Skip to content

Commit 21d0f9c

Browse files
Merge pull request #61 from webprofusion/copilot/review-text-for-typos
docs: fix typos, grammar, punctuation, and two factual errors
2 parents c9445d8 + e4f0be5 commit 21d0f9c

32 files changed

Lines changed: 71 additions & 72 deletions

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ $ npm install
1717
$ npm start
1818
```
1919

20-
This command starts a local development server and open up a browser window. Most changes are reflected live without having to restart the server.
20+
This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
2121

2222
### Build
2323

blog/2024-12-08-acme-clients.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ Certify The Web is a comprehensive ACME client designed for Windows. It provides
9999

100100
#### Cons
101101
- Currently limited to Windows environments, but a new web based Certify Management Hub app will be available soon.
102-
- Command line options are more limited that other command line native apps
102+
- Command line options are more limited than other command line native apps
103103

104104
## Conclusion
105105

blog/2025-01-17-acme-profiles.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,11 @@ image: https://certifytheweb.com/images/management/summary.png
88
hide_table_of_contents: false
99
---
1010

11-
We have implement support for the ACME Profiles extension, a new feature designed to enhance the Automated Certificate Management Environment (ACME) protocol. This extension allows ACME Servers to offer a selection of different certificate profiles to ACME Clients, making it easier for clients to request the specific type of certificate they need.
11+
We have implemented support for the ACME Profiles extension, a new feature designed to enhance the Automated Certificate Management Environment (ACME) protocol. This extension allows ACME Servers to offer a selection of different certificate profiles to ACME Clients, making it easier for clients to request the specific type of certificate they need.
1212

1313
<!-- truncate -->
1414

15-
ACME Profiles are a new proposed extension to the ACME standard allows CAs to offer certificates with different features depending on user preferences.
15+
ACME Profiles are a new proposed extension to the ACME standard that allows CAs to offer certificates with different features depending on user preferences.
1616

1717
https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/
1818

@@ -38,7 +38,7 @@ ACME Servers that support profiles will include a new `profiles` field in their
3838
### Client Requests
3939
When creating a new Order, clients can specify the desired profile in the `profile` field of the Order object. The server will then issue a certificate that matches the selected profile.
4040

41-
In **Certify Certificate Manager** and **Certify Management Hub** this will be available as an option under under *Certificate > Advanced > Certificate Authority*.
41+
In **Certify Certificate Manager** and **Certify Management Hub** this will be available as an option under *Certificate > Advanced > Certificate Authority*.
4242

4343
## Current Implementations
4444
Let's Encrypt's Boulder ACME Server software fully implements the ACME Profiles extension. Although profiles are not yet configured in Let's Encrypt's Production and Staging environments, the Pebble ACME Server testbed also supports this extension.

docs/backgroundservice.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ title: Background Service
55

66
In order to perform certificate requests and automatic renewals we install a background service called "Certify.Service" or "Certify.Server.Core" (the full title is either `Certify Certificate Manager Service` or `Certify Management Agent` for v7 onwards).
77

8-
This service is installed to run as Local System and requires that the Local System account has the necessary privileges to administer IIS (if required) and the computers certificate store, as well as writing to the C:\ProgramData\Certify folder for configuration information. For more information on security and required permissions see [security](guides/security.md)
8+
This service is installed to run as Local System and requires that the Local System account has the necessary privileges to administer IIS (if required) and the computers certificate store, as well as writing to the C:\ProgramData\Certify folder for configuration information. For more information on security and required permissions see [security](guides/security.md).
99

1010
To check the log for this service, review `C:\ProgramData\Certify\logs\service.exceptions.log`.
1111

@@ -57,7 +57,7 @@ Invoke-RestMethod -Uri http://localhost:9696/api/system/appversion -UseDefaultCr
5757

5858
### Other Considerations for 'Service Not Started..'
5959

60-
To operate properly the background service needs to be able to register an http listener for it's API server via http.sys, for that to work the IP address the service tries to use must be enabled as an http listen address and in some versions of windows the Http kernel service may not be enabled and you will need to enable it.
60+
To operate properly the background service needs to be able to register an http listener for its API server via http.sys, for that to work the IP address the service tries to use must be enabled as an http listen address and in some versions of windows the Http kernel service may not be enabled and you will need to enable it.
6161

6262

6363
#### Enable http listener IP address
@@ -121,7 +121,7 @@ SERVICE_NAME: http
121121
122122
```
123123

