Merge branch 'main' of https://github.com/appwrite/docs

Author: TorstenDittmann

README.md

@@ -8,6 +8,7 @@ The official https://appwrite.io/docs documentation source code.
 
 ### Content Guidelines
 - Use proper title hierarchy (h1-h6) and valid HTML
+- All titles must follow the [Chicago style of headline capitalization](https://capitalizemytitle.com/style/Chicago/)
 - External links (not https://appwrite.io) should be opened in a new tab (`target="_blank"`)
 - External links should have an HTML attribute of `rel="noopener"`
 - All filenames should be dash-based and nested in a way that makes sense

app/views/docs/certificates.phtml

@@ -1,4 +1,4 @@
-<p>Appwrite uses Let&#39;sEncrypt to auto-generate TLS certificates for your Appwrite instance to ensure your API traffic is appropriately encrypted. For Appwrite to properly generate certificates, a few conditions need to be met.</p>
+<p>Appwrite uses Let's Encrypt to auto-generate TLS certificates for your Appwrite instance to ensure your API traffic is appropriately encrypted. For Appwrite to properly generate certificates, a few conditions need to be met.</p>
 
 <ol class="margin-top margin-bottom-large text-size-normal">
 	<li>You need to use a public-facing domain with a known TLD pointing to your Appwrite instance.</li>
@@ -9,12 +9,34 @@
 
 <h2>Debugging</h2>
 
-<p>In case you&#39;re still struggling with getting your certificate to work, check the Appwrite certificates worker log. You can do that with the following command:</p>
+<p>If you're still struggling with your certificates, check the Appwrite certificates worker log. You can do that with the following command:</p>
 
 <div class="ide margin-bottom" data-lang="bash" data-lang-label="Bash">
     <pre class="line-numbers"><code class="prism language-bash" data-prism>docker-compose logs appwrite-worker-certificates</code></pre>
 </div>
 
+<h2><a href="/docs/certificates#generationCycle" id="generationCycle">Generation Cycle</a></h2>
+
+<p>Appwrite auto-generates a certificate for your main domain when you first visit it. If your browser shows an insecure connection warning, you must proceed to trigger certificate generation. The domain in environment variable _APP_DOMAIN is considered your main domain. If you didn't set this variable, the first domain you visit would be marked as the main domain for your Appwrite instance. Appwrite follows this concept of the main domain to prevent generating certificates for domains you don't own. Keep in mind that you can always add additional domains as <b>Custom Domains</b> in your project settings to enable certificate generation for any domain.</p>
+
+<p>Certificate renewal is done as a part of the Appwrite maintenance task. Unless modified with environment variable _APP_MAINTENANCE_INTERVAL, this task runs every 24 hours. During this task, Appwrite looks for certificates due for renewal and renews them. One maintenance cycle only attempts to renew up to 200 certificates to respect the Let's Encrypt API limit. Every Let's Encrypt certificate is valid for 90 days, but Appwrite starts to renew them 30 days before the expiration.</p>
+
+<p>There are many reasons why certificate generation could fail, such as incorrect DNS settings, hitting Let's Encrypt API limit, or a failed HTTP ACME challenge. Every certificate generation failure is attempted again in the next renewal cycle, but only up to 5 attempts. If you need to run certificate generation for a domain beyond the attempts limit, you can use the manual generation method. </p>
+
+<h2><a href="/docs/certificates#manualGeneration" id="manualGeneration">Manual Generation</a></h2>
+
+<p>Since Appwrite generates and renews certificates automatically, a manual generation is seldom required. A manual generation can be useful when you hit the API limit and don't want to wait for the next maintenance cycle to renew the certificate. Use the following command to generate a certificate for your main domain:</p>
+
+<div class="ide margin-bottom" data-lang="bash" data-lang-label="Bash">
+    <pre class="line-numbers"><code class="prism language-bash" data-prism>docker-compose exec appwrite ssl</code></pre>
+</div>
+
+<p>If you want to generate a certificate for a specific domain, pass it as a parameter into the command:</p>
+
+<div class="ide margin-bottom" data-lang="bash" data-lang-label="Bash">
+    <pre class="line-numbers"><code class="prism language-bash" data-prism>docker-compose exec appwrite ssl domain="api.myapp.com"</code></pre>
+</div>
+
 <h2>Dev Environment and Localhosts</h2>
 
 <p>You can&#39;t issue a&nbsp;<a href="https://letsencrypt.org/docs/certificates-for-localhost/" target="_blank">signed certificate for localhost</a>. This is because nobody uniquely owns that hostname and not an Appwrite specific limitation, just the way the internet works. By default, Appwrite will issue a self-signed certificate that is good enough for development.</p>