From b51365d6486e0e6ee48e5fdb1b07a7fdecc9e912 Mon Sep 17 00:00:00 2001 From: Kapil Agrawal <7047165+netops2devops@users.noreply.github.com> Date: Tue, 14 Apr 2026 14:32:44 -0500 Subject: [PATCH] fix README --- .pre-commit-config.yaml | 5 + README.md | 27 +-- docs/assets/highlevel-flow.png | Bin 0 -> 63845 bytes docs/content/examples.md | 5 - docs/content/troubleshoot.md | 5 + docs/public/categories/index.html | 4 +- docs/public/client/index.html | 10 +- docs/public/firewall/index.html | 10 +- docs/public/icons/calendar.svg | 1 + docs/public/index.html | 9 +- docs/public/index.xml | 14 +- docs/public/install/index.html | 10 +- docs/public/quickstart/index.html | 10 +- docs/public/sitemap.xml | 10 +- docs/public/sw.js | 2 +- docs/public/tags/index.html | 4 +- docs/public/troubleshoot/index.html | 315 ++++++++++++++++++++++++++++ docs/public/user/index.html | 10 +- 18 files changed, 404 insertions(+), 47 deletions(-) create mode 100644 docs/assets/highlevel-flow.png delete mode 100644 docs/content/examples.md create mode 100644 docs/content/troubleshoot.md create mode 100644 docs/public/icons/calendar.svg create mode 100644 docs/public/troubleshoot/index.html diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9f49b61..59005f7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,3 +17,8 @@ repos: language: system pass_filenames: false types: [go] + + - repo: https://github.com/gitleaks/gitleaks + rev: v8.30.1 + hooks: + - id: gitleaks diff --git a/README.md b/README.md index 1958b53..c53de03 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,17 @@ ## How It Works -When a client successfully completes an ACME challenge, `acme-proxy` forwards the certificate signing request to an external certificate authority (CA) that supports External Account Binding (EAB). The external CA signs the certificate and returns it to the client through `acme-proxy`. +`acme-proxy` runs as an ACME server inside your enterprise environment, acting as an intermediary between your internal infrastructure and an external certificate authority service (such as Sectigo). When a client successfully completes an ACME challenge, `acme-proxy` forwards the certificate signing request to an external certificate authority (CA) that supports External Account Binding (EAB). The external CA signs the certificate and returns it to the client through `acme-proxy`. + +**Certificate Request Flow:** + +1. Your internal server (behind a firewall perimeter) requests a certificate from `acme-proxy` using standard ACME clients like certbot, acme.sh or cert-manager.io if you're using Kubernetes. +2. `acme-proxy` presents cryptographic challenges to verify domain ownership +3. Once validation succeeds, `acme-proxy` forwards the certificate signing request to your external CA using External Account Binding (EAB) +4. The external CA signs the certificate +5. `acme-proxy` retrieves the certificate bundle and returns it to your server + +![sequence diagram](docs/assets/highlevel-flow.png) **Note:** LetsEncrypt does not support EAB. However, commercial CAs such as Sectigo and ZeroSSL do. @@ -40,20 +50,6 @@ Using ACME with commercial CAs in enterprise environments provides several advan - Leverage standard ACME clients (Certbot, acme.sh, cert-manager.io) for certificate issuance, automatic renewals. - Enable self-service certificate requests for development teams -## ACME Proxy Workflow - -`acme-proxy` runs as an ACME server inside your enterprise environment, acting as an intermediary between your internal infrastructure and an external certificate authority service (such as Sectigo). - -**Certificate Request Flow:** - -1. Your internal server (behind a firewall perimeter) requests a certificate from `acme-proxy` using standard ACME clients like certbot, acme.sh or cert-manager.io if you're using Kubernetes. -2. `acme-proxy` presents cryptographic challenges to verify domain ownership -3. Once validation succeeds, `acme-proxy` forwards the certificate signing request to your external CA using External Account Binding (EAB) -4. The external CA signs the certificate -5. `acme-proxy` retrieves the certificate bundle and returns it to your server - -![sequence diagram](docs/sequence.png) - ## Quick Start ```sh @@ -118,7 +114,6 @@ The most important parts of the config are - "account_email": "", "eab_kid": "", "eab_hmac_key": "", - "certlifetime": 30, "metrics": { "enabled": true, "port": 9234, diff --git a/docs/assets/highlevel-flow.png b/docs/assets/highlevel-flow.png new file mode 100644 index 0000000000000000000000000000000000000000..6528c564b0514ea94243aa3d2e4ff37ea9aceea6 GIT binary patch literal 63845 zcmeFZXEKMhEWoX8NDPSLUPnoym)YM00v$?#|sD@~m z;bPRee?BB)ME+1y3r%+?a%cZ_vbm#=CBWK$|2K&wQ7(vXQ&@hhTxaUSj*9Egvt>`e zQ1Oz`JeayboG>M>qyKXHj3GB}zsEr3{ba&vaDS=~{ujhI?wq5ka4^kW+%JIsOJ&QQ z(?{I!Q0GY0QSgm`d*LeU1nRmea~CJp4T04f+NUQUYTLq+nGP=d5zBQe5>@Q*f?Ukl%R^;{2CyVFdhF6-K-Wg@Xen-In4=tYeH z-4M2TpGiB!SlwW|%l;o|ND=vmtS_5Rm}f3NCVCuy@z^oRu(VueuqR~T+{6Mi>#tjt zIEaPA2FNeYhD7~07fnIudXeWYA>j${N<`1@KS%u*dg*P;q|R^h#16lxgMNkYbTR)2 zSt5)N#eSI9em`=4!pr~w-u4yK4*|Fz*?;?e|YAwkx~<4hDL z9|8w8|D$v6>;!**LDB%~T6892WFEk69~uLh6@LNzm&}q75g`ZI4Y?>$zs~WVg9r(C zr1~$A(yzRu$1L2yz%QilbW#4h)q4}*ybX}(m9z8y{pB0C5~{OX`4@y#%fM|fd@o4* z{kAR{F+h~^J18^g7g5h|16M}bf72QzVg(*06yCLY`3$o6ZKp8*`KJ4fyMJ#RqJwr} zI3tBb7C78J3+0IPUx)i^fxzbg)Kr2r!T(|ybq>NWN%o6~zqR>!4M~@L>N+ri1=t1o=enY{w#iF!vz(rRZN~?QcY@?*Nwe zvD>pV{bfIQ`sjPm6SA{MPrp!60tkG%A1AH$4+3On08=ySDpRigqUCSdqXpRW+?bN` z)i3tEhX6MU6I;6f1|2)m4zN#cTevpr7eOR{0FS;mB#j9C_2^%mRY?Ol+b(jG=ND%= z0FuSg2?;Tr|EWX)?>UrEj8gU=P-mi2eHS>JyY;i**Mq*l1Q6t?G|hQ-K%(2giud9J z&;Q1^fUnnq6-So3hW{Z^DG$)oO9Z;P!{5PHIz_Bq<;m5v1swr1=T5=I2KrA5iD;h0 z0oE$N+3-ws*`rP$?X!C#c=qUDV1ER_zU}EOE&dDa^QU&UIXatLMwI{0uTPM_-L6DD z&IRbwog{~_U&y_m09H7)j8W!Z__95ir#<3{Y~)K z9e*+Vr4+zvDvNt}BmbdSB?aJdh{%mxwO_{NFVzbG)(4zw;J;4wNicw*?7;4yzpWSb zybB=DOtqEtj6mWLV8wGne*~X-!M|3_&;nMBHAry%M|J|f0#=A|-~RKp-}FLB3DA~H zArB|n&lVg#h4{LZg6eM+a!oPO2@rU{{96kDZv@iv00d5< zdm7IUC0*7u{5EfgR4f-Io&l4MQ?TWeis6ioixIN5xoe!q6)z~%i_-l82`xLr?{Al|{s!2jjcoXrRfh5yV zFXj5nEPVtb4?C$siFu8GsL43>?LP-&#eP%zfaieRFh+HKR6f(hH^3D;8ruA`3x69d zPu2Iv==gBW*oF2-J&d#c|6)1G1DwZ?xZCk}i5fkXr~}H$!