124-
If the state is not `RUNNING` use the following command the enable the service on demand:
124+
If the state is not `RUNNING` use the following command to enable the service on demand:
125125

126126
```bat
127127
sc config http start= demand
@@ -139,7 +139,7 @@ Once completed, restart the Certify background service from local services, then
139139

140140
## Managed Items Database
141141

142-
The data store for the managed certificates database is the C:\ProgramData\Certify\manageditems.db SQLite database. This stores your renewal configuration data (not certificates). This is an sqlite3 format database files.
142+
The data store for the managed certificates database is the C:\ProgramData\Certify\manageditems.db SQLite database. This stores your renewal configuration data (not certificates). This is an sqlite3 format database file.
143143

144144
You should include C:\ProgramData\Certify\ in your normal backup procedures, otherwise if you lose this configuration or it is corrupted you may need to add all of your managed certificates again. **To guard against database corruption you should add an exclusion to your anti-virus software to avoid sharing conflicts.**
145145

docs/certificate-process.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ Use this guide when you are creating a new managed certificate and want to under
99
When you install Certify you will be prompted to register with the [Certificate Authority](guides/certificate-authorities.md) who will validate your domains and issue your [certificates](guides/certificates.md) (e.g. Let's Encrypt). You should provide a real email address, otherwise they can't contact you if there is a problem with your certificate.
1010

1111
:::tip Quick Start
12-
If you are requesting a certificate for an IIS website with existing http/https domain hostname bindings it's possible to just install the app on the web server, click **New Certificate**, selected your IIS Website and confirm your domains, then click **Request Certificate** to automatically validate your domain(s), fetch the certificate and auto-apply it. You can then access your website via https. Your certificate will automatically renew using the same process.
12+
If you are requesting a certificate for an IIS website with existing http/https domain hostname bindings it's possible to just install the app on the web server, click **New Certificate**, select your IIS Website and confirm your domains, then click **Request Certificate** to automatically validate your domain(s), fetch the certificate and auto-apply it. You can then access your website via https. Your certificate will automatically renew using the same process.
1313
:::
1414

1515
## What is an ACME client?
@@ -63,7 +63,7 @@ Note that for FTP site bindings you need to select "Single Site" instead.
6363
##### Deployment Tasks and Advanced Usage
6464
In addition to the Auto Deployment options, you can also make use of a variety of pre-built [Deployment Tasks](deployment/tasks_intro.md) for local or remote deployment. You can also use scripting tasks to work with your certificate using your own custom scripting.
6565

66-
Deployment Tasks can be used used for common certificate tasks such as deploying to Microsoft Exchange, updating a certificate in a secrets vault (such as Azure Key Vault), deploying to a [CCS share](deployment/tasks/ccs.md) or converting the certificate into different file types.
66+
Deployment Tasks can be used for common certificate tasks such as deploying to Microsoft Exchange, updating a certificate in a secrets vault (such as Azure Key Vault), deploying to a [CCS share](deployment/tasks/ccs.md) or converting the certificate into different file types.
6767

6868
### 4. Preview
6969
Using the *Preview* tab you can see a detailed summary of how your Managed Certificate is configured and what actions the app will plan to take next, including how the new certificate will be deployed.

docs/commandline.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ id: commandline
33
title: Command Line (CLI)
44
---
55

6-
A set of command line are available using the tool _certify.exe_ which is found in the installation directory. The commands must be performed using an elevated administrators account.
6+
A set of command line tools are available using the tool _certify.exe_ which is found in the installation directory. The commands must be performed using an elevated administrators account.
77

88
:::tip
99
Most users do not need to use the command line options at all. By default all certificate renewals are taken care of automatically by the Certify background service.
