From 6718c18bd277dcc74f61d451a9febcf3b6ac631e Mon Sep 17 00:00:00 2001
From: surfict <allexandre@itis.swiss>
Date: Mon, 24 Jun 2024 11:54:01 +0200
Subject: [PATCH 1/3] Add caddy unauthorized ACME challenges problem to README

---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index 2152b2ac..bdfb6ef1 100644
--- a/readme.md
+++ b/readme.md
@@ -824,3 +824,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
 1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
+
+
+### Securing Your Caddy Instance from Unauthorized ACME Challenges
+(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy, which handles automatic SSL certificate generation, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
\ No newline at end of file

From 7dde233bff79e8552de872068c7bed4fce8fa1f0 Mon Sep 17 00:00:00 2001
From: surfict <allexandre@itis.swiss>
Date: Mon, 24 Jun 2024 12:19:19 +0200
Subject: [PATCH 2/3] Remove blank line

---
 readme.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/readme.md b/readme.md
index bdfb6ef1..86fdbc39 100644
--- a/readme.md
+++ b/readme.md
@@ -825,6 +825,5 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
 
-
 ### Securing Your Caddy Instance from Unauthorized ACME Challenges
 (By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy, which handles automatic SSL certificate generation, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
\ No newline at end of file

From e4b40ae56b9252bb9e23039a9335fdc2dac9a731 Mon Sep 17 00:00:00 2001
From: Surfict <allexandre@itis.swiss>
Date: Mon, 24 Jun 2024 12:55:30 +0200
Subject: [PATCH 3/3] Update readme.md

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Surfict <allexandre@itis.swiss>
---
 readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.md b/readme.md
index 86fdbc39..088e0eae 100644
--- a/readme.md
+++ b/readme.md
@@ -825,5 +825,5 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
 
-### Securing Your Caddy Instance from Unauthorized ACME Challenges
-(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy, which handles automatic SSL certificate generation, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
\ No newline at end of file
+### Securing the AIO interface from unauthorized ACME challenges
+(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy that runs inside the mastercontainer, which handles automatic SSL certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
\ No newline at end of file