diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 9f49b61..59005f7 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -17,3 +17,8 @@ repos:
         language: system
         pass_filenames: false
         types: [go]
+
+  -   repo: https://github.com/gitleaks/gitleaks
+      rev: v8.30.1
+      hooks:
+        - id: gitleaks
diff --git a/README.md b/README.md
index 1958b53..c53de03 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,17 @@
 
 ## How It Works
 
-When a client successfully completes an ACME challenge, `acme-proxy` forwards the certificate signing request to an external certificate authority (CA) that supports External Account Binding (EAB). The external CA signs the certificate and returns it to the client through `acme-proxy`.
+`acme-proxy` runs as an ACME server inside your enterprise environment, acting as an intermediary between your internal infrastructure and an external certificate authority service (such as Sectigo). When a client successfully completes an ACME challenge, `acme-proxy` forwards the certificate signing request to an external certificate authority (CA) that supports External Account Binding (EAB). The external CA signs the certificate and returns it to the client through `acme-proxy`.
+
+**Certificate Request Flow:**
+
+1. Your internal server (behind a firewall perimeter) requests a certificate from `acme-proxy` using standard ACME clients like certbot, acme.sh or cert-manager.io if you're using Kubernetes.
+2. `acme-proxy` presents cryptographic challenges to verify domain ownership
+3. Once validation succeeds, `acme-proxy` forwards the certificate signing request to your external CA using External Account Binding (EAB)
+4. The external CA signs the certificate
+5. `acme-proxy` retrieves the certificate bundle and returns it to your server
+
+![sequence diagram](docs/assets/highlevel-flow.png)
 
 **Note:** LetsEncrypt does not support EAB. However, commercial CAs such as Sectigo and ZeroSSL do.
 
@@ -40,20 +50,6 @@ Using ACME with commercial CAs in enterprise environments provides several advan
 - Leverage standard ACME clients (Certbot, acme.sh, cert-manager.io) for certificate issuance, automatic renewals.
 - Enable self-service certificate requests for development teams
 
-## ACME Proxy Workflow
-
-`acme-proxy` runs as an ACME server inside your enterprise environment, acting as an intermediary between your internal infrastructure and an external certificate authority service (such as Sectigo).
-
-**Certificate Request Flow:**
-
-1. Your internal server (behind a firewall perimeter) requests a certificate from `acme-proxy` using standard ACME clients like certbot, acme.sh or cert-manager.io if you're using Kubernetes.
-2. `acme-proxy` presents cryptographic challenges to verify domain ownership
-3. Once validation succeeds, `acme-proxy` forwards the certificate signing request to your external CA using External Account Binding (EAB)
-4. The external CA signs the certificate
-5. `acme-proxy` retrieves the certificate bundle and returns it to your server
-
-![sequence diagram](docs/sequence.png)
-
 ## Quick Start
 
 ```sh
@@ -118,7 +114,6 @@ The most important parts of the config are -
       "account_email": "",
       "eab_kid": "",
       "eab_hmac_key": "",
-      "certlifetime": 30,
       "metrics": {
         "enabled": true,
         "port": 9234,
diff --git a/docs/assets/highlevel-flow.png b/docs/assets/highlevel-flow.png
new file mode 100644
index 0000000..6528c56
Binary files /dev/null and b/docs/assets/highlevel-flow.png differ
diff --git a/docs/content/examples.md b/docs/content/examples.md
deleted file mode 100644
index 816dd8f..0000000
--- a/docs/content/examples.md
+++ /dev/null
@@ -1,5 +0,0 @@
-+++
-title = 'Examples'
-weight = 50
-BookToC = true
-+++
diff --git a/docs/content/troubleshoot.md b/docs/content/troubleshoot.md
new file mode 100644
index 0000000..d111324
--- /dev/null
+++ b/docs/content/troubleshoot.md
@@ -0,0 +1,5 @@
++++
+title = 'Troubleshoot'
+weight = 20
+BookToC = true
++++
diff --git a/docs/public/categories/index.html b/docs/public/categories/index.html
index b4b6753..ccbe32c 100644
--- a/docs/public/categories/index.html
+++ b/docs/public/categories/index.html
@@ -136,6 +136,8 @@ <h2 class="book-brand">
       
     
       
+    
+      
         <li>
           
   
@@ -165,8 +167,6 @@ <h2 class="book-brand">
     
       
     
-      
-    
   </ul>
 
 
diff --git a/docs/public/client/index.html b/docs/public/client/index.html
index 73dddc3..3fb58fa 100644
--- a/docs/public/client/index.html
+++ b/docs/public/client/index.html
@@ -22,12 +22,14 @@
 Table of Contents# Installing ACME Clients Account Registration Configuring Auto-Renewal via Systemd Log Management Installing ACME Clients# Certbot# Note: Certbot’s actively maintained distribution is via Snap. The .deb packages available in apt repositories are no longer maintained by the Certbot project and ship outdated versions.">
   <meta property="og:locale" content="en">
   <meta property="og:type" content="article">
+    <meta property="article:modified_time" content="2026-04-12T20:08:41-05:00">
 
 
   <meta itemprop="name" content="ACME Clients">
   <meta itemprop="description" content="ACME Clients# This guide covers installation and system-level configuration of ACME clients for use with acme-proxy. It is intended for system administrators deploying certificate automation on behalf of end users.