(Yl=eaeQNedqs*Pj3Mr zy|Bhe>70SY1YD^R`fauUy)py7l1wo9zYyXD1SL-P%&4-zIo);(@4Wmk#itGfe7fzU z5-IqvZ3953+w%RtZU4(+{@)GqH#&@ww2{l9TawkRmF7rdOuY2w?I zRv7y1@mTbD(mAVq`ogG!N|L4ZADUg82r;@zvE*wxiW0KUcmRbS8+bl@+=yf4jN2 z{^>Fz-PYC?R^@1BJ62oah9Bs#@g1?NRt;ywucXR8t;MbND4rC2J388#prNDV4rdgP zb{wl!KiVfCe2k2YHuvV!yR;RLxO}#kQFvT_7oCAA$IiG4^FA=&0#6NyikeH#d|KP$)F&=TA36t$v~L z=5(YYKW09xFI$sgZ>4Gi-cQF5kK$B|$Q!Df@T+5tX+qY4#ARho(!A!bCCdAFP@exAor(v7LsU$*@j?N;}zk@L#nyhFbVu!K$EZ;OLc@R`j7&Pfa zt6!1!Tz~r$kJGGl9K(WCzn9xi6UJT~d;eU>08bYfm7yJmOG|D0uV0gJcq4bbJMBWi z8Td44`&_COfKfk0mZ(JBO_f0;Nj&C{$`279t9+dNnpNIdeNj`S0q)-LI(>Vm3<7};TVJvSQ4)3P?F_oi_^e^V z3Zg9IU^w|#&pJF^QeOiPEw1ZXBOpE9@dQ*0L=kj=|!Y?rP0E zYw;Rpu|K!VwMU-kvi#2|xuc)`l;0;xEQ9MeTA4Nv)|&FYqY9|rAh7TfxuG%}?V5$m zuz`}%oe6&n38!(v?j&)&2bFd>Y`piQC7gjpoQ3}p!fvQY==>jlM%Aq~n)t4E_8tR; zG48w65Q+?Mx(LHv9nE(q+dNG(Mi-gY>4(B;3n;h*2d!~fM9|z4;llkF z91x|BeiY{g3ulLPRBoD3aWwW76rqaoZjI5d(+1)oUk_IK8s{zg;cBmZyXoz_EOK^X zm(N0_Q-;1zs<4NH$CJeE(M}o`nz3f=s0^t4V{vn@SvoqS#eB z4|C_9u8eRC8JF{JUbC7meb_ay#T&wpBi;m<5dV{;9kCDCfP5LAyD3p~-O2eqQI(VL z1J1)rt<*I&hz!8|Al2gfO$|ETFwVnma*$tf%^c%!l~X!R>t(t1=iTs&+hBeYAuFNH zVth?)Wpn|{U6R+mxtuT<8WD3{u6C{E(zy(z=mR`_PLBXGka!4WSy(T9^ZdQpQLoKe z$qA#8x&~J@Tb<&FTX_aU_P*~pe)(}A-V9jhI2R!E5FZP=LU}7g17+u@4WcPEtMkBn z$_VQQy8VPG!-vXk`{Df|-H)$4&cIfWu^QAjyVp6l-V{k^F$k(q{_@t7{*I<2`c zsY_wp_mVkOlpyKC#$3^f9SeGjg?wl%4K`ANKl)9(Db{a_b#)AI$Iq^E8z_ zxIBSi4@W*O__b7g+lBiE|He5~GbFEd^WJFmGhU4D<5wSC{T#)oNr@d+&dFSmi)xX6 zh=gzbRNS3B?=E;%H#w)@{KF(_9g^8gp&iw zTD{*YP+T;;@|8M|Hm{{hQc%TxK?n8CkQ_HoS~6{4-UG|@E?FQp8{h1b}C<3FM+kR9nKv}JXx&>!PZ;~w!~jn z*nNwfX;(?1#}~e5BDj*--a-F;v%9jJATV z=oJ+j$<}FTjbc}8IMZw^lT)lfQMJn4=ftd9RX_NQdP}co>Ul&Y#=1KRkmrKqN2+K% z83KLbhN@>RCrnICEE}-f*tKlU1Y^*H?)A>jPM8BKA2F{`@dbr7n#>fO353`Y)6=|F zx^yT{#jAoayQROrb#oo#{L&f-!IQXWAIO{N<_Y;+avmYi(n|$BxbUyal9>=6vEp-u zV^m7$g79Qo>|_We{6L`G_rSxQnkFKj)8&e8T2$<|hN|kT!-5JB zRAA(SrrG*sf94g*@h6I&>-YBX`Ne3Po-|Rr0p8G%kaxrB*HFk5Y`e6~z4zz54ma8m zvL}aIk*5Af1bl^nG)$MRZx8Ul`U&bB^Vo_72+NF&kZ$J7SP_eH(bX)qNOF*o?(zPT zh`N?mIr!8>5B5FC-AL1r`^24>utrek~*+(r2=ex~xV5aG#1c5-fqdyb+&t*?M$^X-Ui zt5c;cIpROl*ykiF>E|+aoWaHnHoAG+A+%Lm+0cq617}o!z1NoDiKoOkB^w5 znKc4Et-1%O<7lB1acVID<2JwVdq71m^qtd9s=i_O^{q12%#u>?H3cCiI@)Syb!_t^ zg$T3-Nr#XZ1Gz5^7WP#tT~+d%qA5)G+wX`@$01PO>yyfK%3*FKSD7|z^f539B++ra z-e}f6Rop&a?qIo0qY|(b26xjH3PFabD}(JlG9WtFk0Qd3O-CNw`W!Wu4<3v@=nf7{ zetwhOeWN+_gM8u*CSM@96$PRn?iyd8;I^ZR8$p7I%yOmZ>yl1I<^m-~PgLFl9)TX& z@oH%GZOg7sJnb_`gn^I+VTk%djfL*z(+HTQZ`|h<2TsU!TJ32V zg1YF1B)%5Ps|AIVnVLyF9zk#BOoh~yuuEbhmR~}Ho`Au*!ZK>uMhEh>+gBAgnyEIBhLJ)ONp7pQ*VnRys~%hwA%3lLDV$IlaTnoo=uh1mohpQBIs_TNQHi(H#bdY# z^wO`*;=UPPyJ;Kk9SYTFX_0xh`^3q;#X}27W5kI%jOc6<)TMpKhv#44byp2Z|2Gs+ zTA;pRem!XTPGfG4%$K$9DJQ@~;=6HIr2P)7V}(oxr&YH$H%U;bA(ddC?TFPZPE!r{ zg|8eR#AZ9=VgQFwwcob&i1Z`PM|uqT*CyTZ+Ws48{?}?r&KMv4!hFBqV3of|CJ;2d==Q8$K+@?np92u*q75Svn2QuP2suJkMkZD8${^4lluf15sQg zVGNMA_>7us7igWLA+n^!<|nAv44}e0k3;SPCvl701*+uFi!bVA?k7FDSAID$sn$BY zR!WdIEV|`FFIJ|FKO6g0KM90`L^LY2I(bOFzALVYB>a^nlwX9)78^g(jw+)tCLX%g zq}sSU750{;sfpB)B?!Oz5H^0bN+gIMf|b+{c?>|ai#)fLv5$1PSD7EVe>>-o=?%X! zI3J=rTGXJY2-@8)C$yM&?N?dJSX0o*IFqx7n?-Wy&ZB`+h1RtmUbqhlAN;nZlQaFP zo17E|^4+H$8`2g)^e?VmJ#qVJpnH<{I6}q!mWIWtQQkTT6bEv+L(OwE;)H{>hn{QW z974E5P4RV~?abjjYdg9l$d&(B zhCv48j+jV-6GLFxOl)A#`)^eY#;*Wbe1@Y6LYjPZ=lcRsmqn-q?3{a}h#}A^et$yZ z#$`8-MI5iC$VV&Pq~fK`mU%!Dgr%?tN^&IeH_62@s%ExdGhg%w$GF@dbI^b2hRr3} z`>Sn1!bW6|s(pI&W-^&XjhTi-zhL~jnYVThRJRV#1FTBl2WNqxEq=N!Qgi-GDz~U;pH>V9f(Har0Yo0kJ2uG*qiF8f4S(Oh*w0Of zROG68Y!WV1xBP1sKs8V1?Ol}J1)i%B8_7q)Q_lXs98X{ZP)1xYGRq530pUiGj1arG z8Uvuxas;=!ZK72oJJ-@k>NU}a9m)jOOg-Jt;JiO#pr%`fc)z#Ja^lHba(b}t0w^nNqla7V-&Z8s;C4W0x5jX$lmsMr&*L5 ztFHUTpJ@cuz1``^hu_}a-vlD&PWhcty*%~hD?*QLx|6uOlO=al6O{W^m*|DKYLw4w z47@eENjWe?A}9?9+<>qh5`I2Osa~tI--$*w*IOg1=hPZ1-8*fUEE6u~_UfXOOde0S z!1hCxsIirRm}WCS;gJ!41IBXhSvgjO6%W?BFOl?yhiLg85r%?5xI<%y(P~}C`VG~Z z#hhfT%^BB4jn7q2igNP*@}2zrw42BM+KO~w4eu1;5YUsPwD zfKOJ}+ehcUbZ6J^U-R1;Q@&|V8BGF|N>y+QkCAX{APO2O9isAI)lJ`lWSsROk*Brs zl6y9}5EWVYQ^i8RNrji6UR1}9|^W*K1 zocNq|{K|}K8${=&!vWJJJ`&|~dbR`0^L_#Pep(>=)zzY2<;;MJSDi11LK=13;Wljx z-4%FqA?*uTSruFYhz_&>grF#=#y!-sMgo;!2e(rd=@f-(RY$1 z@JB#aKt3KB9*&?65wrOcySFvp1!QCoftVRqVTY)h45SczEVup5GHBCa>gq1wNkxDt zE&&_n!REJnpUiC6JkxBTj=7Cdk5d#w2XE5RPES6(8t-Bnwp}*CxuYR>4~S~Ubzq8 zIa=3h_U4jt{_5)UFolIL)QHfH7i}25+!<_s5p2tGqR}^FgF|Hg^))f8u6QBr7_gl& zq4(YW+nVysWo)t@1%eihrWLqyTRox^Ak{I#%K>pisbw2wqQv8*S>8jRwFVx=jc@6TQ}oN<8UerJ1o)M*;Aebd8?DtrI^ z`ODQmyK^{U7CtND6?1A4%(|}clO7Z=h`KH400l6AL4Q@_0O#p1V?zO#fpk-#KUdpe ztBv(!Ho;=x*;>Pnc}1{W0PWG_i_7rTvAU<4Z4oSpq(H##)O_vrdq+xYnJD@YITBXu z*~c^JbGW_qM5!2Os9fMK z)M3BQ;i_|dxTU=~fQg~e0l?LRz4O^w-2^hsi&hNHOF(wbIpMpL+IbTx@iku8n_~$5 zg>MfqB?5f*WAm3JN8dJI>qM)^z?Qg z43^FF3v7W1wyopkvYwf6$?>T2@>_(ORi?m-2QA1TiOec6e`|l0lLan)4jI9odRp4h zOpiiMV#1tR*l~_^D-r~1@X|tW7S2AEl=ktoxUk7-PK^BQFjSPvZcykR03L8*3cNCX zTjqQL4|1F$Drm^;X)2JHu;JV5#Z3kv`153s%cX(rr9xuiie(KT3qoeM4U;?0J1`4? zv1y!ED~Vz@g7)M@7FakRVGk%*#ObuAaQLEP7!LXk-=&*-FLEcl8kSmx&eC8)ukc`{ zGj7=pK-KRrTP)jHM!?%ofZV_ocV3Ye9hj$In3Qdzy+2U!c=n-C>03WPPH}OBah0Qx zSHAvUjg5yI@dwT4YDYbVX5T^wbZSq{s4_W1`{Jh8Y5sQB5mZ(HLI+pb4{1=GHWLJ` zaO_mS&|xaFZSN&Zjx*QZeu=Gs-U$g!*nN|UiY@wbMK@c>q!PYKf%0_659l&LIP7TF zIAmZGs+1)cZIL0;U~iQNAiK4~s&W2-!o=yX)o(}x$x+Xu{DLW2VAO$BdLec}S}M{$ z+Xb~ZSuW^?Q~8D{)dN`?&X7UK*a|4a2nX@DRQnL{+)c;(`7|X7rY`E#f+14inJJ*) zmyvmo+Q?pToCeb>5y>KZ{j_q*o_V=Oj=Ca`VuqHBYc6C%2_1O;>Wj7P1aqvXE%l`z z!G|d!MJ@JFMKS}jAJVRKd5?701HKBFR2H0OKcY_Ka$(O@n~Fl<1HleXIBcAf!h^z* z%E$R2r2EEpuU~msSR?zWcDjPl3)0K_OP4q%a<$V{mV%yTGnl!dZllO^qPnBX@4Y&D zeMB<%h>f~9sxPEHD5{k;;C-9VHu^ePbURTVg%49OJ7V3j_EpXDj=BDwoQGHnKe6xM zB*#oW$DkV&2d!w-!p@rA=E8U%TRi$$qm%b)3-7uL1a}{Rc?0op1~=SVwNZACLaCwf z@~N;#y8aj8_T+=EHL|nj>NUlY&5(IEpPhIp4wXTrroxYXgzVf_%$nO__orfp*_~qlz zHw3|0cUpXlkc`F)`aOT?`yD(=iJhrH1P$P<4&W>`Bt)xr2f!K89ReSVmIS0<3G!V= zF~5e|$DG2_uukl@Spgk28{ZD0)*zExgC%A=9tyb&rF&?ddo}B}E=29clz7A@rwguD z>Ix<#ZQx_SewC{2Lt0F-#N*P$9(Wj>c}>j`PHSSR)STmftToU=?ZaFlN$(Uo5JbVy z`BwRbAco|%?;+qJ`7_~LU#Tm%2UUvc(2|*=D|E}3$sEB^c>e->Bm3C&N-+P(1=*#n zBdKx4`yWX(6ZRM6K}qf#mCygy3PBJ03$;w z$Q4~w4p9Bpp`k-X5%4%Y-G&gC=9|7kFlT9ox!0v0E5_~x6Z*Z>iIpH&IDy*e&t9?( zcfkK(BB>UU6}MDPM`$qZ(n#L>_9#1{t1O{#<`YtXZDgZE=hY4J;qZ#*^#e6p?rhe8 z0x|Y`Jt~A?BXn9C2lljkD|10O24C-wxELF+f{82M&*DkGP?OmtGM0jH`&a$nK{8ks ztJRK;_fu0Wc0_B|`>g#={IYe1`CVLCoz)3)7iDyirgp0WhC z_{(~i=L~u}^+f5sIOX}GyxN734`@-9Bh3&oDeUVo&nNe(GbMUYqBw4oBZkzzqSWa2 zWC|%FGC0||!C4z1ZWCX82;3xrY;oTjjEzvmF(^Dy zbb`np_{OpjIKFc9_0n(7Wctg!aCcTiGwRW@cUHPB_7zR?!-tH~DoUJ?^KTjfLs;xC~(diaHmpk(ZTs3W^`A`%H^DhPDukN( zG(FKv7j$!|-nK7=Eg1>!N&X+Sj!H!iPutRGDTo3KzuMdx1g@-G?y6EML=s z3mjyqe36ik^*4ur5-%TXh$)M>UF=kNrmKgYW61I6_I90T?jyvXFC}LX^k#SuTVfJr6uWp13uds==-hDsHuWtMgdlhnhV1 z(=CSveQoi6t4O=-`$RR?0RziM0|_uc`L|@>T9PlpaeOdevV=Rq+(f1daif@+Nh{Ur z*eJlO^A4aH-4UzCN_`VMUkehn>dhF<t}$igE&1D)~AFXd&i!O42%^%{_?`kaT}zHLfYhHv&O1#?U=CcfOAwn zDnmIQPzP!=KzV0|!OC3xXd1MD%ahE>9G97tmjx!34vEo@wQq$TliR}QY9|dV;?bU$ zsWU=^n;}}Qfr_`^m_OTSk#G%T+;W+cZZ~f?