@@ -47,7 +47,7 @@ You can use the `acmeaccount add` command to add/create a new ACME account regis
4747

4848
- `certify deploy "<managed cert id>" "<task id>"` : perform a specific deployment task for the given managed certificate. See the Manual trigger mode for deployment tasks.
4949

50-
### Adding or Remove Managed Certificates
50+
### Adding or Removing Managed Certificates
5151

5252
- `certify importcsv` : import managed certificates from a CSV file. See [CSV Import](csv-import.md) for more details
5353

docs/deployment/tasks/apache.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ For older versions of Apache you may need to specify the **CA Chain** file separ
4747
- Point *SSLCertificateFile* at your **Leaf Certificate** file.
4848

4949
### Restarting Apache
50-
For your changes to take effect you will need to restart Apache. You can do this by adding a *Stop, Start or Restart a Service" task after your *Deploy to Apache* task.
50+
For your changes to take effect you will need to restart Apache. You can do this by adding a "Stop, Start or Restart a Service" task after your *Deploy to Apache* task.
5151

5252
### CA Preferred Chain
5353
Some CAs offer alternative certificate chains for compatibility. Let's Encrypt offers both a *DST Root CA X3* chain (expired) and a newer *ISRG Root X1* chain. v6.x onwards of the app defaults to the newer chain for LE. If you need to use the older chain (e.g. for old Android compatibility) you can do so by setting the *Preferred Chain* option under *Certificate > Advanced > Certificate Authority - Preferred Chain* to *DST Root CA X3* and re-requesting your certificate.

docs/deployment/tasks/exchange.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ In the app, running on the same server where Exchange is installed:
3939

4040
Other topics to consider include selecting between different Certificate Authorities, Private Key types and PFX password protection. These options are all configured under *Advanced*.
4141

42-
## Deploying Your Certificate to Exchanges Services
42+
## Deploying Your Certificate to Exchange Services
4343
Once you have your certificate you can automate deploying it to your Exchange services.
4444

4545
:::info
@@ -61,13 +61,13 @@ For complex or customised deployments you may wish to use a [custom deployment s
6161
It's possible to continue to apply the certificate manually using the standard Exchange Admin Center features, however this is not recommended because certificates typically renew frequently (e.g. within 90 days) and you would need to remember to repeat the process each time. You should instead use automation to ensure your certificates are always up to date.
6262

6363
## Renewal Failures
64-
Certificate can fail to renew for a number of reasons, including:
64+
Certificates can fail to renew for a number of reasons, including:
6565
- Changes to your infrastructure (e.g. firewall changes, DNS changes)
6666
- Temporary issues with your CA
6767

6868
**The app will recover from temporary issues automatically**, however if you have made changes to your infrastructure you may need to update your managed certificate settings to reflect the new configuration. You can force a certificate renewal attempt by selecting *Request Certificate*.
6969

70-
By default, **if your certificate renewal fails repeatedly, you will receive an email notification**. This email is trigger by the default status reporting to our API, which in turn sends an email via SendGrid if multiple failures have been detected. The email address used is the one you specified when you first setup your CA account in the application (under Settings > Certificate Authorities). You can also check the *Certify Certificate Manager* app or the https://certifytheweb.com dashboard (if enabled) for the status of your managed certificates.
70+
By default, **if your certificate renewal fails repeatedly, you will receive an email notification**. This email is triggered by the default status reporting to our API, which in turn sends an email via SendGrid if multiple failures have been detected. The email address used is the one you specified when you first setup your CA account in the application (under Settings > Certificate Authorities). You can also check the *Certify Certificate Manager* app or the https://certifytheweb.com dashboard (if enabled) for the status of your managed certificates.
7171

7272
If you don't understand why a renewal has suddenly failed it's best not to start changing settings if you are unsure, instead please [contact us for support](../../support.md) if you are a licensed user, or post a question on our [community forum](https://community.certifytheweb.com), ideally including your managed certificate log file, at the least we need your real domain name(s) in order to diagnose common renewal failures.