 For certificate issuance commands and per-scenario usage, see user.md.
 Table of Contents# Installing ACME Clients Account Registration Configuring Auto-Renewal via Systemd Log Management Installing ACME Clients# Certbot# Note: Certbot’s actively maintained distribution is via Snap. The .deb packages available in apt repositories are no longer maintained by the Certbot project and ship outdated versions.">
+  <meta itemprop="dateModified" content="2026-04-12T20:08:41-05:00">
   <meta itemprop="wordCount" content="843">
 
 <title>ACME Clients | ACME Proxy</title>
@@ -145,6 +147,8 @@ <h2 class="book-brand">
       
     
       
+    
+      
         <li>
           
   
@@ -174,8 +178,6 @@ <h2 class="book-brand">
     
       
     
-      
-    
   </ul>
 
 
@@ -478,6 +480,10 @@ <h2 id="log-management">Log Management<a class="anchor" href="#log-management">#
   <div class="flex flex-wrap justify-between">
 
 <div>
+<a class="flex align-center" href="https://github.com/esnet/acme-proxy/commit/bddb8b9e27907357bb040d99257d2cae683cb5bb" title='Last modified by Kapil Agrawal | April 12, 2026' target="_blank" rel="noopener">
+    <img src="/icons/calendar.svg" class="book-icon" alt="Calendar" />
+    <span>April 12, 2026</span>
+  </a>
 
 </div>
 
diff --git a/docs/public/firewall/index.html b/docs/public/firewall/index.html
index 78459fd..6e8e1f2 100644
--- a/docs/public/firewall/index.html
+++ b/docs/public/firewall/index.html
@@ -16,9 +16,11 @@
   <meta property="og:title" content="Port Requirements">
   <meta property="og:locale" content="en">
   <meta property="og:type" content="article">
+    <meta property="article:modified_time" content="2026-04-12T20:08:41-05:00">
 
 
   <meta itemprop="name" content="Port Requirements">
+  <meta itemprop="dateModified" content="2026-04-12T20:08:41-05:00">
 
 <title>Port Requirements | ACME Proxy</title>
 <link rel="icon" href="/favicon.png" >
@@ -135,6 +137,8 @@ <h2 class="book-brand">
       
     
       
+    
+      
         <li>
           
   
@@ -164,8 +168,6 @@ <h2 class="book-brand">
     
       
     
-      
-    
   </ul>
 
 
@@ -224,6 +226,10 @@ <h3>Port Requirements</h3>
   <div class="flex flex-wrap justify-between">
 
 <div>
+<a class="flex align-center" href="https://github.com/esnet/acme-proxy/commit/bddb8b9e27907357bb040d99257d2cae683cb5bb" title='Last modified by Kapil Agrawal | April 12, 2026' target="_blank" rel="noopener">
+    <img src="/icons/calendar.svg" class="book-icon" alt="Calendar" />
+    <span>April 12, 2026</span>
+  </a>
 
 </div>
 
diff --git a/docs/public/icons/calendar.svg b/docs/public/icons/calendar.svg
new file mode 100644
index 0000000..6e2a8d5
--- /dev/null
+++ b/docs/public/icons/calendar.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="#1f1f1f"><path d="M200-80q-33 0-56.5-23.5T120-160v-560q0-33 23.5-56.5T200-800h40v-40q0-17 11.5-28.5T280-880q17 0 28.5 11.5T320-840v40h320v-40q0-17 11.5-28.5T680-880q17 0 28.5 11.5T720-840v40h40q33 0 56.5 23.5T840-720v560q0 33-23.5 56.5T760-80H200Zm0-80h560v-400H200v400Zm0-480h560v-80H200v80Zm0 0v-80 80Z"/></svg>
\ No newline at end of file
diff --git a/docs/public/index.html b/docs/public/index.html
index 53bfd8b..16b35c2 100644
--- a/docs/public/index.html
+++ b/docs/public/index.html
@@ -29,6 +29,7 @@
   <meta itemprop="description" content="What is ACME Proxy?# acme-proxy is a standalone ACME server built on step-ca that operates in registration authority (RA) mode. It accepts certificate orders and validates certificate requests using the ACME protocol (RFC 8555), but does NOT sign certificates or store private keys.