`x(l4z`GBv+$iM(XQ>#f&_4J~6{L9d zGX@f`yb6SM+3^`lw;B&t>og`811YN6yFSO)xXxoG*j;qlN7*B&Igk(P16Yq<^Z-?A za`DKl?bF!Z`!dXVbEX4(hfL07be*-CZ~G;E-Ww5;dk5PqLXitymF0rX-)=}g>9f4u zNknF`M3Lse($FRrQVRJgGFKRuRsQF;lpPAI*f#!gm%XklmM?33(Cf}hMTW?C6}T`= z;A$3%(CcUUQW!1&Qe?9$Q>oU{-||j5v_<49eyG^#>7M(szV<%&;OYzKdh4BJ$)!c# z0Ev<{y`~d$dhL{jZsBkA7hj48JdvAXqXAw&$PK@=-dXph@iW zKyS}C?2?v)aTr|eNE$m`peQ!62NYa*ODIpB$}UiwP(ol^lkLL{p^wskE;Xi!v4tlx1Q(J*Jo@VaOC z+vm@8?q5Z=X+|#C`?$UvV%;W5Yx88+U6~CRmt{4;2k`B;d0VEghy4K-_StWkeDvqS zm6HIv8R2GGP!4s=ih4OJ>HrPMeep@HPv3SM*G87!`nmr z7+)jT#c%#-=5Lj{^xd9%qGEjrrV{SyY_}Hv_-+r^&N3IjF-=I=K)%e+Xg#&dof87| z8Z{d8>M=~U9SEScyWsy^R-zz&AknE~++PyyPn3Dbs;kiAxkfvX{c^b%+y-?^4K{`0NlyNN+Tp0wx5G5vlv!r*%4w zQyg=tc!h9&_=O6pvq6)1oad|e`n_w%fd8RW&r5hqhZ(Qe!tZ7@Y;M0llvCrSif^M_ z)h%{nx~0K*t4sUU@$7D{RX;WzXHTXXq7!?d<_kjD4aWGN7z&^45J*dXw$fqQ*1qbz zCgy#SY;l$cPdkRiuJzUTH@N)ZHt6aT8IOBiKJDT*aaSEG$TN%8ulhN*UGxFAlBr6M zLiTWY2q20%+g*`;t7&Spoyp$VA)ga7k^Z! zLRVvgs*q#+lFy~+m!h+Av`4nB$$hiEH(?oem$+|E_~7qy-}3o0l|8#tKlajzq(x)m zEiGZ&VO>YB1=9y(PyZOhf*oQi&1PCj)8aq*RCdL-twkkWDvpv(_ffmlGpy^wfdRE$xoPc3BF2QrXaf)-tM!*Jn|+KPuo7s|5d&>J)L=6>LeYn=Yw?@hKfM=H_0uy>_SV6%_YWL z?`BpjxbFlnQB-JwV`{~OmuvvJRz^LJdhSb1ZD1kf<>kc@$-4l?R&8ZG2;z|+)rBM| z+}PK{m^MUoLxLX#J%Kbon)Wb*r;esDU-R)VMJhD-!;ddz@EW7HugUB2BbuN<1#o63 z$dyaDKGVM%^S4My+bhV0%4pj`k=kaK_C z&j_~K{Z_)^U$3|T=8xYiB4y<-A4xM6zRw<4|9#?A5^J96%z!HeL?whw>QpN{JsXborj zocbx}tpq48>*B2pJ56-acl}*n|FV&6D`;J3U~%imL(JUvReRL)ri;AJcJ5k=RLvN1 zQY74e?ayrnN0N`Tp8h&vaI%4>gw!i=`8IE-uR$jI_i{4;@xJATT-c|(SH^IpK% zLwSV~Dijhd5n=GG(Q-$pV3QejHYN!-*Ps!?HC`q0tK~@pD+DZ5G43XJ_@cz zH|cBN>*6}YuqUs*EnfSYRvuP@y(v?98O)PJLQ@Izc**JtC0q|_Ahf%yBfiYuKS4}D zAG(^@Pcu|s(_Fz@Z(a0d2)A$JXCib>aelr(+-X=tL!!%qbSXMmPDSyM-ROIz`dp&rSUc#;i64Hddc^aR^htW@_!(H$P zUePsv4WB$L@k0r)RGF@gs)^`Py*=rk<+zs~D_oV%SEToF2GJGbis7Uhq0!DXMit0r z^Krum_-_%clHxU^rqbeTveLlolF_~kZ<{3^v2Uz6M!g9W=HK+({&3#KyMv}zZEkW|0@p|1DT|&Q8Gtgg2KHNlN?)`2sE&L*Dv4iBtpVgLWTFvd zlfG4;2>zNb!{<{sqt?F^=xgLWLjf64I3D+L0cxS-4HmXjT%nk*N3M|!A4x9(*7_WO zvRl}xwRSkB$9Tg7K=5!7U5#0;pbWcx<=jcb`!pr-=xiN+*&dX{83VfNimFmRzwUt5#fRgn_=|hfgP#(lC!Dcgytx!b41(ElKRUSGE zZrE&P?VBr7rnzk{c1nsP9#o*Q(66#8O@%?q^N7hRI%1TI&i_Q{(Q6i7H>y92Ga%VM(Le| z%EL_1D%V+k7r8sS+nd}dvfXxAVROd^W{H_??veF}(JAJ&@Cv<6e17&6g$TXv6q_Z}?ttM6Ey=9dji{1Lju3F?rg>Vp4X1I_&NEQH;ewj%$4?XvKZ`|wUHyY^2bf)44ljv5o{pqEh|s

Kxfuqbf-rby`Of|=LRs(k7MQm>JilN7{(3$ zU`%d{=kNgj{$5j58G=|j#}2jMQF?pN%d~8hOGM1z6)n)9>h!ra;|dXP9NU=DSk`s7tto-fWeMKJ;H3 z$CoWo*sBi{MdpQQGtVnXIA=mVBH+(v={m;CzJp*JPqI5=xIz5Jls~=R_r+I0ApKAhf-T%oG^Mrdj8$NjKnOY>n6IV7BsaJwASvY=5GcA$a_Bqr~B&5 zN8hr34Yu&iNZDP#{b4*5t9u)(m1t+{xc0b81FTihY&M~Kw>vRwdJqnLX5#3dU9RF{Y|bp9G-c<)ObpOTxHsC>oC&Z&|L!}~b~f9y9I!*!2qy=|~? zvpbqQzDiXqm2s2dZcr?=rL#srud3LDk0LiR=2Kl2-G0%+!H5I5j4nHGfeFFDmIqa2=<`(5q}8*|2=$=5CrWWDKWcSY|JfPw*w8`oQ1C<3i3$w6DtfnHd;c)P2kn{luqC@3{aN%0?GVn+!&Uarg z??I7X0&{dl@RvN^f$O*_u53hfdHuWC<~q;n=A@sU{@NX#j~7K9Kll-Pqd4~b*;wSN zAMFde<~JL2=^T=r&YuEf10t2a4!&+|y}1E?4ilfTH?^_XGzxAL&s}6zbk`V95%1c3 zKcpGo&StXNzr}6wG?lCBvHhOI?)r~8Cd$bq4j!1e{nH?RkfhjM<`^1XU7B=5eGq5X zV_}Qd4$Elwx!18;yesQ(ni4C99z$B1u?n1^O;^J-`BY&W?eu6MAm>9=29Aa0>oBN@ zA2m~pv-&WYE|z>->hUi4LV_(~gMx5U!R5ncTq`dw1BOid*?K@qio7O^Wn@TbJSV4` z2IjkCSHjy1v+G-*26|UZ&y#9kC|OnDxlJ_La28N#+h|pa$T`a7k=#UaJ?2_Mq6FnKEVV<_!c=JSF8;tLe zwrCIK)6<%j2l!AbW#8YbvdCZ1Qg*XbKT@_-1Hm`c)TAMF->hB;CPpt5n^oMPk7ir) zZCV@m;kG$Zh!bFFx_5)VArjY9CT24;8KVsyoa+w4bB%sAzvu?$ofao|X=3%BO9Z)> zNb)xxCw1w56Mmd?4x@!)WT*IWpA6^^-?^8{iQ^UHFi0NMdLp2L12Q-2tP^qBJ|WnU zUWR>GpmPNE1}fU+4n*D7To-YNm-E9aY%95Q1-Yl6CeckZivxiFa45>?gMT)*Rcp8}^7mHQcXSw)ak~O?VfzQWQDhS#o@RD7SRs6ZwgXc$k*2wL zj|#KTz(CcOUFU&ncbT0T7_H$CWJ2ZBS$GfQ9<#X-_+T#_J5)U01CA$taPXntc*vjb z257vlkL90(ByP0Wi25Mj)p36HB!qTUbs#VNw4T#cp)*$Fnp@LyUx2A!3qw`x9~ECFd<}Rn1>Rmz-sgbWMG2ddQ6>YEV3|O7YhPX4 zDhKFQFxgY}gs7!z>MH;*oUm<>vx;^;eJsr$0a-z@rKL zA`AD*=Ne5b8qN6lM@&^C2d+G$1f^r@Md6&wwjC_OsR#C+MKakAK1-IL7FP7}PzFgHJ0fp`t7SbiIT59IIY zjPC>{pKR9}Z1m8r15WHW86tsVsIpVHb_CR43ziq?(TrxtOxmOVwU&E`EmPX2f zYIyp%9`CooYSk|D^&cF6yyFG1JS^v{1;%7E`)$Jm=@I|ohZ;2a%&kw14?!SZF?x~s z&x9rJ`E}~hkZ@FiSsmP}Tqtz)4$7PPV126xt}qbY-E+h#Zr`Qv{wJH-`c3_cHHwIB zo`&t(&J1L9gH!Qx(^{j7Eu)}|+i11Q!S=dq57sw#KEm?Ir_N1xW%58%V>Y{M;(r{qckEt2>$CwJTk=mfNrAwA{33MAEm|ugA-TJgP=qIyi&sPqgoM}s9BN{ zKE?*Z$$)_I>d|ql!uOy_Ei}H@8w3YNk@$dj-x*+>(laO?)3{Yg}EN%!<^Qdqsf#sF@$o zedGg78H87jWHrX8{D|VjwUZK8SZ&#JZ5)r&AbJTV5f$i9+!nfV`OwvlTYM-(RTl0x z)Mn{r#R3;kdVX^nj4?LL_vdupRgq-u`m$?076P_2PhTE4Cp0X+@(gZ(+NW{F%X@Q^p)tr1}{A{zS8X4i$cpo8FHMIz6BBv&WJGa zRDxtNQUKnrp~E-;^1c8l40%BEK;#v`JU)Jtcif!KaOq3$sj^&u+ia)I|9mPQd!G+R zD1BL`Q$e41ukWAn>8^>Y*U)aYS0=4Hqb^~${q{3KLMv4A#HKx9sIvI(iey{wv{)6UecSX=puO=|U{~=qSx4oCqD5qfT z=z%^u&HUIOuOh}AUcB3;@EsU_2G$B zts&o4$wb1N2B9cI3%o}`8q7H0YSz4u#0)cIfDC_N_Ev9&9Ua{x;Xm(Aa5-t-U1Uz9 zQ)_%HjO*3)eAEaJj)3JjS%mT$i8fW$%XLWmnX(w=Lc19-?M{r}-=Qe-?>FHwPL1)? zz{^v;3}#$$XYxU%}<}IHR%wpCDucAgy;RnHRnru+&7_euH)@63|E_?m}-D z^gcT`sHFfZFKrW%@@CU9gY)ONe$xFN16wKw2paDjvb zcP2za$9!lpPd&D-OW%6(*1PF2Mq9%)U!R7W?y)P;XCyr2KG}nrA|Xl7DDeNH>8rz< zeBZYf3sETvr5W9d(jB97Y=ESSh>VgL9f~5-jBW%*Y?QRL1qcWTY#^0WTO1=c)Cb3-v4=ubfc`G!RWe&<?=v*XtIxc?24pJ+pn8P;rJ`0CULTs9kh zNN*pW0l^Mp9ujY`mdN<9=zXlr{SzChgH9ge7Sh`Pujluf4Xn{Dp59s`RXzaYQFk2S z?9pEr%OS$OX_JfTN#nC;4J@)!c>yKh@*%u#+@c$*!Oe`r)IDXiZJ(NA;CmLg8`V zdlPX0S|y4J3rcST5sTE!GWJ1af5x8M&8J*Dhjyq)oz-Kl84V7y7b2lFp zd>?XoY=+4?*`ny?diEY8WZ009@o1-5H9-@etoy_TI$SECnP*i~5-_CyDM&n!M2BQ8?4F{2CHmk^AgqD<)&F$0FibVfUZ6Qs84t{G2fwt#!vF z?VcetKR1OIYbQ~XtO9hHSzq>Zmk5bJTTfwA^t@{5v}UjJ<+T9kpQfzGFwXfOhNw>C zr+ryv!iK*Hg&MaSxNeMGOsBVCSLv; zuLu-RmCshp?%qe?x=xn0&jqSA9m29ppD)%)CH5MlmoFX7eV_H3TV`!FpZ!3cwZm9+|8e;eV91C&VUCUT z%?~S3BQ&{=gY<$1!MCr_Dt!ce|ldkd-3c7ME?h$DEz9oV4ueU}))0I<;pvd}5E@6_!O-0c{Ns zj5O7euD@uNiYsGT83r>i?1qVX$I0-rhRLOuoVGntzbu5R_^yQ?x61M8Piw1cSe%|Y zbLFVM{Z8K`K3t`N?#3*uejM_i)+b=9NY$!NDp{`Y$Ah&RQRBnYCfTmFK7@@m*lN92 zykLlHp~2B$J&mPk-s0-6@TV*UTj1V5hxS8u;`gRDhY+}jkb;;dA@ z64Tg@K7IfD_c8u*eSKUyT9~T8pQw=TCnI4}83Pm+9JjkOv_+oSaMmv_=8lToFhPAWgD2qVsWO9_hD(DV(yNnehYjR&iSU@bG)y^sbni*<_n~6z>dxS`yrwF< zd{yjaRG29nUBKd<_IJE5c52wDM>977x~LM>w;z1ItiVlDVjFlIQtcB;|EbLc3if7AHG%@ooB_Q#DZB2KO%s8Pe-#m>%DrCOzM?e(t;M z&jsg$F$-c)r*Nha2{KiMwTsCOTS=rtqI8){4=iQ z!F%`&DK}!e3mg~B|3DsL{icS^_U-8vbk-XlAPE#R^-^AlI-hUSe2p-p)VRZx<|>Ze ze`*e`N%vuNi&rVBBK8cJI^kYW+4nz+cnbui8OSRa!{Rg_TFR`2$A z(CaYuLEMM6gO^W6?L;4NRjOVOiw>_mf;(GfW%T?^_;fZg(5p<6MZI1NWV&J%kjc0> z?uN}z;dPrI81f#OPl{m-SP-+SV*iYHj8$=RuW>mB7~dwj-#`v`<>G9F9Ka+ywfhX} zk*F?`n=E`Hu?~_c5khEWM$CPa@>Cz7EXw&VeR^(q5M3#v%J1vBSJYf@NMC9zKKH8T z7YczfQ_mr<&k4WjY%+oeFPqFnqZK#nIK>A`%c%un9f@j5)_c2+R%s?