diff --git a/doc/guix.texi b/doc/guix.texi index 39d4b865f6..55935b3794 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -20302,7 +20302,9 @@ all domains will be Subject Alternative Names on the certificate. The challenge type that has to be run by certbot. If @code{#f} is specified, default to the HTTP challenge. If a value is specified, defaults to the manual plugin (see @code{authentication-hook}, @code{cleanup-hook} and -the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}). +the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}), +and gives Let's Encrypt permission to log the public IP address of the +requesting machine. @item @code{authentication-hook} (default: @code{#f}) Command to be run in a shell once for each certificate challenge to be diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index ae34ad17bb..0d3be03383 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -99,6 +99,7 @@ (define certbot-command "--manual" (string-append "--preferred-challenges=" challenge) "--cert-name" name + "--manual-public-ip-logging-ok" "-d" (string-join domains ",")) (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '()) (if authentication-hook