 It runs as a standalone server inside your enterprise environment, acting as an intermediary between your internal infrastructure and an external certificate authority service (such as Sectigo).
 Certificate Request Flow:">
+  <meta itemprop="dateModified" content="2026-04-12T20:08:41-05:00">
   <meta itemprop="wordCount" content="141">
 
 <title>ACME Proxy | ACME Proxy</title>
@@ -147,6 +148,8 @@ <h2 class="book-brand">
       
     
       
+    
+      
         <li>
           
   
@@ -176,8 +179,6 @@ <h2 class="book-brand">
     
       
     
-      
-    
   </ul>
 
 
@@ -266,6 +267,10 @@ <h3>ACME Proxy</h3>
   <div class="flex flex-wrap justify-between">
 
 <div>
+<a class="flex align-center" href="https://github.com/esnet/acme-proxy/commit/bddb8b9e27907357bb040d99257d2cae683cb5bb" title='Last modified by Kapil Agrawal | April 12, 2026' target="_blank" rel="noopener">
+    <img src="/icons/calendar.svg" class="book-icon" alt="Calendar" />
+    <span>April 12, 2026</span>
+  </a>
 
 </div>
 
diff --git a/docs/public/index.xml b/docs/public/index.xml
index b1c7018..78e2e89 100644
--- a/docs/public/index.xml
+++ b/docs/public/index.xml
@@ -21,6 +21,13 @@
       <guid>http://localhost:1313/install/</guid>
       <description>&lt;h1 id=&#34;install&#34;&gt;Install&lt;a class=&#34;anchor&#34; href=&#34;#install&#34;&gt;#&lt;/a&gt;&lt;/h1&gt;&#xA;&lt;p&gt;Three methods are available. The install script is recommended for most deployments.&lt;/p&gt;&#xA;&lt;table&gt;&#xA;  &lt;thead&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;th&gt;Method&lt;/th&gt;&#xA;          &lt;th&gt;Best for&lt;/th&gt;&#xA;      &lt;/tr&gt;&#xA;  &lt;/thead&gt;&#xA;  &lt;tbody&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;td&gt;&lt;a href=&#34;#install-script-recommended&#34;&gt;Install script&lt;/a&gt;&lt;/td&gt;&#xA;          &lt;td&gt;Standard Linux servers, systemd environments&lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;td&gt;&lt;a href=&#34;#pre-built-binary&#34;&gt;Pre-built binary&lt;/a&gt;&lt;/td&gt;&#xA;          &lt;td&gt;Environments where curl-pipe-to-shell is prohibited&lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;td&gt;&lt;a href=&#34;#build-from-source&#34;&gt;Build from source&lt;/a&gt;&lt;/td&gt;&#xA;          &lt;td&gt;Development, or architectures not covered by releases&lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;td&gt;&lt;a href=&#34;#docker&#34;&gt;Docker&lt;/a&gt;&lt;/td&gt;&#xA;          &lt;td&gt;Container-based deployments&lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;  &lt;/tbody&gt;&#xA;&lt;/table&gt;&#xA;&lt;hr&gt;&#xA;&lt;h2 id=&#34;install-script-recommended&#34;&gt;Install Script (Recommended)&lt;a class=&#34;anchor&#34; href=&#34;#install-script-recommended&#34;&gt;#&lt;/a&gt;&lt;/h2&gt;&#xA;&lt;p&gt;The install script downloads the appropriate release binary, creates a dedicated service user, installs a &lt;code&gt;ca.json&lt;/code&gt; template, and registers a hardened &lt;code&gt;systemd&lt;/code&gt; service unit.&lt;/p&gt;</description>
     </item>
+    <item>
+      <title>Troubleshoot</title>
+      <link>http://localhost:1313/troubleshoot/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>http://localhost:1313/troubleshoot/</guid>
+      <description></description>
+    </item>
     <item>
       <title>User Guide</title>