=A<&yxIw|NKw+s zQ;YjuYM!Ir7wq!J3;~SzCa&j5IG@igL;=9(+DkU5;ez!)C!DoX^_I%KOj7K{-!vBHyD{r*z!e*8T?UsA+3i zzVU3q(Efqr5c8pRLaZ8k@;HHSC@YfE9J_Jp8f!sR==46A1Pf2>0@xH4$4f z;l3T?BgevhQg04vFi%D8+~CY1>b}P1^TO`j;m|9kVkfETesFMLAV-CLeg(Ih4gO6} zm%0WU>Gj!6DUOj)a!pl_1kkK$JsS~iOK$yr?HIIi6EzRc^`38_Pvg&tqGF*v!w^Kw z*I{J>TBGgG`oaI{xx_e`_FP~bR>&;YwQayf%TdlHPHWNNTxkIwyP`QnCPYF-MOC?< z>BU*E8UHKI^!-n6Avw!cU?y=8&`sAJ$w0tyjqR;ey>Bn;>=fPo8+sx-lNv$SIk?tR zocknMs{Ye&$qz2T_vM{lD#R&WJW=8rInA<+-<6d-RvL|d<7DeH)s4=`n^<_61-e5o zTTWmvih)aJZ!LKPz?@YPBD*(k*zlY!k8ljrACt@s^BG|(qg)RI43>X6T$WA5Dha_> zpgO)$WpCb*um|BJLWD=ZW-wic+qB@5nm6`pz17BQjOH34THkc@98Tz$)ucYIpS9;eu z@)#ztFX5#eMj9sK?X)C{WnbYhegXF)`_B+g=ico*2R|P`LMgg|0yWr&fn9EQ_<3)F zrgb3ppX4WViMzk@BUGVkT6)f9O+aI|Int-ly-dY{F>4DC{QIX&17-VCtN~?22%SVF zZ!e9HB&tW03Ii=z&YpP()?rv{DU>CSibL&_KVE?sN=$a2?@XTZFT6lsr~^HlOh|q1 z6^Y7z&qjDU=*T#BzJO}(jGCW%wPj2ZgeI)tMmF$%hNky_1 zw;%A`jyf(C>uL>JuOY?^K$s z)QR%iF%ra{=Knse7nGmTfn0`bEiwkl~EJ&)8*Vj$#Y4oJU-DYJJ zi1A!=_Ns}_l;umF3Ti#{pIqnFwq|L-C3?}^&RAXbU2?~ ziQ04S?CDA5MlInEO@_*?7gDbjn{-nMnBXkRHn_C4GH(b|{#=6;CtN=7XV4$jfh~$i zvM|DF+i}cTtF7(PXt7yNuH z{n_TUlRc%)W*!VB+TCR29=7zw`Z5M@z3X79g4+*$%o(4o%$GgT3)GUgyb371ml{3L z5x%<~qY}C5RA8mkm2#hi-CmILV^Gj>#Y8QetnIN_p()eI;oJVpwp4(eti?}F&Kbo%vB}JA8Hf?CbLG`2?j`eCOp}jbnq!2 z+v@8sXOxhBcIoa-zLIY2VBr0F^X0NJB*-Z~y^fMG}NQ;Fe1_z9j3r+hHpXn#qk9t)c0WF@Ps`S?r>TJ7zkW zp0cRoN|0e~mMj!$;1U|kAPYd7xrhHW#QssX4c3A)hw>l3(t%d=T9RQGk$}5CU5Op( zrsxjE9@HCAWu_&kE)ChjdfTW^dt{fl(?IOjKdhpoGdA3QI5 zKX6dqy6O@A{$CR)p@>zusuJ;izx~#H@q5jtI*)19u&`)jRN%pq$jB%6!pNiL2UvrG z$Syx$XtOWBD0M%s71$O)^d*C=y8!ZMroH=Tq z*=Wn>8tf9wCwl~@l`wqFd>=htslLFFqrMb+LkcXwem<)F?sk1>T4IW3`*mJ4XXMkxO9>uoN^h6?s~?U8EW|e5b4v4FBV1z@eCTW;d&RKyhIfp} zr-#KS2op`Wnf6NW6|)GBc3Xs3weyNc^P`-7QZ_pz@jp_lsL>lzUv&7R$(_$CA>53l z{n$Idrn)zSW-fk7hs&Lj@R;1VJfD*}Pi=UFbT-4B<2g}dsR`oI#Y)W$o6GSBt+sCY zpZMXa90b~i5^XT;7hMJyrX2~QF9!I0nn)kFLqS37DHTZ%{%ujkVQJa>_NkCjGf*z_ zHdAF1%QT`ysB+vexch*DV`5FYR>KRQ;Xl{u#+T3@U&dFQ%K6=iV)&yiwLRgLSlxtu z^dQyoJxh&*BNHkJ%Qou%t%KD(I(g>KF(Tjy*Ac5v;N5wt(|YutidZExT8$n)O}<2Z z1&w*1raH3U$rH?Rz`OcSqwW4dpiRdp4febVx#_niS6F<1E{x~$bic8^+{+KtnLynG zqkh=1XT=r62xfBYmhHF%-cQS9SgNeEKbN>N8HcemFK^1JN5c&BF8oqP_59O- zK66}Qk;7MMxZW#rFwvIjYdvf6e;Cw4J(AtJ9&E%?V$gKijN%U4H}x2C+C&DxCO-65 zn9Wwe0Kx8(Zwu1T(;Q`9YG+AH)QCHZNvy~auB z&J>p~U9^J`N)!q1z$xz?f+FTVXkX3kz!aKY$s-=X107^fC`J;hZ zm2p!|+gU2i@;hxg3ZE6I38nRUR(HIY%_QroGnWJ17KUh2jWoJ#&ML>G(qi9RG}i_N z?JV!vv=@yRHDFFRLT}ztu!3GI7h_M#T)7swYEB|Kt>D&v)5s7Dh_4dPlMw5`2m0%@ zZPLC2yhoH@9#yDiDi8ds+mEPS4W|JXPk~FdU>f-TwJpg)toQrSC$^_3yb$rw444NT z`ps7=0Mey3$+!tGVJ~> za)>m0pk#S9C z<)nlI9d2`I`RFdNzz>PXQ6cv zY8Ud9i_&$6z&{sKMV$Zv$1o#EP2jy06_0{iNxzvb?PHGWOeUe7sapkRG`1r19UDE7 z-M_`7_h*V)3)_Y&g2LhY*mH&IYehCN)J%ZG5pENLosGHcw6`{DOaz-%DDzX)LQ!^AhnSFkU(w#tWpv4+}u{zg%qv_@AFKUaL3xH(6S(T(sOC}^uUe_YsOChWJ%Y!ZMkH-b7l zk7>{eo|*?9AGq+v-zjV#`DlgczOznWRlhadi4z-}`<(O8-k=WW(Xt4`8WmUO_Xgvm zDi8NoU={xMKI@ZoNqb%^^8AAe*4WcX*OT22azbxDeRlc&o$g)B(78dWR;_x`je)a3 zcg?K{65Ab0FrtS8y0_VDNwIhZfLyFg8nruHv z*G+@g1%K}em~^Swbl@(Eq)HmbzQG&b-T#+PT`)p zk3M1j0`@j>TT3QZuD);2s@fvv!s@1snMSQ#LoCc1Yrm^PJ4c1g;a!*PAgH$4PFSh( zm2{@Fi7NHcn=B>rDrpyI^=pI|ZqVyhT$X#{7(K`~)S& z&6#8DrgD8gaz_%`EnVzkFBl?{oD)v<{rL+A`sh+88*SEL%9OBb&86ggxUyr8FM&Tf zvH99&{#2S~h@E(LX4V9rer+WP{u`k8Cs}G{eyLupljn7(Cnw@uN8aa^Cavf9HQR z(*XIlzfd|kP=+||Zw$DmuTgAnWwMp}upxAOGAC>n5RQf?jh+!kod$}R2%Dqtg)9Ac z#1}{XD&d0GT0_UjC93L~jki3%;Ff0~j;0xub2%8vIEJhG2nax`HWX>0c(QY%0X`%>lEK3TDDlQ+)d8@*XPJuw8X29bA`3M*N{t3D>h2c z?m^x@3Qm4CB8yeJ3$&H63Y}=-C&5MdWL~M_rE;#iL)NP z&GSCGj`f~>@$M$8+%SaH-F<7eVD?6A~zoGt#Nd#1%CyWIS+i8>{=<%j~) z*(1lzzhQoIyt(=FPdY~V0Ji!0b4=nsL6pW2*L>~Y)al{j`?7%#R)|ztr!eZ`7Y;kQ zIn<2ttYV@rf34$0pEV%eJI6Z^G)q5*TWEj$Wo^B~x#4>MtZy>)v$`D2p1nkz^9hUYL_BHQi)C{j%9*y^&WZB7S-`ji8>!)~qicjB?W4@Y?rh<3g z`V=F00gJ^FEY6ENZI2tbbc=^xcl_9<2fN)qAUQetYkJzd$2tGh3Y} z1t;9y6CXpruZ3&If6euB{Xpoaw=Nk~$r@=aZ_v_{J$zAf$zj+!D1?0J>()s}B>GIy zqKG)@w^B0zaI(3SZxj?!SB4Y3!fxuJ$0SxlQ-`Rqz77fyiPB)2Vg_9`->{E@SQ*ub zA0Iez^w*KudC3l$s`o}Ck~M^|JC79ryv!Mkyi6?w%k;KK7v||0+O<2dYWG@-;E2WY zOa+|mWT%wg?vwNbEi2dgaWF8W)LXZD8?3ejCF!Kqnoj!c&>gIX-f}y6WxrWor5~pm zvlr{qVlLv;Nau_`I(*}oZkP4wjM6W^5OziCFbI8TLCeFUr26)d!*qtlxU-}v%gFMmHC27}K>S_;q zu6@HGY3CJQO}l1;{?KrT1BU7j+)PP}!g-fY8V$X5tAY?-2^*)T2|@@BQPw9diWwN{eKnxbW;dR(=;f#@ zVfZ1&h9!pB26=MzudlUlE#c91EP?IYntTTg77X2;Fkw1FLqn^y-v7&)P zCHI8)FYdIaiE@4S8Uz-8fuApoG@%?!C&=cyi#xb)F%`kcK5{C&js$AqSs#%&y!M2* zNDUpf!g+oVqLlgXSr;cv;SIQ1bKiWrH9_r`_pHrXB2QM9$V!!7tX1k25+t^~`@?`lsU5YRj4B0}z zS0(dhwXn{oe%5nLGp)3Wz(#ckVAjA{NV`bLi5ncM`XqfJN|RoNg5Ng2-Dv*Jwl zaA5FdLN~4m-^qvQ8J5Hun~ZKBkxSM0G!r}YH&>I)#Bg0d&jN9G>RqEdmfk}Mkw`%Z zty}`!14oCI{6iM1FSR4{q7vertBTeOs{E5O`wA!@)f>-1guh|DaQd*T#Uqm%AHT-}6Vi+k>!~&zG3T7NosDmY5>EQ@k-GXz6i?H2b|TbNNk8Pm>ib zlpp6R`pX|=pA~sro+=kOe#t=9^38WAF2dbig=G5-Op_hXg2x8TSJ0(>ty|GL0ZXO7 zP>1zitbRH~W>?js)uBw8x&FHk@TMhh^t5bt?Dmi1(m($y%%;N{s<^2~doaJya$c!Z z!vI;Z9g_cY;(paE_bq-1KJinjatTDt_%+d^d5|6Me9|OZxjvX>AK&f^{d{;{loUzs zQ)*x|LR6do5I3HT{VT24Ej>`Zb}LBtrDVKZ*PuK~1VTGDO_jq?s)+FwGQ;!+aPcgE zEILwe<;vq}5(p@lGFoN$WhmxAi=7I5Xu)sdCjUpP?qJ(S4xa;Wu!xg0q!T_cem6A& z^|cCA`)z=N3$UoFI)A&`Mv<@BJ2HHFq{+KkbM}WGfqQHCO(bd6Qd|7+HH5IN7lFVK zt)_+GD4>fz)-yl7%?>LyEP5~BV{c*(%`pSioDsQBGpz2pZPq(-Cf==%NX?b7XA28d zR1JS)6fhPem9Q$`ogx|odUQ(A$_NL79|7AzQ?nHX`)9Wvi|AhVyuqGEy<%h0X?1Th z%DnbR^h9I6PO2!sQ1D=me#*5?ym2XImo6zGHr}T5H@B5L)5+fte2lgqWq@Vqu1Slmc({nTo{_{7yz_)ZsYf$}4 zD}*2{-d{t1cbQvl2cB{08lDAw3M=-T{xgpyVT;v3A5M9-#5%ZS6bS$y96 zUJAF!)z|B~U96EQiK^&w8Lc+7OqHr}`JU=Wg|+rSDXwl^zfTy-NIudgOi!mrRND}r{7xo zz3Yu$Q-M;%1R3~AP)v(fuiVmFQ43VNC2@7+wu+Njk%{@F?*=#arQ-f#qjc28&BESn zF-5%>sl}VWh_Yo?|Ck*t!{HBtm4K?(yy-2H6CED7!4w{?5#s1%Q5Y9)ffA@t!;Iz` zxR0{(pNtVamy+1U%qWHT zCdA-NdqRZ0T(u@T?MJfQ5y-~+@r)#l25S~==O|{LtOoRrx!MJA}Og$PT*jAK9srbnDJQkK1EHcrNte=)s>-8T=CjZ~ED9 zcBe*J{@)D>yE)x+i}n$OzlL%mGAi#Vh}7Z=OF2dw`7hU0s`70IZD!{>n{EF6sR6LS zgQrRn@NKe+ddD8U8U#xl3lu3{xo+04iYr@GpKgc18e`0vJyQ~lXmBVxkn3TbHH?A0 zt}Qj!UY$#RppWDiX6euYt%U)JPj|BRn0x@7v({b{KsD?sWJ-g+1uu1pK2+G<4MNGF zB17#e@9y?h^dZz^@vD8Fvc5X?$AW%b1N(&Yw;6^aChY&^3UR5kp@GGmp-9v7j5I+v zHx_tvTvOG$gVg?qF8(#1+JkKGaVk+K3;mioOV$r>4?~B`gl|Qc3IY4CcvP!XqWMux zyzrT{81aeGE)(`eM@utns2ZURp&NKO=T*P+Zuf~{RzYztl)v4&QB6#0dYyMr2fOcfl+t zfz-s}w*?E6+iP63gzND5e#y_yBQ4CI23myr)EiurdwD)j18xdtfj0Tj3pA#qC zpKDNhzMJ#}yGi2h$8aREoZSwTPlL_N)v96>1Lf)|R1n(ukma%JUGoEE|MD-QDs>na zA6!=zNlAiWy&BR9PTT4V?y4r*Y*WO0_rH9qG(`wFg?k4Fdvp1z-O8|!J&QZGic_8g zb6thX5!-|#m3-ft@Zi$r_-sGxb{&5csJYn1mZ2X2_d6zdRTQv z%G7VHJ{*E30xW&aEB^JTxS=c;Iw2VAj}>l;sMOmG0uZ?l*_T)*<0Zv|gJA{Cqoc3! zjw^Eq*PCa5Cfy2`i!K^Uzt((5T#u<;?BiLzn_~S}re}lJrv}c9o8frLPvL_8Cqo8r zS8kLGCz`MNXlk0OmMa@CkzoChLsQoj1+x`Q$x9dgQ{LF!VG#x^k2kaw=uwZ~$w+fK z@^{J`5OI#E(FhHKlj%{LcN)G_aKs7u4)ufVs0!3kae7cXf21 zymjGmLB*~LnqijtOYMK`1jg5@5pX#(RSV-H17m(;UJ-DeB(KPv#a-%3MgtE*>3_E- z8UpH$PdoJZOll+Jf)n|rSqElA)J`V@Dg(cXkJPm)LOYDB=5)lIx&wdX8*Z8BBj?Dp zo?bQdT$$tmwI*p)tXM0RR0`3&yM=GvdbXeE($!