diff --git a/docs/getting-started/examples.md b/docs/getting-started/examples.md index 9774c49..27d0061 100644 --- a/docs/getting-started/examples.md +++ b/docs/getting-started/examples.md @@ -32,7 +32,7 @@ cp .env.example .env # Edit with your domain and email docker compose up -d ``` -The full walkthrough — including how HTTP-01 challenges work, adding multiple domains, switching to staging for testing, and a production checklist — is in the [example README](../examples/acme-nginx/acme-nginx.md). +The full walkthrough — including how HTTP-01 challenges work, adding multiple domains, switching to staging for testing, and a production checklist — is in the [example README](../../examples/acme-nginx/acme-nginx.md). **Migrating from Certbot?** certctl discovers your existing `/etc/letsencrypt/live/` certificates automatically. You keep your ACME account, disable the Certbot cron, and certctl takes over renewal with centralized visibility and deployment verification. The step-by-step process is in [Migrating from Certbot](../migration/from-certbot.md). @@ -52,7 +52,7 @@ cp .env.example .env # Edit with domain, email, DNS provider credentials docker compose up -d ``` -The full walkthrough — including DNS-PERSIST-01 (set a TXT record once, never touch DNS again on renewals), adapting scripts for other providers, and propagation troubleshooting — is in the [example README](../examples/acme-wildcard-dns01/acme-wildcard-dns01.md). +The full walkthrough — including DNS-PERSIST-01 (set a TXT record once, never touch DNS again on renewals), adapting scripts for other providers, and propagation troubleshooting — is in the [example README](../../examples/acme-wildcard-dns01/acme-wildcard-dns01.md). **Migrating from acme.sh?** Your existing `dns_*` hook scripts are compatible with certctl's DNS-01 — they use the same pattern (shell scripts creating TXT records). The migration guide covers script adaptation, discovery of existing acme.sh certificates, and phasing out the acme.sh cron. See [Migrating from acme.sh](../migration/from-acmesh.md). @@ -71,7 +71,7 @@ cd examples/private-ca-traefik docker compose up -d # Self-signed mode (no .env needed for demo) ``` -The full walkthrough — including sub-CA setup with `CERTCTL_CA_CERT_PATH` and `CERTCTL_CA_KEY_PATH`, creating certificates via the API, monitoring deployments, and production hardening — is in the [example README](../examples/private-ca-traefik/private-ca-traefik.md). +The full walkthrough — including sub-CA setup with `CERTCTL_CA_CERT_PATH` and `CERTCTL_CA_KEY_PATH`, creating certificates via the API, monitoring deployments, and production hardening — is in the [example README](../../examples/private-ca-traefik/private-ca-traefik.md). --- @@ -88,7 +88,7 @@ cd examples/step-ca-haproxy docker compose up -d ``` -The full walkthrough — including step-ca provisioner configuration, integrating with an existing step-ca instance, HAProxy PEM format details, and advanced features (approval workflows, policy-based renewal, multi-instance HAProxy) — is in the [example README](../examples/step-ca-haproxy/step-ca-haproxy.md). +The full walkthrough — including step-ca provisioner configuration, integrating with an existing step-ca instance, HAProxy PEM format details, and advanced features (approval workflows, policy-based renewal, multi-instance HAProxy) — is in the [example README](../../examples/step-ca-haproxy/step-ca-haproxy.md). --- @@ -105,7 +105,7 @@ cd examples/multi-issuer docker compose up -d ``` -The full walkthrough — including profile-based issuer assignment, testing with ACME staging, Local CA enterprise sub-CA mode, and scaling beyond Docker Compose — is in the [example README](../examples/multi-issuer/multi-issuer.md). +The full walkthrough — including profile-based issuer assignment, testing with ACME staging, Local CA enterprise sub-CA mode, and scaling beyond Docker Compose — is in the [example README](../../examples/multi-issuer/multi-issuer.md). **Using cert-manager for Kubernetes?