       <link>http://localhost:1313/user/</link>
@@ -35,13 +42,6 @@
       <guid>http://localhost:1313/client/</guid>
       <description>&lt;h1 id=&#34;acme-clients&#34;&gt;ACME Clients&lt;a class=&#34;anchor&#34; href=&#34;#acme-clients&#34;&gt;#&lt;/a&gt;&lt;/h1&gt;&#xA;&lt;p&gt;This guide covers installation and system-level configuration of ACME clients for use with acme-proxy. It is intended for system administrators deploying certificate automation on behalf of end users.&lt;/p&gt;&#xA;&lt;p&gt;For certificate issuance commands and per-scenario usage, see &lt;a href=&#34;http://localhost:1313/user/&#34;&gt;user.md&lt;/a&gt;.&lt;/p&gt;&#xA;&lt;hr&gt;&#xA;&lt;h2 id=&#34;table-of-contents&#34;&gt;Table of Contents&lt;a class=&#34;anchor&#34; href=&#34;#table-of-contents&#34;&gt;#&lt;/a&gt;&lt;/h2&gt;&#xA;&lt;ul&gt;&#xA;&lt;li&gt;&lt;a href=&#34;#installing-acme-clients&#34;&gt;Installing ACME Clients&lt;/a&gt;&lt;/li&gt;&#xA;&lt;li&gt;&lt;a href=&#34;#account-registration&#34;&gt;Account Registration&lt;/a&gt;&lt;/li&gt;&#xA;&lt;li&gt;&lt;a href=&#34;#configuring-auto-renewal-via-systemd&#34;&gt;Configuring Auto-Renewal via Systemd&lt;/a&gt;&lt;/li&gt;&#xA;&lt;li&gt;&lt;a href=&#34;#log-management&#34;&gt;Log Management&lt;/a&gt;&lt;/li&gt;&#xA;&lt;/ul&gt;&#xA;&lt;hr&gt;&#xA;&lt;h2 id=&#34;installing-acme-clients&#34;&gt;Installing ACME Clients&lt;a class=&#34;anchor&#34; href=&#34;#installing-acme-clients&#34;&gt;#&lt;/a&gt;&lt;/h2&gt;&#xA;&lt;h3 id=&#34;certbot&#34;&gt;Certbot&lt;a class=&#34;anchor&#34; href=&#34;#certbot&#34;&gt;#&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;blockquote class=&#39;book-hint &#39;&gt;&#xA;&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; Certbot&amp;rsquo;s actively maintained distribution is via Snap. The &lt;code&gt;.deb&lt;/code&gt; packages available in apt repositories are no longer maintained by the Certbot project and ship outdated versions.&lt;/p&gt;</description>
     </item>
-    <item>
-      <title>Examples</title>
-      <link>http://localhost:1313/examples/</link>
-      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
-      <guid>http://localhost:1313/examples/</guid>
-      <description></description>
-    </item>
     <item>
       <title>Port Requirements</title>
       <link>http://localhost:1313/firewall/</link>
diff --git a/docs/public/install/index.html b/docs/public/install/index.html
index cfa5435..49d7161 100644
--- a/docs/public/install/index.html
+++ b/docs/public/install/index.html
@@ -20,11 +20,13 @@
 Method Best for Install script Standard Linux servers, systemd environments Pre-built binary Environments where curl-pipe-to-shell is prohibited Build from source Development, or architectures not covered by releases Docker Container-based deployments Install Script (Recommended)# The install script downloads the appropriate release binary, creates a dedicated service user, installs a ca.json template, and registers a hardened systemd service unit.">
   <meta property="og:locale" content="en">
   <meta property="og:type" content="article">
+    <meta property="article:modified_time" content="2026-04-12T20:08:41-05:00">
 
 
   <meta itemprop="name" content="Install">
   <meta itemprop="description" content="Install# Three methods are available. The install script is recommended for most deployments.