|E7vG^~vAnaXNCZ9blgMNZ=-QA< zwnqXkTejducZ^1jRiXXwyr;TQ+|E64$>e!8KMmEarz+GyaeSX247*UfXD8;!Ti@)P zKUghE|6lW$p(sdA`=(P8jWhWSFG?HQYOK@)w|hlcMN0HowN>@OqId&pk#j=&nn2o# z+Z^h@se|uw928S<+oe%M_g_7``qFZpLj1*g5$uyuiXZ%)72uES7v=*C#2E=`Lb(QN zX;>E{4FwD4Lq1S%iZ;^VT(4G6Kr^0rVACOLg2V|!I&=XV??obM%I`9#)yXWbQ&|bX zjpPc5*rT^NON`l8if_;BaH&)+Q@<9tLcqvffQ|az+Ju}x!~63jB%OUG5xpzu!}jq$ z+fDbikj<*65DJQV1L4MxkJc4$nqxG?F6Be{ksWd0@S}{iyLqM@u$8$mx5#PJT19=X?2)f7VkWX>(pO$WR&8!Z11%kO=@#1sh zc_I=-M7HRK!m%5X^jI_b!_I7m@18+CfXx5FTbJX**w-4Rd8H`Nt1!zvuJq4*{VpkxmSFtGAW==g=}}(1QGmRxu%Tdf9=?!`l|!jpo?zZ+9;Rb<`&^Q zzex!%ZC6K@`Q(j!m%w8~U%CAc4YQ@8EHE35q{`)Vm)R~V4x0E>4)rc{4U((-mt^$i z+n>cx*>Ce)A&o@O+N{Is1JMYw(WP?2N5D0Q<% zPMv|p`ROF#q_^Lf}(#2 zjmF`=X3F(4AR;9A)ZfY8Lx1XL~wExjoA5uJ^ z(KGRNvNg+(pLAd}(D6BPlG^_BW^U4MN*--R(AV212?o}DFUE^k&38x==#CTF?pQCe0-adN);F?i*@{E0OUzuSl2 zYz2jNLl{O)3CYh^x}*1ELKBI{iipLC-VP5`#aX`&UpaLW?%VLcy?C%#|JUw(`pH6X zlKfXHBEe_&n0LhB+()VBf||5r7pK-k7)2ly=iG;Nk-b*GB%vifV7l|f$ok}y5x4N~ zA_(lrju3acf=s`-Z4d$UErQ0nG9>)g#1Bewr~%CcEMH4QtMe#l;ojoyw6^=9%-mb* zG33vT`})#(ydqge)Cpxm5n0}lr|F%7Fq1M%fdEz?RenSXZ~WRP6(qAq?2N3l@3CuY zy?4bn@Pd7}L!>2D5Ra3+>_Luiijjwrh)GBc?>&JzSLJG;*e~1L_hd8hiQupvHD2=w zOxm^$zuAN{xdRQ3uJG`FI9$TlKkGbCO6whX($1I9MOML+PTb8=<3uy)BA?e`@78RX zLirg&bqGE>8&#v8t)6z{s<^=?M$a$zIDi|b>S@n5*RNVz?Jhix_2k{P7J<4LW`X$( z&$ORM`!-_fds)6(r-ly>&u(!K>Rm%4MfLH(RhKK#Y^Nj?#2_=$N%$c1mC;D=m=sc- zhqh+=UJm>)-Ps~d=5LE+?IFPyMMDc_JZNAF`&GZAK=;tEvDIGToVEl=}N{)d7DVm5EVTmwNMan{nHtxgSaReFVP?J)SbKvL-%mW4z zF1QyI?0&V{`=zqEtIpbaGHflfWl};K;4+mZzp*oHd%_x|5&FCbv$)X_%AHyFG(_<9 z*d6P&{}-u!)N*n(_j+;AHc06;+rai4kyf~rzDSjmm%_>S+jGm@x^S7H_xLt_dA=L+ z2da~2(>D^eTiU{Sy7KL^SG<1>4lA7UR)K^aN-?u~R*NVM<6xA=OfPL4C{@jqCDfhqq?}thG{3}O=@LFICq!^X7 zM-6%xEQ*O`s7?K;?8am0K$gJlG}znc0}hPn#_rfR?&7T?^2S}WMc38(oOzbOzgO;V zbqTor!xnZWe0jqav}Pr>JD_c;w6i(@U2U2sL-g^(*qN!g9E39aBvsnC*I0Ld2hj;9 zoZ7V0EX{vZAxGO?y%jeTBdsMD`le)*;tnP5+WoOoT}Ijv2O$Yd@0^d#KSDr)C}|7Ki9gCeyTtLS%BSv*(+^diSixqqf{aTMqwo*u+&#$){JTPe2RzB-*J zm~{6}G|rW=$Z;MWZ&{AnhCC+ad?Q=a`xY4RHKdUu;-$gZ(z(Np(kZ;dM@I0KJ5;IA zGFHQ+Q9qaauO^*mv#tZH6$P-gcs_m%Olsf(cW8YpZVa7RL~rFi`$0T~a{bcdO%x8R%txi7Jk+VH&vol9CH5@K*ML`PYF5F^z2#ghw?ffj+4Rdsh-iM1J)NVt9Uw#{w3{aWR zukpuaxqyV94Dap!oWG`d>LT(0SuI+4CFJ?h5x#ywf;XBK*dHi zu-~(8JU6g5++@dZtnwCXKkmI6bfm>0*?*m2LOiOCVxaAAV*m`n!?)d`w*-z`pN&h> z-ijPRtv{yi_toB8b=wM|FKEA&@HP)W;PC}e`1TeH`A2D>^U{bZo>a*i8y!tFjwgr1 zXr~Vgfw!7HZ2Y|vSz*pv*Vo4KI{fOW1^TupC0wwaiU*BsAh6C9Xhem`m;aalc?Mpw zld74-FCe~9Z02sU2BGSx&W^{oIwPa)KNIpkp#Q zGmbouhzCTs)Ge>iwB(wNcaQD_ zpn)=v<}*0#vV5KoXan1m!fFk|?MgBP=??}J@f!CXxd}dKqAmxV<2vGqU7vg9;BMg# zL$L-*=B1Xk9kWTDa3;olKDvVZ&G5O++lA}iAl#Kmb*H!kM8D(ij)GZXRfrC2FFrk8 z6Dw1*m+*Dmqd`@gv^x+579}lFQ!F9K6#-^dBFLGT1rc`fz_MFous}B-Sa1d=3;tR< zH)Ma*>{|nJ|I|S89T#vci@ii4Yp}BcTu6cGRXWp=fJs?KhR1*=aTJVnP^R0XveWN5 zNSGfmy7MUJ5POR-4u7hBGLIg>rX*jH)$15SfK_hS+i$7cPmG3Yj~!PesIUR70q{xF zN>x3nUDH%xvYR7}uBtZd%Ocu2PIS-(T9!ai1oytqi%D;?ax3=uVN_x_78y$;)1{2& z+(SyP+BojCZd7!@J&17?Hu-QYj4MEfv!pc#O4U{mm2xS)RM7>KjV3kPp_S5&c+2OO z0r~n6k&nH-Uws?v8`nvh8D8f!C8qaTx{>&Q;PeGRmgVipelzf6 zaLf5_Q~C#tRz?k*&Bua^cn*MZo}RTJoR8;e5D42ye0}K}LsV!Y7)6iBZGW8UNzK28 zf2rIV92MJ};8_#47A|BCYI<0mp&C;=dAzQY$b&L1w;IS>_=AbQbgheiDySU7OQng8 zh$aVRz8sLhwgtNO?h29NeSgJ;X*35NdfYu4bwH9@>t^yN3cwAfTB{sWx0}uacTTqI z>jyS5@yavR;dp{blY!%nAkKFMz?|w4I*&Hgx`$OxniyAdHbY_WIf26UM&_u@GnS_}(J)gV~s^DzZcbYV}`Q^C{?l4`&F_Saf8=Wc2^Mp10os{;dI!l=RI+ZE=`6YFtK2E7GzM&{S9SJ zVhuVrY>&Ll0b(jV(*rHCtbxbAgLtW{?oVA*t$vI zVtkpUj3ZN`fJss`vrO05kQ;Nrj@+nE$g0Wod2a@viFH6thWFFIIY^$2m%-r{wwi($ z9o`aCqZqY~XWGMYeg_f!AP`E8sNC557IyeS_}Dug-YF){9Hm;E6&;+z%J^TaWal>6wcz zv->#}>gAA{MCLs0|DtCF<#$W-?CTL?G8r!8FJIUN{nsI&md6;EC3MjWbPa6G5KJtm zg5OSg#4_JT%EG4_;72yLjY{cB{*zqd5w)w^S{2D;TcZOSQ* zeKB>4HFawt5dp_P`jEDfQm}%wrdd;v#&eFc0Ej_QzxH4Dc`a-724r3mqyN>i3{`$) z&Xlc#Cs~%d>*(ql6l0cWkmoexm8Q-g0sm2C*6W#lw(J2^Nh zCwKKM{CPJiSFT?fwDpDp)5j4*<8YWUs2A_U8pPx~o<{z7ttDV!rL6I?GJ^hxu7=7| zt$#U$*2(hd^Q9*zX4k}*M;-Dz>gRExEPjhzsq2SJIQ^wN>jBwkb3Dxz=5-&Xl-9*7 zoO*_b&DxfW0#7h1hBRCZ`zw1>`3F10p*8vQzTZHW-gw}M?UO#C<87mQxBc~x_XEUz zDqS%pV+@5|TVVZWUCoPl$F%2KfYGR#SFM?+A>egpZO5;VNxy$s;2kYSrxf8pug6H6 z7836dX!T>q+K16kgFpkAdLB41xb|u`6(lTFhGb2feX=yWD|VX?e5PS04adoJbWE0$}ojx&A?+DA#=I%<9#W(rNPFOJuz z^Z#@IU!ut@I=7lF_HDC_R}xsRnmRMehl$;Rk59GM zP0b~;+g^ZO``~~2^8u{q??)_p*per?&Ve4eSAOiTG`l=lbtdn~*k9?jw~&)7i@Ga? z!bQfc`&|ijobX)Cf3jWD-_ZY29v#myU*~w&_{!Hi2T!dnKiym25H2;C=Se+t9AoY+ySR%gX;H=~QD!F4vb958*mS%Z|uRjY_ie|+P^ieOo$;=>6 zck4=YFT^OP((0wm1>~Q&B9_*xyuKd5~yYtTb#B~Po<$T7p!9j7Ie|2<2 z1F#I1zFvQm>=d|I`mxSH|1*ePbGF0BYUOKdw!uQEN^buvO+I~8g9&Q<>hx!#qm)j= zfTrBA$XI@n4OWo|L`qX8{b|=&{Xce@rxq3UfOxhdjo-y(4O**0;lb_=tTh@dQ?0EG zRl<}X-+!#3SHm3oAb3uJEeRr$_bvpXE#@MOZOK=7PiPZIsah+4ND?qNW_x%xUZviZ zEL0p=3wF!9bvz2zfg{zL*B?2$mp^K5z_B`vSQ~t3cUK&#BtfU$v^^@bth8S;7BeBW z`&m={?IKLTxHPWp&9!275#Q!u$euOpOZP{Xo3Yg~u1x?}t$ zU66#<-C8mr0j&tNY{Zb8VT8?FbUr3tw;liO%2o4l`M)9qI|qBZ1QDYY2@rx~7%+cx zl1OC$Z*m?PtSBuUz8%#7W=Jw-4bi{%==bmRGWlV7S2?oov-~|L z{0$AZp`7h4jvkF%tApo@LJqFPO;o<~C8NS#@!Jjk(?jgTKoc`kBfxj zI#UbI#sKXx4Z6HUDCFltg;aN+Ya)OY?C z3RsyagV>5oK6U!zDRtIFiPJsySHkCnq@XFELZ-kU>|EmSo&kbO&3-sYfg^jDWYz1*G>T+SjiHL%e7K|4-eRS_99f-4KSq z4><4|2Fz4Q+nS)WKqd0QtG5_5K&17X?{|ji$eWa_*=u+AKz^_wS%d8 z$~Mg+BZ&LW_mQ?#D)s}Ge4@vyo_W|*}GE_hjfy_)zZny^&-f$dA4 zM%gMyI6g{7ycqp&ZA@V7bex3&RYQizw@Ceco4g~KJq`R6zG0F(Fo`5r8OtRTOgq0p z^Uo1X87n$`VQ{WHsgVrc69o}lXpC7wzq)&|$#_C5zFjxh_&V;^aqoNM%Bm{M4ytF2 zdRrtn>Rc5ussh|j3rl>kiB&y$YuGusp)m%ApC!xBjk;520(0!<8%b%yBPlxeng^znyz|HY4=hm8Tt zB%Sjdr`xhEM7A15ki0rG|xp-+`6Hx9nJPHdqFpge!bSkf;t_1NH_fhTFH5XjK_K4WIYy70-)1k4uKN6Zm4X zG9%0xb<@RA=4N4DjHWS@&3O?jHwRY4oWF9IF>=qm82Eq8y>(dBP1HATfRrMQlFQOa zs7OjlF3rM%G>U|@w1BioNhu*EwZtyn4Jv|^Al;x+(t>opvj(?5&+qsC{a)8z+0Y6eO0>24=EbgVU}vwz#&B*O0EvnEx2>&` zB$#zhNRyyy?$`EPt7n%yUxEwFc}-9~3VDu+`bhQmz*9h?tGo0-t)ugYUANa@-LFNP z=tSpUJ;1`@Pxe@?ZXSHll_a!yzK+|VrWF+Hnurz7n!j6Um`_O4V|-U&u-?Pf4HSei z1!#Y1{>Ce`v<|HdB~RRTaneE2w75I|7uql-%D{p6xrKF|U_GuxQ91;lirH?m?p+~8 z587PBdwJN{kFWmWBYvjHE9XQWw#R#b(gmWXFM|}so&Bp~z&$MG*~MGjJVPF++yi%0 z6Z)-{GWiD?#y3XZ(WB0C!N#$kw$ba^O19)G1>Z6gxHHR7Shh5HK}JW=v+_Xd2JP*x zEwM|wEu#Sz(=1^b3W$qDj=@?A=rEJ0tviQZ${+aI)cfo;H5^s$g!DU!IrS(JnZpzKATc-ZhWEHC?<)T0uT|1t>vj}4@@`B5uY{MhB}>EQ?