X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/8a27fe370239ecb8e50d53f46b45ed61203a35ca..0630e05d68440e421d622d1f26e956c65f3d9668:/doc/_includes/_ssl_config_single.liquid
diff --git a/doc/_includes/_ssl_config_single.liquid b/doc/_includes/_ssl_config_single.liquid
index 25b88de469..51668b34a6 100644
--- a/doc/_includes/_ssl_config_single.liquid
+++ b/doc/_includes/_ssl_config_single.liquid
@@ -21,7 +21,7 @@ In the default configuration, this installer uses self-signed certificate(s):
-When connecting to the Arvados web interface for the first time, you will need to accept the self-signed certificate as trusted to bypass the browser warnings. This can be a little tricky to do. Alternatively, you can also install the self-signed root certificate in your browser, see below.
+This works everywhere and does not require that you have a domain name. However, after installation, users will need to "install the self-signed root certificate in the browser.":#ca_root_certificate"
h3(#lets-encrypt). Using a Let's Encrypt certificate
@@ -32,7 +32,7 @@ To automatically get a valid certificate via Let's Encrypt, change the configura
-The hostname for your Arvados cluster must be defined in @HOSTNAME_EXT@ and resolve to the public IP address of your Arvados instance, so that Let's Encrypt can validate the domainname ownership and issue the certificate.
+This requires that you have a "real" hostname that you control. The hostname for your Arvados cluster must be defined in @HOSTNAME_EXT@ and resolve to the public IP address of your Arvados instance, so that Let's Encrypt can validate the domainname ownership and issue the certificate.
When using AWS, EC2 instances can have a default hostname that ends with amazonaws.com. Let's Encrypt has a blacklist of domain names for which it will not issue certificates, and that blacklist includes the amazonaws.com domain, which means the default hostname can not be used to get a certificate from Let's Encrypt.