 Method Best for Install script Standard Linux servers, systemd environments Pre-built binary Environments where curl-pipe-to-shell is prohibited Build from source Development, or architectures not covered by releases Docker Container-based deployments Install Script (Recommended)# The install script downloads the appropriate release binary, creates a dedicated service user, installs a ca.json template, and registers a hardened systemd service unit.">
+  <meta itemprop="dateModified" content="2026-04-12T20:08:41-05:00">
   <meta itemprop="wordCount" content="828">
 
 <title>Install | ACME Proxy</title>
@@ -142,6 +144,8 @@ <h2 class="book-brand">
       
     
       
+    
+      
         <li>
           
   
@@ -171,8 +175,6 @@ <h2 class="book-brand">
     
       
     
-      
-    
   </ul>
 
 
@@ -592,6 +594,10 @@ <h2 id="verify">Verify<a class="anchor" href="#verify">#</a></h2>
   <div class="flex flex-wrap justify-between">
 
 <div>
+<a class="flex align-center" href="https://github.com/esnet/acme-proxy/commit/bddb8b9e27907357bb040d99257d2cae683cb5bb" title='Last modified by Kapil Agrawal | April 12, 2026' target="_blank" rel="noopener">
+    <img src="/icons/calendar.svg" class="book-icon" alt="Calendar" />
+    <span>April 12, 2026</span>
+  </a>
 
 </div>
 
diff --git a/docs/public/quickstart/index.html b/docs/public/quickstart/index.html
index 0e446b3..eeaad7e 100644
--- a/docs/public/quickstart/index.html
+++ b/docs/public/quickstart/index.html
@@ -24,6 +24,7 @@
 Installs the step-ca binary to /opt/acme-proxy/ Writes a ca.json config template to /opt/acme-proxy/ca.json Creates a dedicated acme-proxy service user Registers and enables an acme-proxy.service systemd unit The service is enabled but not started — configure ca.json first.">
   <meta property="og:locale" content="en">
   <meta property="og:type" content="article">
+    <meta property="article:modified_time" content="2026-04-12T20:08:41-05:00">
 
 
   <meta itemprop="name" content="Quickstart">
@@ -31,6 +32,7 @@
 For production deployments with custom install paths, build-from-source, or Docker, see install.md.
 Step 1 — Install# curl -fsSL https://raw.githubusercontent.com/esnet/acme-proxy/main/install.sh | sudo shThe script:
 Installs the step-ca binary to /opt/acme-proxy/ Writes a ca.json config template to /opt/acme-proxy/ca.json Creates a dedicated acme-proxy service user Registers and enables an acme-proxy.service systemd unit The service is enabled but not started — configure ca.json first.">
+  <meta itemprop="dateModified" content="2026-04-12T20:08:41-05:00">
   <meta itemprop="wordCount" content="568">
 
 <title>Quickstart | ACME Proxy</title>
@@ -148,6 +150,8 @@ <h2 class="book-brand">
       
     
       
+    
+      
         <li>
           
   
@@ -177,8 +181,6 @@ <h2 class="book-brand">
     
       
     
-      
-    
   </ul>
 
 
@@ -396,6 +398,10 @@ <h2 id="next-steps">Next Steps<a class="anchor" href="#next-steps">#</a></h2>
   <div class="flex flex-wrap justify-between">
 
 <div>
+<a class="flex align-center" href="https://github.com/esnet/acme-proxy/commit/bddb8b9e27907357bb040d99257d2cae683cb5bb" title='Last modified by Kapil Agrawal | April 12, 2026' target="_blank" rel="noopener">
+    <img src="/icons/calendar.svg" class="book-icon" alt="Calendar" />
+    <span>April 12, 2026</span>
+  </a>
 
 </div>
 
diff --git a/docs/public/sitemap.xml b/docs/public/sitemap.xml
index d4fdfdc..dc98a7a 100644
--- a/docs/public/sitemap.xml
+++ b/docs/public/sitemap.xml
@@ -3,18 +3,24 @@
   xmlns:xhtml="http://www.w3.org/1999/xhtml">
   <url>
     <loc>http://localhost:1313/quickstart/</loc>