~Lk->N%qzK{4EkD7LS{yYk?MA(W33 zzub^qsNOK7g?it(D< zI%~U>4GV+4359K{4{egqGpRc}u|n@L(yo%BJo|3AN9Ef(2FoCy9bbPX2p@+6n1=~1 zKTO3=6DVda(%+g%Dn-GXw>@c8zHOg0c*ZVlh`r%f&mWsl)*AF0CPmJb@ZFXgTV>!S zW}wO!q`hLAUwAp;-2+kzYcjB zgOxwHK^|GvrAs-sV%3i-tT;Si@2S}Ku;`P2E-XI`!A8HfBZ6vHl5^c;HaPa#a7_75 z^)r}3+6Nl5BU?grofu^ZRa^Oizwrr_G(2Y;D7r6ty_Z9sm3#O~Y+%0y*A|7xf#Wt? z&%>QNNd8T}?ekelqq^=p!D)fXP{cYiwrG2)y!E44X;%M{95V`06D??iakcTf4-xR$ zMMwsi9DP1WX1JOw!@-nNUe(4AyD0#l8@#aZXysqRrQ_vcPlJN_?7=nc2L$I35TEfJ zDHfGzKR-Xj6=1MnQI<`%90=v5>U{LreGS{8#1MFPQm#!w>pHVf&tO*hltR-W?ZEe2 zp|%FX@|9fy5zV?u$De>#Hin~+^(+ZY4*1X(s?aDQR?;X-C_UrHNd)rizWsv_G64Xc z9NBcmem7(6PT2N&#uZvwOU6NPf)sZ_;aT9_x8Sk`*&a12dI!n(gk@TwU;Fd1ip%N! z$_}aq(h3}Y#Q+j6=?=-8g!cnSnLMayIUe~PWQv`o2e!vkVw#!ho`g?N&T1qG1h^t3 z-wT6h7vm3rIDq;!nDMQ_8@j|gV>S0aX>TD!fcsSAB+Adm$JU#ydTKTA4#r}DfCMPt z(cmpja}%ig4S_~DYGK3Il2b^Xae{hS>+)H2=wz%Nlz+u0A*BD4M|l8s6BItNkp)8U zR>pRVo2MEEj3TZ@L7h*Ij~serDBCUrto%~*?%1Zw;vy)+!IQmi?-_75j$x2`);eOI zl8kr|`r+Qjj~}ynrCl$)kAI|W^lPX#XAorYcZ=@m3w=xVpV^yFi34sZMcL<9h-(VK z+I17`t211*QITh4IM%Q*COZTE@fEoF|6;-caeg{?H`FY5uxP?a&Z>sXpFRp**}GK1 zxMfb2zsN5uQaJW*=M^{caSMuBud;B?!POTytq95RD-0@Br)I62F(o8d-p4JvSIMs6_7o3Ss7c zsXN^0=qO>cFGE90v*xyPM0Z(0OLcp*XSpH3p5BKgky}V(ghBWI`cT8u7 zoxxH1;tJQ&(!$$La5sP>sq*4cYJB=Wf&@81ToJRKW_Ec)T))S%r}*`;0Q%3Ef8}k8j2xNKioPMI;T8;VOZO@sE^c zqbz9!umC7>o5Hi9G}uj1S)vowS(Hg=s>;qi0Fhtsi7>W=1>zK z-_k8Lc-nST&Q~rqK90`IGIA4(#g~4DuFS7};=0`N1`QMzd@w%iI@%WjKENqW>&-$V zZ1ItFiPgB@qJ9N*w9beCyL^@-cVd)Ep#1&Yjq-S)^6;lHOcBvo9wY8V0lQdGWK$8X znag4WV#`5EU!6;MdV5peCr3qJoL5FQIqnwFY!BNt9G1vqY zFi^~O_FG1TRzxExY}H%m=D0TIDH9gz%AzD$Gin^_s%Ceb? zaazXP(Hbgv<-QL!ze|tRbSCgAiatYJVly1PkljA*B{UN$HBt&zHZ7wpv#;RZ# zw%s^R)lRtRw)Wmo<1sVXOWjKFuF*<|DG$ZW){)#fqqmRfshBsd^TGjx~7 zly2SG*a;fFKjA zp@K_%*k>=U=h5>TB!W830-W>gz4&?B#qU5QrLI4)ngPm}iSvjWap)f3(>-Y7M+!Kr7f;X!tbNdM@DqT}K%c9$#iv26O z&4SI*uGk1v9Wcc_{-$%t3mr=RN4{AQk_-Apu%<~$qu4WiJ)gX4pN zjRSgbHayLvH;WA|aqW~VqveWSox&Q*47YFV6?8OkFJ$vN&RN}j@*a1u@#H}Ks+0L{ z;slbuF6aHspvGJVgvtF-O?q6@i3^3tQ@nzElU@Qc zq$q~iXF^KA8>Hfy(wmCDC03WdX=Bg_N45Y55Xf(a1;G5(q)gZeuleof8rIiHa6<7B za!Fs+7+aO2F~z`TVn$^al?5h{NcMC(yQ(i2n1^f|_RO5aC=zuCzudsB23L-4Iq(dG z(_G`p(b}i8@TS1acLOU89)AhwEj3qVKEQb5$;*Q-BN;}N_IZz1HbKSsTq!iDJjn*u zc}?Q<$S2)m2YDh#n|;0DIwoGg?zKM1w&Um}-MC6z2Fyw06R`3uMluI!)Xn?AR)>o- ztj8*pWh~PP(-8+dYdo~VPHIOGlFc^O6ojM$sD7QMUkZ!47vU4ekHe)7pI^)^jI}DL zmbIrBd0a$=12r#xZ76M7R{j=eX;<&e*Mqk>^wEsrg3vNAVL7yOT@O@!sL-fzkltnj zC@RMe_v%@gC$81^_I|*0)U|Fm9C?V{o`c0$_T?Yx?oSh5K%Hj=a!ua*XY?cLX_jZA z!r;yVa5Qx=qFWvryUFkMoOs$F=B#ivHRZ#7U6nect0QvCj-$x;PpEY@a=);S#K>bU&ZYC4MDTG>SD#E+(&ekd=72}~AMh}37Mu&D1R z)E{i4#R*@5yxB95GxE}R5cpmoT(lg(2<^3b5}mu3T?1>T*B{!h(NYolBJDO8Z*JV+ zt$qi2TyZR*Q~V?#VTszVA??^F0~Y4CFd}h*G$;_JESIEJj+_?rMB_zB~VMAO?gvg*Z%`Q>%E9sU!Ona|Y zcCKf)h1!mc6ot7ud*KQSIcvh+7`je4E4%=w9IWYUg>~sQZ%^PsPXdrn)uej9c8^k2 z6i96^N)-S#@l0O$)(PrC!!v0=VWaQ~MK{&97-yKE@(lZL@UY(z=>4z*^}H8=puP!< z9^-*pF>WE3d*L`evFAg?zFoX2$06J@g$D{GYd-L4eGQPVU%buNE#F{L&&dA>4h%7$ zWSvUF>ty=D{oLy%A*iODkUtJmupOMIHHGnD7Oe|P+>wjeG8WLA@#p7N&UxXgrSGR{ zJyuo-L0mi>(6MXH_JYIQknaNUV6L%=)@JF(rF4G8WWiq;6E?sg}mamu}GA zi>VWwmeDzw){Wt{+-PL=Fu>Oo?~~!U0@1w>Zu!|uKPEu=4z*OV!D_b72r#R8Iv;~X zsUbT~L+Nt?7{AvlRxNDcZZ%%l!+ekw^bp6BJ-E8!kw-Py<4|CteR`}V>8$?qg6>cn z#v4ICM&vOOrLeX7CiE3l>{BV?0kk8U;ddwRNmZXddzz!PobWc*Ia@zj1pu;<8 zGCF8bO6x;6`nlB)HWxCWdhoKK+OHwkOx_0(m)K2-G1I_5z2KVKM&k=sH4Lq;#BZk?t(D-^;B)GNJl39X!O2%+_H?l;I`rsgfL&&;UCJjoc z1o*4NF#EyOpfk*t)|Ha&Aqb^04vlq3v~0HV^6-m7Y%Ao-9!tsK+RA5e*!7OA+qOBb zp|`U11@8FcqB)$cg(t}wi#e*3a0OkYp<8oInrcu_WB78@PACQU3w&~pr?I9Z8>Slz ztSRl!!l-9jy=hQ{Y@h6C7y^vk*O_CY=~K81r-}?~oL18bff~2%Z~0zW>+-%kcvQok z7bd#rF*6%y7+W&i-rh_}KDTu4vbB!n9rb|6Y9Nuxq}e9G(`*Wr#;&;<6!Zg%i#~L=%~i4EHXOXJiY(PiU}Kcl5UO86nGi{G%zaJ>Rkbk5?90vB-y0kXQ<=3%4GFAn5pPcl|-nb&mH zhzF^|?qsKH;6Xlp{@&E&h@3uRA~fig3GLvs8hlEaUQ&sY;Yb%*Zx~T6rsEIT38;bS zlI`g_>z)JHC$+AH#zDs2QB*cIPWVqh(0M3jKIz5Q+r?bSez2!KX7N#yLqBcd*U>ID zQzq9;Yzr7W;C0&)a&5$7gCD&(IH&>o3A7gNG+!)_U@)*Nt`mw(he> zy`-{K5~;SF12v30Vz}lP%28{Xyxk(D!)auq1=y@)mP0;qC)2~w;O3^Eq^nwDAAdqVEUFM|3Q z#2zc%)>&QUWw3G}<)Hqn^`YJmsT9S5n|yG+Zf`EpFGo7)CN8f>a9KG$z0&lI>)}+$ zcs!f??K)8?aLh`gze*WPbAGK))VQ(G9nHJ{rm9%ZWOkcWVet8%bG2$4!p% z%*IvoFhEkb0}#B)dXJ7|*GUWE{vvl3fDydC!XbKA%<02fLqRrzjjMioC(l3Q)R z2pnZm^Cn3v6>IaY`mU#+0RiVRE;0bt+#e+Xc0W^D%P!v8_Ys$VcT2)n`Hzc+JB*J=Zlcb&A)c6SUhE|Cr5Zb=;P;BHhh@L!5Rxjyeq=DmAem8=nXnvKoY zJwnOn32F==VN?PyF2_De9c>o%3tF<&%)J@`H1f9dB3q)sNx@ve)(6kqCasa55~4W_ z6lRsTbn|vd(lf@&?XoMj?i0}BBiUzA^ihj0-upU?0>FpiCR(@xfHH?ZH3J-akPHdc z$X3$qnHE%=en-H)8Nwb3@}GR~nJ}KksHXoz0NJ6K<;SZP6>|Kk1*A9PXGn)u98Bk? zG!>>tJt9HzY>EiaZQ7G=(eWLh%a6`kkXZrCVxK&-`ncsMQ#-~p>gH*^~9(S(l z!)p~Io9M8GjMqi?{jbmoIUrv=5fs7qPVzsGWN@*8IBaC6c)duI3PcMB;U9sJuKqhZ zMDdZ~v+Xei9VzG!Pm_6*Z&S{-%hkS`kLA*f)-IQ;lT8TZBe_Dd+riTqJ^$K6MN`h_ z+{Svwx7K^s@p6QSnJSsLSBk^6ty%{ZxvSsbI6;L|R4C{^zq-)y9l)omf@q|TNs!(G zbz#tai@#=PUqlw-MYnTN9s6@+VHmXl$MM74eFUqybvmWdN|+mzAf+=Td~2aROs+F9 zh5jpc(PhM_1gR34Y{_Q{Gh*ch4@9uh6q(z%aEVYsPR$fvFoSGk`nynUG@a2@gQv;D z2l`wa&Ec9bbrAVrTx8LgwWz!_pW;myQup-w0NxhPB`Rb(xrfn|Uj5ZxY&)N#OsZ-` zzTHzL2PBASn4p}YpL}yaci{W|rhz7&y6<%&8{aY*_OfRwCy`%^ILV|vE7m?4dPaPM z!$f(oC7lkRt}lkIefuC6DB~k*#p((xfQ&YAt20P+gX5_I+LWe2&Z$6bYfv63w)g(! z;w6rdaIL!Kk`AV9?{N1{r?A&l2hmEeMRbTP_P$G94$Sh=xW|xr6x2`ey$|QE`h0F+ zu*!ZKDL>7U<}%-z%&4qtMfKHIScPXPyk;F_8F@X9iT!-n$hmwpd`=EoGm+vo*s6^5 zIytgj@M>emzb2;kDXMcf@+|R9K{7(UJrX#ZI_aHcPhkxBZ7ok-5Tfj19O`jrLLZqp z4uksEH|5#<5$n()1(~Rj%XSRC%h*sd9Px!GX~SP5^s`j3>Bl8ojI#;fM^Ly0-I88a z*-X1^(5rW_-XKfR1C|lp`oP+a_G{qQ@ZF9*+b-k^y}GXJv4jJ+QG>qdT0gxsq$RyM zKdxLFA37t{?4e*)Y`gOTC;LiHP|PG(3WxklH_2^Z z5cEnVUxKIEcbEkV^5M(48*|^8^(L*sM`Ck9(j(pMBmvDObUfiZ6%&@Jpsi{UDRy>j;V1~f<;yVth(~S= z3RFduo9k0X{_VvUMWk*YJe3|{NNO89S}+eA2di%YG2io{Lg$G}+X<*@ z7;P?{_lmgpyuptRs^D^fw3~HPwXF*Trz7B6mO2MEMHtO;}jfju=1`av0o6dqA*T^GV?DnZ5U<^=s$uqy*JS zA3uJM_u`Y+6|#N*$R@|uBfRRMWPTzwulCi6T1^G^&FOyn(f1xo&+&}FxwFoTpejSW z^ZX(4>{8~vy3dzXT6-e4LJ?||`fqTS!q0 z;JQ>suLZ|$T?+)5YxFESCl$+9f?Qp~hWhJ%JU!TBhBXFiRb131vXs_Q2|`v`?Y_Z5 zQiq{(J$kzgPr0j#t|x%|PCCR`$2uNAVMuT0(uuR?*dimjM}MYKREWQa6Nz^+qvj4O zfGVA~hnQikW*g9BvTAiyaA($5?T}49+YpBftimYclD5jAs&Xo``b!f{SDW zMp`@(w1#ejoHC ztpmyTsQn-+NelEr*L=t3=A)mN`Z06^Bd-dm>P$`2zl|)CQ4AfX?+}pQ`7Z+EZtqAxGLZ~WfPaXy_sYe}X%(uUD$wg}( zhqDFAAQK9Df}$7^wmepg7dlDzKCafDh#3*1bXn4q=TkfyhPQdI$@SSUT9rveRIKKN zmSMqEeTF*qPCRpm7a9$RM0)F;mTW4~P1(1^VcWTd)v~m>{0~~D0*fbH4s85hYJ*uU zZgp$17;c%EDcY;ut@qA`&R-6t> zeuT}gG0mV(9DpB;R#Z8V8mP>eJItE&XTUKpAxjSI6Qetvdgm|x!Zb!O9KqzX6BdaQ zdCWn6H{t&<^4gP>18=vs4XNSJ?pD7vxxAfiK& zrxA%}&VUU}SK4-eV1R2Acmy-4zug7raILY7H&+5VeP%;cwQ`d5*tYYJScp+sR>;aM zsY8YoRM*wqA6xq)qY*ax^UflwAHfB-io=Iw*VePM$(4=q;Tk_~k)wv)cM5+TXL3`6 z1J&o~DeaJ#u=0Z28^O>*Hp1m^z2(>4so_F$v~Gy|$Hj^SKce=DQC@=&+xyu$PP7vT z^Jk;v=q@SK>fzaY-?w>#V?;a~&h|K&m5)N@j=o|P6_!i|F%|}PBn05IY?_Hf@S)}M z6YakAM49FkPt`7|BS$OOD|7D3fU9>coV(a=!