7373

@@ -77,13 +77,13 @@ Typical troubleshoot steps include checking your firewall (if using http validat
7777
Things to consider when administering certificates for exchange and IIS:
7878

7979
### Things to avoid
80-
- Never delete a certificate from the certificate store while it is still in use by a service, this will break the service and you will need to re-assign a new certificate to the service. *Certify Certificate Manager* will maintain it's own certificates in the store and by default will remove them when they are definitely no longer required.
80+
- Never delete a certificate from the certificate store while it is still in use by a service, this will break the service and you will need to re-assign a new certificate to the service. *Certify Certificate Manager* will maintain its own certificates in the store and by default will remove them when they are definitely no longer required.
8181
- Never revoke a certificate unless the private key has been compromised. Revoking a certificate will break any services using that certificate and is almost never required.
8282

8383
### Only use valid fully qualified domain names (or valid wildcard names)
8484
Certificates need to be issued for valid fully qualified names or wildcards. A certificate can cover multiple hostnames or subdomains and can also be wildcards that cover all subdomains of a domain e.g. `*.contoso.com` would cover `mail.contoso.com` and `autodiscover.contoso.com` but not `mail.contoso.com.au` or `mail.contoso.local`.
8585

86-
If your exchange services and connections are configured to use local or intranet names like `localhost` or `mail.contoso.local` then the service will not have a valid TLS connection to the server and will not be able to use the certificate, this is because the name is not included in the certificate your are trying to use. You will need to ensure that all services and connections use valid hostnames which match your certificate(s).
86+
If your exchange services and connections are configured to use local or intranet names like `localhost` or `mail.contoso.local` then the service will not have a valid TLS connection to the server and will not be able to use the certificate, this is because the name is not included in the certificate you are trying to use. You will need to ensure that all services and connections use valid hostnames which match your certificate(s).
8787

8888
### IP Address Bindings vs SNI Hostname Bindings
8989
If you manually create an https "binding" (the configuration of an IP address or hostname + socket + certificate) then you should enable SNI (Server Name Indication), set a hostname and avoid using specific IP addresses, instead use `All Unassigned` or `*` in IIS etc. This maps to the catch-all address `0.0.0.0` and matches the binding to all network interfaces.
@@ -97,7 +97,7 @@ Some other clients to consider for very specific tasks include [Posh-ACME (Power
9797

9898
## Other resources
9999

100-
Details of the general processes begin importing and installing a certificate for Exchange can be found here:
100+
Details of the general processes for importing and installing a certificate for Exchange can be found here:
101101

102102
https://learn.microsoft.com/en-us/exchange/architecture/client-access/import-certificates?view=exchserver-2019
103103

docs/deployment/tasks/nginx.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ In a typical nginx config you would only need to specify the **Full Chain** and
3232
- Point *ssl_certificate* at your **Full Chain** file
3333

3434
### Restarting nginx
35-
For your changes to take effect you will need to restart Nginx. You can do this by adding a *Stop, Start or Restart a Service" task after your *Deploy to nginx* task.
35+
For your changes to take effect you will need to restart Nginx. You can do this by adding a "Stop, Start or Restart a Service" task after your *Deploy to nginx* task.
3636

3737
### CA Preferred Chain
3838
Some CAs offer alternative certificate chains for compatibility. Let's Encrypt offers both a *DST Root CA X3* chain (expired) and a newer *ISRG Root X1* chain. *Certify Certificate Manager* v6.x onwards defaults to the newer chain. If you need to use the older chain (e.g. for old Android compatibility) you can do so by setting the *Preferred Chain* option under *Certificate > Advanced > Certificate Authority - Preferred Chain* to *DST Root CA X3* and re-requesting your certificate.

0 commit comments

Comments
 (0)