+    <lastmod>2026-04-12T20:08:41-05:00</lastmod>
   </url><url>
     <loc>http://localhost:1313/install/</loc>
+    <lastmod>2026-04-12T20:08:41-05:00</lastmod>
+  </url><url>
+    <loc>http://localhost:1313/troubleshoot/</loc>
   </url><url>
     <loc>http://localhost:1313/user/</loc>
+    <lastmod>2026-04-12T20:08:41-05:00</lastmod>
   </url><url>
     <loc>http://localhost:1313/client/</loc>
-  </url><url>
-    <loc>http://localhost:1313/examples/</loc>
+    <lastmod>2026-04-12T20:08:41-05:00</lastmod>
   </url><url>
     <loc>http://localhost:1313/firewall/</loc>
+    <lastmod>2026-04-12T20:08:41-05:00</lastmod>
   </url><url>
     <loc>http://localhost:1313/</loc>
+    <lastmod>2026-04-12T20:08:41-05:00</lastmod>
   </url><url>
     <loc>http://localhost:1313/categories/</loc>
   </url><url>
diff --git a/docs/public/sw.js b/docs/public/sw.js
index 54c4d29..7983406 100644
--- a/docs/public/sw.js
+++ b/docs/public/sw.js
@@ -3,9 +3,9 @@ const pages = [
 
   "/quickstart/",
   "/install/",
+  "/troubleshoot/",
   "/user/",
   "/client/",
-  "/examples/",
   "/firewall/",
   "/",
   "/categories/",
diff --git a/docs/public/tags/index.html b/docs/public/tags/index.html
index 9e9687d..75a6b3d 100644
--- a/docs/public/tags/index.html
+++ b/docs/public/tags/index.html
@@ -136,6 +136,8 @@ <h2 class="book-brand">
       
     
       
+    
+      
         <li>
           
   
@@ -165,8 +167,6 @@ <h2 class="book-brand">
     
       
     
-      
-    
   </ul>
 
 
diff --git a/docs/public/troubleshoot/index.html b/docs/public/troubleshoot/index.html
new file mode 100644
index 0000000..638d95e
--- /dev/null
+++ b/docs/public/troubleshoot/index.html
@@ -0,0 +1,315 @@
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head><script src="/livereload.js?mindelay=10&amp;v=2&amp;port=1313&amp;path=livereload" data-no-instant defer></script>
+  <!--
+Made with Book Theme
+https://github.com/alex-shpak/hugo-book
+-->
+
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<meta name="description" content="">
+<meta name="theme-color" media="(prefers-color-scheme: light)" content="#ffffff">
+<meta name="theme-color" media="(prefers-color-scheme: dark)" content="#2e3440">
+<meta name="color-scheme" content="light dark"><meta property="og:url" content="http://localhost:1313/troubleshoot/">
+  <meta property="og:site_name" content="ACME Proxy">
+  <meta property="og:title" content="Troubleshoot">
+  <meta property="og:locale" content="en">
+  <meta property="og:type" content="article">
+
+
+  <meta itemprop="name" content="Troubleshoot">
+
+<title>Troubleshoot | ACME Proxy</title>
+<link rel="icon" href="/favicon.png" >
+<link rel="manifest" href="/manifest.json">
+<link rel="canonical" href="http://localhost:1313/troubleshoot/">
+<link rel="stylesheet" href="/book.min.4d6d5ad3b0ae85d2a15b20ab217863f70db543e46314629e239ced759e674898.css" integrity="sha256-TW1a07CuhdKhWyCrIXhj9w21Q&#43;RjFGKeI5ztdZ5nSJg=" crossorigin="anonymous">
+
+
+  <script defer src="/fuse.min.js"></script>
+  <script defer src="/en.search.min.4c7b822b52c27e45dcc401576e8748248407109c1dbb914b25910930a668c107.js" integrity="sha256-THuCK1LCfkXcxAFXbodIJIQHEJwdu5FLJZEJMKZowQc=" crossorigin="anonymous"></script>
+
+  <script defer src="/sw.min.6f6f90fcb8eb1c49ec389838e6b801d0de19430b8e516902f8d75c3c8bd98739.js" integrity="sha256-b2&#43;Q/LjrHEnsOJg45rgB0N4ZQwuOUWkC&#43;NdcPIvZhzk=" crossorigin="anonymous"></script>
+
+
+
+  <style>
+  pre {
+    position: relative;
+  }
+  .copy-btn {
+    position: absolute;
+    top: 0.4rem;
+    right: 0.4rem;
+    padding: 0.15rem 0.45rem;
+    font-size: 0.7rem;
+    border: 1px solid var(--gray-600, #999);