_gz{2?Or}-v~;OjExtIQtRzSxz@X^ zjGA34q5!Ck(&wU4bwW4eeI{EX{Qctz_!?X#WrGo^Pn8Vzwm8aH=$Uh9kX~`@yqzBwfjWpV&^yhn&ktnjkK1b+BvIY4}G(4zn z@5_04G98(cwnG?W&LW=S;Lh-Y5uZ-(gedayv@O?q5Ukk(ROoa3c0aKF>}*E|xHn7h zrBA(AhdH_i8@HOzboFBs`$SF>eG%@xjKlreBRPW1*?!};iqDbRfPjKS+Ac<{SY64& z&iGr{&x{HWb(6=#zse!e2WG!~{sR}VXvJ{ZG-{r=b3IcXa_-XYv;PVq=yR4!A$m44 zWJ;j&VZcgb4P1Zzn48i>;~y|wvMnU{T5j`SfC+ z&0)^tP5akYHLuGUBKi*cx~c9@)|YsoZhU#|pY;C0E<}pnWM}H+`0i?3J?kxJWUJt} z&;Bz*MqV*`7sg3$m_DP<)lLDC9x;%@%OT)u@@gCK+^*iheQUw*PMlmipgZNYt65gz z2MV!8FE*HM7Gz_gx!XWOvrs7=K;joa_xN&>fK}{_nK{UTc-Iu91A`dgLC!h9Jt3r| zxoMw1I^bha%el@PX%E$8RF3`D4*~hh8>uc!y>Kcz^VkcJ<4RN|-6n;8vVV`)*6p%q1+8HI#6R`3RG8Y ziFK8hvHVgn|BOv@DLaH^`swn3!;sCy){mvZBMuFaO}pb$F0%2Ru{TSZT9t>?lShZg z?|b9oVlElulCSQyMnjZJ!;srk;&q)|GcITEjBi6FaTqC!?#;a1=q&Ai`tb)Q%3v^G zH;}F=kS629b8Z*i8)ADaj}7HipZlRfbyhO@3eszs$?XRm4mI;Hh|ny7Mly`VAZ9Q` zGC;bV5|cq2RStvD;z?wEtsjY8wx*Ma2`A_j3Z8ryQAm`ts~5F!UtzVSRXYkz%&MCM zVjv!n=iIwD1?DzVT{G3)ZNz$_LNj^y>WY&S&x%_<0ekSuI1WNkBDwRb@|@&_)jg|- z=xas=-x2*cO`B?(EVhE)gHSaA2XI;qPtyT7iUoGlH2EQ)t{3F4P+$uq~b}phhL_L zEq|Q4X4(;>xl?MCWjKU;WII|VU+?vO^!X-L`&1%NBEN04-#K{p35!D_NRb%2owPMA z1IoHT&!a$P!IO0L7n`z_+=H{#$|F8l85LvvYiMWcMpDuc#LL?O&M=54-Zz`$Xw*V& zOFTa>sBF8_Oli4T%_yh-n&lfy>*FZ=)!=B9m(1e3g$$GF(RZ6zY=#PaSCk4aiSG<}*$jVf&ak26&0N6$iW7q9BR3T#fq9=BUraf+O5)~yDkyVR z*sWv++!323d)1gYe@pG+|1x+qqXW>Z1Ivr>HED(sKXNYg7CApj=L5HaL}R=8@Vwy$ zRo?^=9_jG+)V}u9AKH-eFC{4%a273;RbGmD?ms2W+8Bgdfm&Z6A60pxT(L4r1Lagr(0?E|7LM{HCW!IbUz}*CwE0wOoiLKU0 z%r%Fmv{hLrb7Lxd^TOm+Y9?PM)_asFc`;?&doz*7>`?%Fv$f<`u#Z+x78{5jnJvqub)R%9 zcn**)n%$Wq-LTjYymlWS#1~H*M(}R{zo4=Oamd<=`d0t5OS3OyuF14NOR@38)i8*@ zev~5eQFxw)+y*_`)*fQ|s;&YHs6x$~@Jh8XCUt+JobeVTzd|M#nV*51P!N#>`Mx{| zG#Py@y$HWGx#r2phOyo;E9Y?PqMML)d;Yw3x<)+!-XgT}{u?WYMLj=I{>$jq`Xx7t zoElY7RioCY`=x{#DX8gi^`=SCX9QkRb$ZplNI+3=lZ zR)!4qtiyO}H6s6bc!S;w>@+(4sjg}M%0Y~m`uvW7CweEYE=7oRPD$h08=tf1P2O;w zS2wF`yQ${kgr>U-PL-7layekH^-XmLJBs6HR)y?+r)AgMNN+7Jof3CBZEggtUmI+J zIX543;h9kQI=w)r(IgVN%gipSBqLYv2ez?;fcq_u@ixlt+FHbqIfbsuvv*?KwchfdL){RriZCVHa31wJ3Pletg%}k2k^D# zRH7DTgD?@Cg2X!z`qB1Sa$E*GD~2LLRs&0Q8y+TFe^%re@n1G-?q* zTUCOv6bz&lK-n0_mB`}OE|Socie^v{A*6Gl3Uscm5{}G)#ikdCoskdAhP_%WuKpO@ z{UPE^I()u6rCUFHT`K7o7byQ*M5dMIF1e(lo}uE|J$3}3pvZD=a6))~CY)oUF(JNW z5F&POOP9n1-|$Ipjh?C_2{g#5-YR0ZURj$eaDg}$(`&`Ne93rpuyYw{!!LC7j8c-YUR z7x(y5Ae2wGq*yi^ER)q?;w{b7v%jLZFn=Q@vA)tKgAA|9$->G5J#Z|QUIZa_+nzbm z&U={a^Y&6SJqY(nqfU}y_9bIIgIYv5A#%M`6ye!5wm2kd5fwIL?T5t=LX#;{zV52K z>`G;;kfY%KBz&fKKOMYbSFh)F1flKVdR+Y-e~$N`Sb*eoHJqtct~g7HJ~Q6`$dNe5 ztOPNX901AKD~n|lMzlobF4?=HhYEHW)X*02GdP=3y~tjBq9}$sXvHU2|E>Y<9;Q-5*!ZD`$5j73pu-P$zmid92H{{TTvtMLDdv-~m zn|#Ft0c01YSXE>5O1rb9m6z3-kgfoR?%obbvLy$mb3%e<77TLBuMgxBE*3L_F}NQl zIq+J10LxSjsu`+2G5>sW>s{}80J4*JVF_g1BZYm_{4WGsPjOe@HH=@>kdI%NO0QVy zlcSZ0O-xL@IXx%gkHN~K=`iMs$JG>wYPUJG*N5-}#Iv7~dEl>wlMazl8aE?UOA4E=BQl%;C6pl1OpN9>w{$Q1-4OH8ZA2) zEl%#HIiUam0jL5jLBdc!s|jXU$&oNd(u7XF5#=ypHl88~xNYdW4hi0ge zHjuR4I1|!Oq8kY7L8)Ni1n6<(`9uot;Dtp`oWAHMi_VH;V86DmA;6K}gUk|~*fYIr zN8xcnP`-h+d*LadfA|K=+1XwQBh~*}m5LwF)xm z!5j@E3XqIS1^%+W$rtDS=P?9g2BVs&<7-Hm6aoA`4g$S|Q02FKc3& z*)cksNO+(QP{#(J@0v@e8v=m9Fg0Y>C*}4uko$$D0%1ZNY>|SRJF+?MOwV!q>r}Mw*1 z)G1XQB!(cw;W;4a*=62A474vM`J{IoD6-Gym{aqnzbD&`-V?cz@)g29cPDI%P^lYa zACXoSxTGogCcJ6BH}uyV=CH=oHGr*RksOdly3kkZLe$~o4r#KwH)WAodmlR&q5up8 zG%_xZm4JeiO(Z%5j%ILCczw*XgNo+r_@<%iiZHvI1ylCh3RJUstnVqC%JNqC5$<1a zSjB?k4Wvq2-bx!?c}}IC@5Ii2SK)m_`BY69z0Io`$xN8?PHoH&kbsJt;1i;LWaNwZ z2vYe=RD_r_Dvrly*_k*pRQ($|dTT{P`Zo=Yy2Ag=sh=~825&fk!yyqm#a?lIdsbk} zzo%j1q`lNqF(sDo-A|(y3wIp)Koej|OV6l<)nru1s2Qozp_0XDnSRBp;bgx4amr zve*6WBWO_cq`KV=U9nPWnMoKf3HEhm+Fwahuw*QQ8O;O#8xzKW(qJv`X=Konk#_`@ zt8re-mVSSP#w=&0;{BUoa`(F&YZLtR2LseM2^Nx1#(ZllmCSZ+FVx;! zaYFt5r;%xh_?J4}kS>D6g}G|I+$ zvlC=Ez&r`h)6zj_C=CpUK$QmsLn;CRt z1zOPBvgK>o#>l7vN7xx@j*4v@V3w-{k?jdAz)URI2@ysDpek&x?RMd>@amf`pao`|g42n;#x98l}))oao8nVwBhe!QUCrC5MeaRa3v#&a(1M@}g z1(x4)m0zwWMoJDQ4#)J^nTfXze++vmc*<D0IVH0jD2p1jidy#=$8$9 z4+E@{^{Gqx^VXkAd^1>rQ<6^$(>mTM+rHp;SCLPEQ~9Nxvfxi>%KxNcd2agZV^#P^ecqCMr%DDu#k!U2yq7JDmOc#r9)u58 z9k}4yY6&g>Z^imam^GGC047_v+dsq~xxcffy8YiMBd>!K7M@gh_&?7;>T#>^0Kg;| z%7U{h$Y%SsE=8(kUsFH_zSHJF z!+tZt9@ICb!pX6I@el7|sgXXKIk9MjY)K+LbR^&MnY85(#%nk5V+25r$6s=jP{5!+ z2b+F{{5#fiJc%5YBr$pX<58ZH!qi7M_psHA%*89$v$uO4HvbI$1{gZ88A=HL59u&Y z-#vQH$e5HT?7+z*#H4;O^{8}nZA!fO{DZYqnlafW(19}~xqmN#;QM=(dq29wk>ISh zp%ewP@pQjtF_Eshe5n-szn8F`1p;C|6L0W8o(*~!rCXq+6OiGsr=X5{B9o5E$@um0 zjRrhQAnAC22drKHJtnaT5CN2r_+~Et(fXHQb7i)%=(zeHr5F+UfuSlA@z+BC^oW}T zH1RWR1oBsJpl2Ua;0T(eJbf4iCNN(N@Th}yo>M&s8)nR@Ofs|?vy%Rzh79a}+7tc$ zhXkd;9E`;^bNRVr#&k-A@$%cB>oEIAUOrgw0NESir*D9nf@Y{XcbeP(kcT7!xnpFy zoP;rd-jjL-LoeAWy}!ONO9HbaeZ7?Q56!-UU>b#yYV-e02K=uz5x};HamD)c5(y3r zJ7))`hyNiD5`Zy4pN#EuPM^e>q>ZdodVhUkBgV+pFFyHHK<|Skq@!xAx@||Q&EsZ% zXEiT2U{3M{N+W`o0zaNI@Ygd);E3yYGSKM?{XN2){yEc>@SZ_ zSuTRH%}+yP{^RM-As+%~(UxNP(COn$=fR6jw6Vi|{~fUp5bXudo7q1xy#X;6n8}98 zF#HMn@rSRzCYZ^ll>4^$R7#Hlg^Mv)Fsc2gzkx5ipy46`HP0!-U?hO|@+Cwx7yfC7 zyp2&Zqx)Tdj^VwDfD-pY9`j!)qks4#5B3~<7O{TkPwmimz^ehATZX6e`B&4=$-oog zYF2kT{UL5ZX;`{-A2IzSl*mD#G=1)FLPEa>2lD^~S~R{-g8V}u6AmD7MjI#mw8J;_ zV4i!AKPLaDU8D~t!;sFmSoqJ+66zQ!p=UqeJCzdV3vjUlC0-kKF#AnUBp#rI_kN6! z+#fdo6h7=6hG9jxG{4H{0`~gYfnOSW)+PUG2RX|Fp0EF8Z1Cr2UlWX8T3>s&{QbiyN~=a!ue6<_f+iRU+gNJ=2QOzYAohUQq#s_3{-f>^vS554b7tpE{urtijG>x%;UIZB zGR&9AB=Gc0M*~5QQ?hx1NX?P}B<{bQkp(~BI5+d3H|9^$`2W}w27-ai3a;pFYam0HK#xP`qBVYVPEzG!KwXv zfw4#=oaX}nSb$&c;xXWrq+0Qge=OuC#zHn&b;O?z4WlIgA9GIxV+wJf|3u3DMcpq8 zi7}iX!tS0v{=X;u&vv~SCS*lw>7uMC7Ba@923W7rc1 z)dYW;72gxPHL=t@bQgbkqwiHBi;R13NU+q&UcOR&tIZYy9aJN`gFslbZ3htt;Q9?W zGoWq6qNX%j5s`J{llM_pvIg3Rk0dYNtg{m%{Qvv_>vjO;nusZA4Z#i)& zB7%A1%(*m52<(z4>BgDA+B}u=f$-6+NOS$}C-uo$Kg8rk(Bsc;F@IWv&)l(8c~y<~ zs~23L`4B$EB7F+Xd;hdb2jsXh{{DYRCm`m&t>|L-A5s9pL0GuzQvKQp^52iO;}Rh^ z)c>OvG*JOf9N%>+|LH~%bfe=pTk;pZ5F#!jYUHX`A+hwIUnL%5dhSCY$o?b9_YnaR z@>%Usj_5C<2Ml~5mNUEo{|9fAJI- z!326g_^)@Ma*j)I*T2{S3}qx$dP_R`w*b{-eIPM$=l&DkSu6*rL}UV~nXTV%B6Tp5 zBH@ga`J-+?Lwp}%G!^%E$GD|{mREWaHH`lWj|d9%pNNk_^Y>%EH-SFYk^RvdOy7~D zph?noN76q-dI7qLy;sfo_mHH4E^WyE)>MgCK+~JX-TP_(BiNS+4`^FXaSq4t$D)ZL zu-VMh$$_CZ2`Jax)A+fkPmV`Dxb_Z%!urNZF#D-W?+!me?0?pL^tVgI(|xDf*b2fR04tN z>K~mNAp>v8;vSOyOBv3x0%Ah{i2gpt(0LH3d;hI<5Wr18+4PX#oKZ`Y=)Gf^QBx}s z@>|J%{R0y-P(3nAoZmD{(BT8Q-Oo^C{;Mx^0$`w~75p{MPyYBWg174)jV7`FMG|Bl zD4P)L{IlQhi@XnnaM9mE=&yc=*sgu{@BgfRzjnY1i~Ntu5mAAbpKg(p|E2AaI?&q} zo7M@Ad zAC63u8c)trPLB1z?LYu{lIj3n*d8W$&bJ+_;pEr@B=fJO6Iu-yrIC}F%=sUKB)U6$zn0UpjaxF8*FrZlql-tS8x5oXoE z0k8sXWM8!qAt52-5PW>VXd<9Pvz}mDKE_fC%6FZk8`=Az@WwqIf_puU_E}%v+LV~gSAF) z*@Adg%IcY3MQeZ^0oN2>DeGGX5tg0VmRj0ztgj!xn>5_7C>PDk2dw5I+w%JHQNZAP z;l|+CN=djmNAQ_*nnqxyTCBXG`pVN6q&7G8^Mr8$oT##wD#C4BeE{2QKKfe8&ZI}J zBdgM@dmt6jWPFJYW;0pm1~>sA69%gt=M~l(y^i)_Q+FBF@8)U47lh(PK!6ebt*xeO z8~~ZN#B+Oub#|;_y@i?