Improved documentation

Signed-off-by: Cristian Le <[email protected]>

Author: LecrisUT

custom/conf/app.example.ini

@@ -187,8 +187,9 @@ RUN_MODE = ; prod
 ;; Leave empty to default to LetsEncrypt's (production) URL
 ;ACME_URL =
 ;;
-;; If using LetsEncrypt please read their TOS and manually change this setting to true
-;LETSENCRYPT_ACCEPTTOS = false
+;; Explicitly accept the ACME's TOS. The specific TOS cannot be retrieved at the moment.
+;; TODO: waiting on caddyserver/certmagic#165, after which this option should only be used if interactive setup is unavailable
+;ACME_ACCEPTTOS = false
 ;;
 ;; If the ACME CA is not in your system's CA trust chain, it can be manually added here
 ;ACME_CA_ROOT =

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -348,7 +348,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
       - "ecdhe_ecdsa_with_chacha20_poly1305" is alias for "ecdhe_ecdsa_with_chacha20_poly1305_sha256"
 - `ENABLE_ACME`: **false**: Flag to enable automatic certificate management via an ACME capable Certificate Authority (CA) server (default: Lets Encrypt). If enabled, `CERT_FILE` and `KEY_FILE` are ignored, and the CA must resolve `DOMAIN` to this gitea server. Ensure that DNS records are set and either port `80` or port `443` are accessible by the CA server (the public internet by default), and redirected to the appropriate ports `PORT_TO_REDIRECT` or `HTTP_PORT` respectively.
 - `ACME_URL`: **\<empty\>**: The CA's ACME directory URL, e.g. for a self-hosted [smallstep CA server](https://github.com/smallstep/certificates), it can look like `https://ca.example.com/acme/acme/directory`. If left empty, it defaults to using Let's Encerypt's production CA (check `LETSENCRYPT_ACCEPTTOS` as well).
-- `LETSENCRYPT_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service for Let's Encrypt. By using Lets Encrypt **you must consent** to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
+- `ACME_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service of the ACME provider. The default is Lets Encrypt [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
 - `ACME_DIRECTORY`: **https**: Directory that the certificate manager will use to cache information such as certs and private keys.
 - `ACME_EMAIL`: **\<empty\>**: Email used for the ACME registration. Usually it is to notify about problems with issued certificates.
 - `ACME_CA_ROOT`: **\<empty\>**: The CA's root certificate. If left empty, it defaults to using the system's trust chain.

docs/content/doc/usage/https-support.md

@@ -57,26 +57,27 @@ If you are using Docker, make sure that this port is configured in your `docker-
 
 ## Using ACME (Default: Let's Encrypt)
 
-[ACME](https://tools.ietf.org/html/rfc8555) is a Certificate Authority standard protocol that allows you to automatically request and renew SSL/TLS certificates. [Let's Encrypt](https://letsencrypt.org/) is a free publicly trusted Certificate Authority server using this standard. Only `HTTP-01` and `TLS-ALPN-01` challenges are implemented. In order for ACME challenges to pass and verify your domain ownership, external traffic to the gitea domain on port `80` (`HTTP-01`) or port `443` (`TLS-ALPN-01`) has to be served by the gitea instance. Setting up [HTTP redirection](#setting-up-http-redirection) and port-forwards might be needed for external traffic to route correctly. Normal traffic to port `80` will otherwise be automatically redirected to HTTPS.
+[ACME](https://tools.ietf.org/html/rfc8555) is a Certificate Authority standard protocol that allows you to automatically request and renew SSL/TLS certificates. [Let's Encrypt](https://letsencrypt.org/) is a free publicly trusted Certificate Authority server using this standard. Only `HTTP-01` and `TLS-ALPN-01` challenges are implemented. In order for ACME challenges to pass and verify your domain ownership, external traffic to the gitea domain on port `80` (`HTTP-01`) or port `443` (`TLS-ALPN-01`) has to be served by the gitea instance. Setting up [HTTP redirection](#setting-up-http-redirection) and port-forwards might be needed for external traffic to route correctly. Normal traffic to port `80` will otherwise be automatically redirected to HTTPS. **You must consent** to the ACME provider's terms of service (default Let's Encrypt's [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf)).
 
-If you are using the default Let's Encrypt **you must consent** to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf). Refer to the following configuration for the minimum setup:
+Minimum setup using the default Let's Encrypt:
 ```ini
 [server]
 PROTOCOL=https
 DOMAIN=git.example.com
 ENABLE_ACME=true
-LETSENCRYPT_ACCEPTTOS=true
+ACME_ACCEPTTOS=true
 ACME_DIRECTORY=https
 ;; Email can be omitted here and provided manually at first run, after which it is cached
 ACME_EMAIL[email protected]
 ```
 
-For generic ACME setup, you are responsible to adhere to the terms of service of the ACME server you are configuring for. The following is an example configuration using [smallstep CA](https://github.com/smallstep/certificates), refer to [their tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more information.
+Minimumg setup using a [smallstep CA](https://github.com/smallstep/certificates), refer to [their tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more information.
 ```ini
 [server]
 PROTOCOL=https
 DOMAIN=git.example.com
 ENABLE_ACME=true
+ACME_ACCEPTTOS=true
 ACME_URL=https://ca.example.com/acme/acme/directory
 ;; Can be omitted if using the system's trust is preferred
 ;ACME_CA_ROOT=/path/to/root_ca.crt