+    background: var(--body-background, #fff);
+    color: var(--body-font-color, #333);
+    border-radius: 3px;
+    cursor: pointer;
+    opacity: 0;
+    transition: opacity 0.15s;
+    font-family: inherit;
+    line-height: 1.4;
+  }
+  pre:hover .copy-btn {
+    opacity: 1;
+  }
+  .copy-btn.copied {
+    color: #2a9d5c;
+    border-color: #2a9d5c;
+  }
+</style>
+
+</head>
+<body dir="ltr" class="book-kind-page book-type-page">
+  <input type="checkbox" class="hidden toggle" id="menu-control" />
+  <input type="checkbox" class="hidden toggle" id="toc-control" />
+  <main class="container flex">
+    
+<aside class="book-menu">
+  <div class="book-menu-content">
+    
+  <nav>
+<h2 class="book-brand">
+  <a class="flex align-center" href="/"><span>ACME Proxy</span>
+  </a>
+</h2>
+
+
+<div class="book-search hidden">
+  <input id="book-search-input" type="text" 
+    placeholder="Search"
+    aria-label="Search"
+    maxlength="64" data-hotkeys="s/" />
+  <div class="book-search-spinner hidden"></div>
+  <ul id="book-search-results"></ul>
+</div>
+<script>document.querySelector(".book-search").classList.remove("hidden")</script>
+
+
+
+
+
+
+<ul><li><a href="/">Home</a></li></ul>
+
+
+
+
+
+
+
+
+  
+  <ul>
+    
+      
+        <li>
+          
+  
+  
+
+  
+    <a href="/quickstart/" class="">
+      Quickstart</a>
+  
+
+        </li>
+      
+    
+      
+        <li>
+          
+  
+  
+
+  
+    <a href="/install/" class="">
+      Install</a>
+  
+
+        </li>
+      
+    
+      
+    
+      
+        <li>
+          
+  
+  
+
+  
+    <a href="/user/" class="">
+      User Guide</a>
+  
+
+        </li>
+      
+    
+      
+        <li>
+          
+  
+  
+
+  
+    <a href="/client/" class="">
+      ACME Clients</a>
+  
+
+        </li>
+      
+    
+      
+    
+  </ul>
+
+
+
+
+
+
+
+
+
+
+
+
+
+</nav>
+
+
+
+
+  <script>(function(){var e=document.querySelector("aside .book-menu-content");addEventListener("beforeunload",function(){localStorage.setItem("menu.scrollTop",e.scrollTop)}),e.scrollTop=localStorage.getItem("menu.scrollTop")})()</script>
+
+
+
+  </div>
+</aside>
+ 
+
+    <div class="book-page">
+      <header class="book-header hidden">
+        
+  <div class="flex align-center justify-between">
+  <label for="menu-control">
+    <img src="/icons/menu.svg" class="book-icon" alt="Menu" />
+  </label>
+
+  <h3>Troubleshoot</h3>
+
+  <label for="toc-control">
+    
+  </label>
+</div>
+
+
+  
+ 
+      </header>
+
+      
+      
+  <article class="markdown book-article"></article>
+ 
+      
+
+      <footer class="book-footer">
+        
+  <div class="flex flex-wrap justify-between">
+
+<div>
+
+</div>
+
+<div>
+
+  <a class="flex align-center" href="https://github.com/esnet/acme-proxy/edit/main/docs/content/content/troubleshoot.md" target="_blank" rel="noopener edit">
+    <img src="/icons/edit.svg" class="book-icon" alt="Edit" />
+    <span>Edit this page</span>
+  </a>
+
+</div>
+
+</div>
+
+
+
+
+
+  
+  
+  
+
+
+ 
+        
+  
+ 
+        
+        
+  
+ 
+        
+  
+  
+    <script>(function(){document.querySelectorAll("pre:has(code)").forEach(e=>{e.addEventListener("click",e.focus),e.addEventListener("copy",function(t){if(t.preventDefault(),navigator.clipboard){const t=window.getSelection().toString()||e.textContent;navigator.clipboard.writeText(t)}})})})()</script>
+  
+
+      </footer>
+
+      <label for="menu-control" class="hidden book-menu-overlay"></label>
+    </div>
+
+    
+  
+ 
+  </main>
+
+  <script>
+  document.querySelectorAll("pre:has(code)").forEach(function (pre) {
+    var btn = document.createElement("button");
+    btn.className = "copy-btn";
