From 725adaacbe115a83bafc44d530a6d60f133b9037 Mon Sep 17 00:00:00 2001
From: glenda <glenda@9front.local>
Date: Sun, 24 Jan 2021 20:54:08 +0000
Subject: Update let's encrypt notes

---
 sites/pmikkelsen.com/plan9/lets_encrypt.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'sites')

diff --git a/sites/pmikkelsen.com/plan9/lets_encrypt.md b/sites/pmikkelsen.com/plan9/lets_encrypt.md
index 082485c..30873fe 100644
--- a/sites/pmikkelsen.com/plan9/lets_encrypt.md
+++ b/sites/pmikkelsen.com/plan9/lets_encrypt.md
@@ -31,7 +31,7 @@ Add the following to `/cfg/$sysname/cpurc` to load the private key on boot.
 
 	cat /sys/lib/tls/key >> /mnt/factotum/ctl
 
-Done.
+Done. The key can also be stored in secstore if that is setup, so it doesn't lay unencryped on the disk.
 
 ## SMTP over TLS
 
@@ -53,8 +53,8 @@ I have the following in `/bin/service.auth/tcp443`
 	exec tlssrv -c /sys/lib/tls/cert -l /sys/log/https /bin/service/tcp80 $*
 
 Again, in the `/bin/service.auth` folder. It simply wraps the plain http service
-in a tls wrapper which looks like this for me
+in a tls wrapper. The plain tcp80 service looks like this for me
 
 	#!/bin/rc
 	PLAN9=/
-	exec /rc/bin/rc-httpd/rc-httpd >>[2]/sys/log/www
+	auth/none /rc/bin/rc-httpd/rc-httpd >>[2]/sys/log/www
-- 
cgit v1.2.3