From e2826c1c67bab707f0b824000e9e95df9439e641 Mon Sep 17 00:00:00 2001
From: Kapil Agrawal <7047165+netops2devops@users.noreply.github.com>
Date: Thu, 16 Apr 2026 19:31:05 -0500
Subject: [PATCH] github pages with Hugo static site docs

---
 docs/content/_index.md  |  6 ++++--
 docs/public/index.html  | 27 ++++++++++++++++-----------
 docs/public/sitemap.xml |  2 +-
 3 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/docs/content/_index.md b/docs/content/_index.md
index abc5076..f253f08 100644
--- a/docs/content/_index.md
+++ b/docs/content/_index.md
@@ -6,7 +6,9 @@ title = 'ACME Proxy'
 
 `acme-proxy` is a standalone ACME server built on [step-ca](https://github.com/smallstep/certificates) that operates in [registration authority (RA)](https://smallstep.com/docs/registration-authorities/) mode. It runs as a standalone server inside your enterprise environment, acting as an intermediary between your internal infrastructure and an external certificate authority service (such as Sectigo). It accepts certificate orders and validates certificate requests using the ACME protocol (RFC 8555), but does **NOT** sign certificates or store private keys.
 
-**Certificate Request Flow:**
+{{< image src="/assets/highlevel-flow.png" alt="sequence" >}}
+
+# Certificate Request Flow
 
 1. Your internal server (behind a firewall perimeter) requests a certificate from `acme-proxy` using standard ACME clients like certbot, acme.sh or cert-manager.io if you're using Kubernetes.
 2. `acme-proxy` presents cryptographic challenges to verify domain ownership
@@ -14,4 +16,4 @@ title = 'ACME Proxy'
 4. The external CA signs the certificate
 5. `acme-proxy` retrieves the certificate bundle and returns it to your server
 
-{{< image src="../assets/highlevel-flow.png" alt="sequence" >}}
+{{< image src="/assets/sequence.png" alt="sequence" >}}
diff --git a/docs/public/index.html b/docs/public/index.html
index c424685..4377b22 100644
--- a/docs/public/index.html
+++ b/docs/public/index.html
@@ -10,23 +10,22 @@
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <meta name="description" content="What is ACME Proxy?# acme-proxy is a standalone ACME server built on step-ca that operates in registration authority (RA) mode. It runs as a standalone server inside your enterprise environment, acting as an intermediary between your internal infrastructure and an external certificate authority service (such as Sectigo). It accepts certificate orders and validates certificate requests using the ACME protocol (RFC 8555), but does NOT sign certificates or store private keys.
-Certificate Request Flow:
-">
+Certificate Request Flow# Your internal server (behind a firewall perimeter) requests a certificate from acme-proxy using standard ACME clients like certbot, acme.sh or cert-manager.io if you’re using Kubernetes. acme-proxy presents cryptographic challenges to verify domain ownership Once validation succeeds, acme-proxy forwards the certificate signing request to your external CA using External Account Binding (EAB) The external CA signs the certificate acme-proxy retrieves the certificate bundle and returns it to your server ">
 <meta name="theme-color" media="(prefers-color-scheme: light)" content="#ffffff">
 <meta name="theme-color" media="(prefers-color-scheme: dark)" content="#2e3440">
 <meta name="color-scheme" content="light dark"><meta property="og:url" content="http://localhost:1313/">
   <meta property="og:site_name" content="ACME Proxy">
   <meta property="og:title" content="ACME Proxy">
   <meta property="og:description" content="What is ACME Proxy?# acme-proxy is a standalone ACME server built on step-ca that operates in registration authority (RA) mode. It runs as a standalone server inside your enterprise environment, acting as an intermediary between your internal infrastructure and an external certificate authority service (such as Sectigo). It accepts certificate orders and validates certificate requests using the ACME protocol (RFC 8555), but does NOT sign certificates or store private keys.
-Certificate Request Flow:">
+Certificate Request Flow# Your internal server (behind a firewall perimeter) requests a certificate from acme-proxy using standard ACME clients like certbot, acme.sh or cert-manager.io if you’re using Kubernetes. acme-proxy presents cryptographic challenges to verify domain ownership Once validation succeeds, acme-proxy forwards the certificate signing request to your external CA using External Account Binding (EAB) The external CA signs the certificate acme-proxy retrieves the certificate bundle and returns it to your server">
   <meta property="og:locale" content="en">
   <meta property="og:type" content="website">
 