+    btn.textContent = "copy";
+    btn.addEventListener("click", function () {
+      var code = pre.querySelector("code");
+      navigator.clipboard.writeText(code.innerText).then(function () {
+        btn.textContent = "copied!";
+        btn.classList.add("copied");
+        setTimeout(function () {
+          btn.textContent = "copy";
+          btn.classList.remove("copied");
+        }, 2000);
+      });
+    });
+    pre.appendChild(btn);
+  });
+</script>
+
+</body>
+</html>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/public/user/index.html b/docs/public/user/index.html
index 4e1f164..ed40a13 100644
--- a/docs/public/user/index.html
+++ b/docs/public/user/index.html
@@ -24,6 +24,7 @@
 Table of Contents# 1. NGINX on Linux VM / Baremetal 2. Apache on Linux VM / Baremetal 3. Standalone Mode 4. Docker and Docker Compose 5. Kubernetes (cert-manager) Prerequisites# The ACME client must be installed and an account registered with acme-proxy before running any commands in this guide. See admin.md for installation instructions and systemd renewal timer setup. Port 80 must be reachable from the acme-proxy server (used for HTTP-01 challenge validation). Your domain’s DNS must resolve to the host where the ACME client runs. Replace the following placeholders throughout this guide: acme-proxy.example.com — your acme-proxy hostname myserver.example.com — the domain you want a certificate for admin@example.com — your contact email 1. NGINX on Linux VM / Baremetal# 1a. acme.sh# Register and issue a certificate (single domain):">
   <meta property="og:locale" content="en">
   <meta property="og:type" content="article">
+    <meta property="article:modified_time" content="2026-04-12T20:08:41-05:00">
 
 
   <meta itemprop="name" content="User Guide">
@@ -31,6 +32,7 @@
 ACME directory URL:
 https://acme-proxy.example.com/acme/acme/directoryReplace acme-proxy.example.com with your organization’s actual acme-proxy hostname.
 Table of Contents# 1. NGINX on Linux VM / Baremetal 2. Apache on Linux VM / Baremetal 3. Standalone Mode 4. Docker and Docker Compose 5. Kubernetes (cert-manager) Prerequisites# The ACME client must be installed and an account registered with acme-proxy before running any commands in this guide. See admin.md for installation instructions and systemd renewal timer setup. Port 80 must be reachable from the acme-proxy server (used for HTTP-01 challenge validation). Your domain’s DNS must resolve to the host where the ACME client runs. Replace the following placeholders throughout this guide: acme-proxy.example.com — your acme-proxy hostname myserver.example.com — the domain you want a certificate for admin@example.com — your contact email 1. NGINX on Linux VM / Baremetal# 1a. acme.sh# Register and issue a certificate (single domain):">
+  <meta itemprop="dateModified" content="2026-04-12T20:08:41-05:00">
   <meta itemprop="wordCount" content="3307">
 
 <title>User Guide | ACME Proxy</title>
@@ -148,6 +150,8 @@ <h2 class="book-brand">
       
     
       
+    
+      
         <li>
           
   
@@ -177,8 +181,6 @@ <h2 class="book-brand">
     
       
     
-      
-    
   </ul>
 
 
@@ -1038,6 +1040,10 @@ <h2 id="troubleshooting-1">Troubleshooting<a class="anchor" href="#troubleshooti
   <div class="flex flex-wrap justify-between">
 
 <div>
+<a class="flex align-center" href="https://github.com/esnet/acme-proxy/commit/bddb8b9e27907357bb040d99257d2cae683cb5bb" title='Last modified by Kapil Agrawal | April 12, 2026' target="_blank" rel="noopener">
+    <img src="/icons/calendar.svg" class="book-icon" alt="Calendar" />
+    <span>April 12, 2026</span>
+  </a>
 
 </div>