From fae5a188e480fbebd5a30b5a52fe57ddc2b18eef Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 26 Jul 2020 09:58:50 +0300
Subject: doc: allow plain HTTP for things other then LE, but be explicit

---
 ewww.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ewww.md b/ewww.md
index cfc4ac1..c2a5277 100644
--- a/ewww.md
+++ b/ewww.md
@@ -25,8 +25,9 @@ expressed as _scenarios_ in the acceptance criteria chapter.
   on my Thinkpad T480 laptop. A self-signed certificate is OK.
 * Fast, time from starting server to having served first HTTPS request
   should be at most 100 ms.
-* Serves only HTTPS, except what Let's Encrypt needs to be served over
-  plain HTTP.
+* Serves only HTTPS, except what needs to be served over plain HTTP,
+  e.g., for Let's Encrypt certificate validation. Any plain HTTP
+  access must be explicitly allowed.
 
 I don't need flexibility, and I don't want to configure anything
 that's not essential for this. Hardcoded assumptions are A-OK, if my
-- 
cgit v1.2.1