 
   <meta itemprop="name" content="ACME Proxy">
   <meta itemprop="description" content="What is ACME Proxy?# acme-proxy is a standalone ACME server built on step-ca that operates in registration authority (RA) mode. It runs as a standalone server inside your enterprise environment, acting as an intermediary between your internal infrastructure and an external certificate authority service (such as Sectigo). It accepts certificate orders and validates certificate requests using the ACME protocol (RFC 8555), but does NOT sign certificates or store private keys.
-Certificate Request Flow:">
-  <meta itemprop="dateModified" content="2026-04-12T20:08:41-05:00">
+Certificate Request Flow# Your internal server (behind a firewall perimeter) requests a certificate from acme-proxy using standard ACME clients like certbot, acme.sh or cert-manager.io if you’re using Kubernetes. acme-proxy presents cryptographic challenges to verify domain ownership Once validation succeeds, acme-proxy forwards the certificate signing request to your external CA using External Account Binding (EAB) The external CA signs the certificate acme-proxy retrieves the certificate bundle and returns it to your server">
+  <meta itemprop="dateModified" content="2026-04-16T18:55:01-05:00">
   <meta itemprop="wordCount" content="141">
 
 <title>ACME Proxy | ACME Proxy</title>
@@ -228,6 +227,7 @@ <h3>ACME Proxy</h3>
 <nav id="TableOfContents">
   <ul>
     <li><a href="#what-is-acme-proxy">What is ACME Proxy?</a></li>
+    <li><a href="#certificate-request-flow">Certificate Request Flow</a></li>
   </ul>
 </nav>
 
@@ -242,7 +242,11 @@ <h3>ACME Proxy</h3>
       
   <article class="markdown book-article"><h1 id="what-is-acme-proxy">What is ACME Proxy?<a class="anchor" href="#what-is-acme-proxy">#</a></h1>
 <p><code>acme-proxy</code> is a standalone ACME server built on <a href="https://github.com/smallstep/certificates">step-ca</a> that operates in <a href="https://smallstep.com/docs/registration-authorities/">registration authority (RA)</a> mode. It runs as a standalone server inside your enterprise environment, acting as an intermediary between your internal infrastructure and an external certificate authority service (such as Sectigo). It accepts certificate orders and validates certificate requests using the ACME protocol (RFC 8555), but does <strong>NOT</strong> sign certificates or store private keys.</p>
-<p><strong>Certificate Request Flow:</strong></p>
+<label class="book-image" for="book-image-toggle-0">
+  <input class="hidden toggle" type="checkbox" id="book-image-toggle-0" />
+  <img src="/highlevel-flow.png" alt="sequence" />
+</label>
+<h1 id="certificate-request-flow">Certificate Request Flow<a class="anchor" href="#certificate-request-flow">#</a></h1>
 <ol>
 <li>Your internal server (behind a firewall perimeter) requests a certificate from <code>acme-proxy</code> using standard ACME clients like certbot, acme.sh or cert-manager.io if you&rsquo;re using Kubernetes.</li>
 <li><code>acme-proxy</code> presents cryptographic challenges to verify domain ownership</li>
@@ -250,9 +254,9 @@ <h3>ACME Proxy</h3>
 <li>The external CA signs the certificate</li>
 <li><code>acme-proxy</code> retrieves the certificate bundle and returns it to your server</li>
 </ol>
-<label class="book-image" for="book-image-toggle-0">
-  <input class="hidden toggle" type="checkbox" id="book-image-toggle-0" />
-  <img src="/../assets/highlevel-flow.png" alt="sequence" />
+<label class="book-image" for="book-image-toggle-1">
+  <input class="hidden toggle" type="checkbox" id="book-image-toggle-1" />
+  <img src="/sequence.png" alt="sequence" />
 </label>
 </article>
  
@@ -263,9 +267,9 @@ <h3>ACME Proxy</h3>
   <div class="flex flex-wrap justify-between">
 
 <div>
-<a class="flex align-center" href="https://github.com/esnet/acme-proxy/commit/bddb8b9e27907357bb040d99257d2cae683cb5bb" title='Last modified by Kapil Agrawal | April 12, 2026' target="_blank" rel="noopener">
+<a class="flex align-center" href="https://github.com/esnet/acme-proxy/commit/ffeaecc1fb1831d12b2115670320f03bf7692f71" title='Last modified by Kapil Agrawal | April 16, 2026' target="_blank" rel="noopener">
     <img src="/icons/calendar.svg" class="book-icon" alt="Calendar" />
-    <span>April 12, 2026</span>
+    <span>April 16, 2026</span>
   </a>
 
 </div>
@@ -318,6 +322,7 @@ <h3>ACME Proxy</h3>
 <nav id="TableOfContents">
   <ul>
     <li><a href="#what-is-acme-proxy">What is ACME Proxy?</a></li>
+    <li><a href="#certificate-request-flow">Certificate Request Flow</a></li>
   </ul>
 </nav>
 
diff --git a/docs/public/sitemap.xml b/docs/public/sitemap.xml
index 5b41bd5..cee2b3d 100644
--- a/docs/public/sitemap.xml
+++ b/docs/public/sitemap.xml
@@ -21,7 +21,7 @@
     <lastmod>2026-04-12T20:08:41-05:00</lastmod>
   </url><url>
     <loc>http://localhost:1313/</loc>
-    <lastmod>2026-04-12T20:08:41-05:00</lastmod>
+    <lastmod>2026-04-16T18:55:01-05:00</lastmod>
   </url><url>
     <loc>http://localhost:1313/categories/</loc>
   </url><url>