** certctl complements cert-manager — cert-manager handles in-cluster certs, certctl handles everything outside: VMs, bare metal, network appliances, Windows servers. They can share the same CA (ACME, step-ca, Vault PKI). See [certctl for cert-manager Users](../migration/cert-manager-coexistence.md). diff --git a/docs/getting-started/why-certctl.md b/docs/getting-started/why-certctl.md index 2e2b69f..9a5c688 100644 --- a/docs/getting-started/why-certctl.md +++ b/docs/getting-started/why-certctl.md @@ -117,7 +117,7 @@ cd certctl/deploy && docker compose up -d # Dashboard at https://localhost:8443 (self-signed cert — pin deploy/test/certs/ca.crt) ``` -See the [Quickstart Guide](quickstart.md) for a full walkthrough, or explore the [5 turnkey examples](../examples/) for specific scenarios (ACME+NGINX, wildcard DNS-01, private CA+Traefik, step-ca+HAProxy, multi-issuer). +See the [Quickstart Guide](quickstart.md) for a full walkthrough, or explore the [5 turnkey examples](../../examples/) for specific scenarios (ACME+NGINX, wildcard DNS-01, private CA+Traefik, step-ca+HAProxy, multi-issuer). ## License diff --git a/docs/migration/cert-manager-coexistence.md b/docs/migration/cert-manager-coexistence.md index 6136a48..459e53b 100644 --- a/docs/migration/cert-manager-coexistence.md +++ b/docs/migration/cert-manager-coexistence.md @@ -142,6 +142,6 @@ For now: cert-manager handles Kubernetes, certctl handles everything else. They ## Next Steps 1. Run through the [Quick Start](../getting-started/quickstart.md) for a 5-minute demo -2. Try the [Multi-Issuer example](../examples/multi-issuer/multi-issuer.md) — manages public and internal certs from one dashboard +2. Try the [Multi-Issuer example](../../examples/multi-issuer/multi-issuer.md) — manages public and internal certs from one dashboard 3. Explore [Architecture](../reference/architecture.md#agents) for deployment patterns 4. Check the [Helm Chart](../deploy/helm/certctl/) for production Kubernetes deployment diff --git a/docs/migration/from-acmesh.md b/docs/migration/from-acmesh.md index e5ba525..d6da43c 100644 --- a/docs/migration/from-acmesh.md +++ b/docs/migration/from-acmesh.md @@ -271,7 +271,7 @@ certctl automatically falls back to DNS-01 if the CA doesn't support dns-persist ## Next Steps -- Try the [Wildcard DNS-01 example](../examples/acme-wildcard-dns01/acme-wildcard-dns01.md) — a working docker-compose with Cloudflare hooks you can adapt for your DNS provider +- Try the [Wildcard DNS-01 example](../../examples/acme-wildcard-dns01/acme-wildcard-dns01.md) — a working docker-compose with Cloudflare hooks you can adapt for your DNS provider - See [Connector Reference](../reference/connectors/index.md) for advanced ACME options (EAB, ARI, custom timeouts) - See [Discovery Guide](concepts.md#certificate-discovery) for managing discovered certificates at scale - See all [Deployment Examples](../getting-started/examples.md) for other scenarios (ACME+NGINX, private CA, step-ca, multi-issuer) diff --git a/docs/migration/from-certbot.md b/docs/migration/from-certbot.md index a1d2f71..1300687 100644 --- a/docs/migration/from-certbot.md +++ b/docs/migration/from-certbot.md @@ -169,7 +169,7 @@ certctl will stop renewing that cert when the policy is disabled. Certbot resume ## Next Steps -- Try the [ACME + NGINX example](../examples/acme-nginx/acme-nginx.md) — a working docker-compose you can run locally before deploying to production +- Try the [ACME + NGINX example](../../examples/acme-nginx/acme-nginx.md) — a working docker-compose you can run locally before deploying to production - Review the [Concepts Guide](../getting-started/concepts.md) for terminology (profiles, policies, agents, jobs) - Explore [Network Discovery](../getting-started/quickstart.md#network-discovery-agentless) to find certificates you didn't know about - See all [Deployment Examples](../getting-started/examples.md) for other scenarios (wildcard DNS-01, private CA, step-ca, multi-issuer)