diff --git a/src/doc/docs/ca/index.md b/src/doc/docs/ca/index.md index c120e5ab..373aa22c 100644 --- a/src/doc/docs/ca/index.md +++ b/src/doc/docs/ca/index.md @@ -21,3 +21,6 @@ More CAs may be supported in future releases of _acme4j_. Also, CAs can publish provider jar files that plug into _acme4j_ and offer extended support. +## Disclaimer + +_acme4j_ is an independent software, and not officially supported or endorsed by any of these CAs. If you have _acme4j_ related issues, please do not ask them for support, but [open an issue here](https://codeberg.org/shred/acme4j/issues). diff --git a/src/doc/docs/ca/letsencrypt.md b/src/doc/docs/ca/letsencrypt.md index 76b471d3..96398e0c 100644 --- a/src/doc/docs/ca/letsencrypt.md +++ b/src/doc/docs/ca/letsencrypt.md @@ -9,4 +9,4 @@ Website: [Let's Encrypt](https://letsencrypt.org) ## Note -* Let's Encrypt does not support `Account.getOrders()`. Invocation will throw an `AcmeNotSupportedException`. \ No newline at end of file +* Let's Encrypt does not support `Account.getOrders()`, although it's required by RFC8555. Invocation will throw an `AcmeNotSupportedException`. See [this issue](https://github.com/letsencrypt/boulder/issues/3335) for more information. \ No newline at end of file diff --git a/src/doc/docs/ca/pebble.md b/src/doc/docs/ca/pebble.md index 17730d30..6dd0589c 100644 --- a/src/doc/docs/ca/pebble.md +++ b/src/doc/docs/ca/pebble.md @@ -17,11 +17,11 @@ Pebble uses a self-signed certificate for HTTPS connections. The Pebble provider The Pebble server provides an end-entity certificate for the `localhost` and `pebble` domain. -If your Pebble server can be reached at a different domain (like `pebble.example.com` above), you need to create a correct end-entity certificate on your Pebble server. [See here](https://github.com/letsencrypt/pebble/tree/main/test/certs) for how to use `minica` to create a matching certificate. +If your Pebble server can be reached at a different domain (like `pebble.example.com` above), you need to create a correct end-entity certificate on your Pebble server. [See here](https://github.com/letsencrypt/pebble/tree/main/test/certs) for how to use `minica` to create a matching certificate, and the section below for how to use it in your integration tests. Otherwise, you will get an `AcmeNetworkException: Network error` that is caused by a `java.io.IOException: No subject alternative DNS name matching [...] found` when trying to access the Pebble server. -If you cannot create a correct end-entity certificate on your Pebble server, you could also disable host name verification on Java side: `-Djdk.internal.httpclient.disableHostnameVerification` +If you cannot create a correct end-entity certificate on your Pebble server, you could also globally disable host name verification on Java side: `-Djdk.internal.httpclient.disableHostnameVerification` !!! warning **Disable hostname verification for testing purposes only, never in a production environment!** Create a correct end-entity certificate whenever possible. diff --git a/src/doc/docs/ca/zerossl.md b/src/doc/docs/ca/zerossl.md index a1ff523a..948b941f 100644 --- a/src/doc/docs/ca/zerossl.md +++ b/src/doc/docs/ca/zerossl.md @@ -2,7 +2,7 @@ Website: [ZeroSSL](https://zerossl.com) -Available since acme4j 3.2.0 +Available since acme4j 3.2.0. **This provider is experimental!** ## Connection URIs