use the `--http.port` and `--tls.port` options to instruct
lego to listen on that interface:port for any incoming challenges.

If you are using this option, make sure you proxy all of the following traffic to these ports.
If you are using either of these options, make sure you setup a proxy to redirect traffic to the chosen ports.

**HTTP Port:** All plaintext HTTP requests to port **80** which begin with a request path of `/.well-known/acme-challenge/` for the HTTP challenge[^header].

Expand Down Expand Up @@ -77,7 +77,7 @@ Remember that some ACME providers impose a rate limit on certain actions (at the
There are also situations, where this verification step doesn't work as expected:

- A "split DNS" setup gives different answers to clients on the internal network (Lego) vs. on the public internet (Let's Encrypt).
- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagate to the (public) secondary servers, yet.
- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagated to the (public) secondary servers, yet.

The effect is the same: Lego determined the challenge token to be installed correctly, while Let's Encrypt has a different view, and rejects the certificate order.

Expand Down
Loading

0 comments on commit 3cefc7a

Please sign in to comment.