|0GL{hmRV%(DD1JgIeZ0|$$3>(!~0uH=J|S+T`zUvm#|70 z!Hl52TM!}E-uD}0A8=BZyeIh+?? z8MP`b7j|A8HgKIV1!)Rhtv_hJ-hZ)0_=?r9IU%y2>+_~?tCwWHudtbzL*IJ*9g-;E z-4MV9qdlB|yS>rDGsZ5e(zf?77%}z&!lx0 z%*NbZj%z$LZQtrGy+kAU3BdH40g0>b3EvmAZ#>#|WPAc3)2u*Ju;dlA5-l+dv+kP; zt4OEr<2^)JM$m~ai=XU8P)DIv>pbx;2mt7-qAcYEE%8*c*Hvg7)SVZ(Cr;({08Io7 z#a_qS_F6JBA@9luMjv3zz>G`l6h+tgTvqQEoW6*G`HhK=9tJM#WuUZW*{|K(MUUO) zlg%+`EE?%B7TBf9Hz{#SkqPS9rH^{Y>>5|hXieQsIPX|eP=zW&BXKZBRIkFOxSYDN z;;S+>RMQ6G8Yhy&uL<;2cOC9L}x9^&Xn(0N zPDrNjJ2jsr*_JbxTWZ$}5%=WL4zqfZj#y3|WAVK<)#W#XI5l1IQ%D7dp~TQhr+IMz zcDH&GNbCNp{NV_6F@X}4g%~KP*O;*ytFSALGjFh7YuG6uC@oi6I(y>klPH#Xu$vyf z8F+GdePgGzOQeI}X41sbF!@0!B@eJl<4x|{%NAS-ag(Z6ueuTix^-8^+BYpWt`#;I zcTDP-)vng$(he-J-L1UW)9RllaM9VQSGPLM)yn#ye6*WTZ026BL9UDbS8FU(+u+1q z+qM^#)?eNUOn9i5DMqdQ$o0$vMdfVY7q_>^T(jATZd>if_nw_7kx{(8S@f;^U5(Si z*M@?qVSvX|A-Xf(7p6aeJ4b2wZxWfjt9d5Lvr|@mCLRrRXai}sOrb-WE>NB_CHG)9A2Uw;$nU-LLQ z+L>76+xMLO^r+;_nJXO_T!5ws{fP>j#0mGM{DRkub|}>>uY_eknWb(z0BH(0dbtCl zq{eUJ7J*6F6h4}G$1h+{TS8-adu;uvzy3d3J1xq}Kp5Du$3sMJOZgdJu^(17d&gQ8Er=;;J z>OlKL$MyZB5ch+DX)6Xhlf>(xxX+iPBBChw-v#PTLt_NT@?ADKwQWh%XMLNR#K=9C&TR z8R*`3LbEhY2U!%lXo@ippcvoVYJXES2?|RACX+0MUMsHt)pV*N|2y*i+hgN*M!s=` zOfwm6u$BuePkX3Z4zsBrivpItC;Sa;mi*S*hXkCY)9mb?Z1KkTOxvp6nX@k+VOt%3 z=%W48DLKedsd66ENw=FiV7CF@z-L_SgVOm2+LR7oG#qyU_A;*m)twuQkJ83{=V3Cj!vN^kYbE8Xc82EVGh8CcR3dv^Y#P%5aLWR7=a zT)8@3wK7FxeiiTh6sH}E4YHmI2zze#>8ZRA8WP9j@S}^~3OV<05uu`rfjJV6Ceip= zL7D5et_kOTXjXkUKtg@-iOp(iyTUlq67e}cX!Wa1?j$(sg8OEzNKO$c4Vdj1Tk9uH z+daF8;8h^px?l32DTK2xc9m_=S5I~3WIJo#6D6Hci<_3+EeLGtbm3l-Hmqf9zyRHt zE^HvQv!nqMKyFd*;V=D~mAQlS|Ni9+VsP*wSL}871eQ~Cdp2ECR%$mFpkvrHlGM_g zeQ2lZI{$%7ExLbu+p!d@VpryK1D<oI`BO^a>-r?+vsonB#2)5;^g7Mv7alo<$ECO-Jo4I z2ND$V^d)OP=Ty+xP*runvVW29q?s?kf0g8;Nyb9_7`;<(SvI*v)xB$yey>GQI*4WdCjNwW6L+68WVfl;rKV}RB7RBiTa=Y<>mJOzk5v{+5sGAgx(hbFp|5GN zs5bd_MQ=2{YbQo5r(9QMzPhA3Ya(xHg()5MVRo@ABe|=i<-%kYEjmSYXJrk0yfiNE z!7t&D{r=Mz)qW0y=G4|-OzlRcU4bK)LxTctkoogorg_ziW!#1M@?IsV0`yRY?XvLF zq2LdW5fVnxT_f=}Q|sA_SRwPY?E(4S(;=^9RsWgP1$(}Jy^J3AUken6y ztxLh=3K*`1H2({6uhltRR_#;2_FS%>QkV zmpTiEYn|*V_VbrH-g*#}_gM*;a5{9+Z{^xxIPw9!p$^$7M;fYx!o8n}KYs3e{_nlt z-vEE8?4A)>Sv;abQRxf%o6gmvC>BY4gF7|ee7U+Y^QTkmXGIay)?ebTSsIz5pB6UX z$#+i69ndxPX1gN9Aq-(VaoEb}Yh@<`d)UME?BJtoEAfjitY0SgvXCyJCuJ@WjUMEF z4ee~;O-;l*<5d!kf-4{EzGq}kGx~!=bYwkt2n)x!?2Xic<$+M|N7Kt_m|&0&u6wd#O*aP?OKxoN##!p7n>1#1d|Ygm^m0$z*CKrq!I`fyp;U8 zdjh-if|TgVYOW5?PFqxUDlspQ-aRNn@>t6i_+YQ}j-qg_{L* zY~O|E?O7mlHMfeqE1Mq*3DJsR>@8n@QAIPpg)fiw74EG6`FnWKqt0$a4YQvctd6q0 z3@IuBj|&T}I)1vR%B_6mVWrpCPcGqdVpN6Josp*|*_DY_c0L1e0d5ArCI%H%Mqo*@ zM}jC>fDCbx@wLpeW=pZ-B;axlu^mJtWT?M&(jp?Ht@tjbkC8?^d%8fjAw5)!w|eJ? zEO9^N^1zoFbG-}B!tJkEMEyq9IzLd2cIwi+?8%#M__~YVAKWaO>p#JLG<5x>-E5{V>;2-100gnGD*iY<=FB!m|vug_;h!{E_n85l`!JPh99A;)QS+HhgqrFjoD zlXmp_J35NP*a#M~pz05QM@8w=_H{-}`XjLeX9a4eos>~%>Qqg1rTBS4&LGPx zd@CK+6J4!qI(6B{CrI1tX}0%1{AAR79Lzq%$`tr8V^6^_Cs%a$Cia-_N- z%NhV)87<{5s7DLMMr1Dt>{h{FJSU<~{y28xh!}Nog42@I!+T<5aEJoKHF~+QjdbLE z6?<+(Apzo1ZScO>P|{S!;xWt;mX|6eMs?)p4BuS_%G#@zoXgzZbv~OX&*d#37RKju zihC_-MNr77YEZlFa1FPA4Ldx5YPb#FSL+jz(h!rCX=ycfcj2;^YPuUtN z^v9VIQwt&^$-6;*%Kz0+XG&n`*;;Y7LZO=bv%dX}LUhU3L0VxuW>;XK_s}97y?HLZ z!iin@*2F)Vr~5_Wv)b5_P}g<;sS(|DLcFmeCto&X!^TJFWbeT#>b}39{?*IJ{&Lb- zvG}7#h|c?bV*aUF;n4&Hz07xj>8?Evj<@%2+fw;;qRL{FHoMY94ITk9A8m1$!2nsS=~Dcf)8yi?rU*v@nVOINW9#DuH4!c|8x%GEF4C6;vW9-ZDz4 zg$~|VHw66Vhx>Kguw2>wy)N7qP~oe)X9b2+E+}+#I-H(LU$c~`pC;sqrYWBZ)3{EF z*^aSO4R6qnVyMr>b++VOk@Hn}+kgJT{%tM_RqTB1 z_DJ5&$hz#~D4Zv0U~{^3gMPd#gdW%(q?4wrSM)*~ndP*2UYWo%&}kVD?ffDqYTE+# zR|?!e4m6mm!(UR1N4U1Ou34n*i#)%$UzMqGJql?*wp$g)^?39m9C3{{RhBHO23Pn| z^YFLAS8#%MsrozF> zVE9w6u<%X>?Wxd{5cP$4X2J+PBk7gV59~fFp+3ZBjb}E6v^?uFGf=Y~uN)itPMq2d zdOy1DWW2jQYfEgWUM*!=6*@;ReDCTYDpQV!9DsueEUoh>-uBtUE`?&b*FhR zIO|wTrQyWndUnu^IF!J>5^;Ayt-m%BDH4eiv5VrVYP8R7>%K(iD2#e8V$r=kYc`UV3rh=F12eyhPr_vmiD6nZd1&3T)werf;!m?ld*; zS*2h0#6g|~)7R`rWn%fBY=G$T3NlDPB1JU_axdfF{u(i5nlXRwV_4EkQ8(v2v5Z{* zZLeANjoInaDqk*>V^JG<#oV~<6pdtD?B2C^JF+%HW)uuk1N1Ct0p(DO&=MQ8UME$As#sTl+3MxQA|w9q*vUA7I8@ zlk(iP;Xh`AZ8sHj@S$cvuze^NlF9cpoA6-tQ=_x__kKQ*a`#kiLsEGYKk=-!y7n6> z#jagvi|t>q6YK*K5!I|(@$(o33gF#j){pWS&Miag2nf9@Ij_gjHYyz zuQ4E+3JI}KeDrlsofR;P3OA_21I_gvAh_a*%~XxP(3nFHGCmya4>yV;@m(^?rAI>3 z@jbro86=xBziIa?z8Bha511n%pZr4Rox*NFM|gg^hB)Ivs;;@MQRjPdIMV`N>WfhGQQQ~r6jg!{}J$L|G ze(0s|o5?`TQYJ#A&%E)ZbNv=^GVG1t$wfS8sc^eiBHJyMcd)|aG-_?Q!|<@|Z^%Lq z55K9%hd`=DWO!Y^dxIqTG2an~xOU{ZLe9s#ylGjaOPE$^DWtQ3P3RwHF(-J{pgc zJU)Gn4D^xfpl3{R`uyWDfyoA413``>S`G!|`>dWL4Wip-A27-TZMM7brnS{TPiC(!<4qMKH|ex*`xS+rVOPQ8STCIvEX4WdlEZ5rQ7{$8#8&oHtWvso8UX{H@$l^p$5&=`I#K$fl!KRRz*+HjK$%P%&Y+`(a4l|fw5aOOIbt_hZu4BMuyp5-% zE$~@Ok*Zs;!3pgC*XrcE*jSavokH1FQ{t>rivmYP(E4iKAt>u^qhj$F030*^o ztZgC>$h=1OSoew_fV3jbthg6~3u_k;S}$>22P|H6;CZ90P zepI$_MTR`=XfW;<{v~y#kicqC4Eh#t{^+9aL>(`5?MrIY?S!896@CHI3G|#_rx3D(IF25I$sH*^}8}ttHQ1$$IM|AL;)=PBvpQmAluZC z3NwlYDsL8sICt_tdBI^i*m{x>J6RhG&W7`Mf8%*+Lz@51L!xkC%KuEV{B=zLSeTmP z<5GV6&p_CX1g1i7$%PGb1a1mTJLLlmCuoyx6J{LfAH`e0zY z7uMVU9C!0p->6Mmyj>xqMgO@5dkhTB>+HU8;;(^mCLjYwC^}&n_HSZV^ZLdbgYz*u z@b_b*w7|d+6@$NPH~xC;Vet1q|1sqJ_ce7IVBl4v7~%eZ28tDfp>n*@4FZS$%$gca zZjIT6*+G<`MqtegPEQg&gXbW^1ZuxJpzR0iubwm$l~3BcdFwm56r->ZO~w|h;vef& zLj3nTAmeg%@kL4P#Au(#^{oEwk9jI}Uzq+w%tdmoPD4FKyjZX zNYHy?1#zFTR}G^I3gnH7+08{hImoUG$iMmUvkG9Cvh@{PD_q6VG*yuwAAg1&sbtIQ zgZob(BB_12KmYyQU*8$*x>56TIhOeUidPU21rf|zlbD5+d_Mj-iTmh85i@K3SB(Dow-sh7+vAq=b5#AzAf;UTxrqoTig z&#v|g00XGdtP<2Ijk>Dxv_S{&?In7NX?@&B^dDmkz6H#)Lwq>kpWpmFH-D83WX^%S zH?AuD&i`k=|9tmulo>D!yjJsuqWsq#|9%E+UqJ~Z>PHe^3TglEpZ{OKeBjsSG}z|g UCGSPcP2lIMj)8XWr5hpt16hOJi2wiq literal 0 HcmV?d00001 diff --git a/docs/content/examples.md b/docs/content/examples.md deleted file mode 100644 index 816dd8f..0000000 --- a/docs/content/examples.md +++ /dev/null @@ -1,5 +0,0 @@ -+++ -title = 'Examples' -weight = 50 -BookToC = true -+++ diff --git a/docs/content/troubleshoot.md b/docs/content/troubleshoot.md new file mode 100644 index 0000000..d111324 --- /dev/null +++ b/docs/content/troubleshoot.md @@ -0,0 +1,5 @@ ++++ +title = 'Troubleshoot' +weight = 20 +BookToC = true ++++ diff --git a/docs/public/categories/index.html b/docs/public/categories/index.html index b4b6753..ccbe32c 100644 --- a/docs/public/categories/index.html +++ b/docs/public/categories/index.html @@ -136,6 +136,8 @@

+ +
  • @@ -165,8 +167,6 @@

    - - diff --git a/docs/public/client/index.html b/docs/public/client/index.html index 73dddc3..3fb58fa 100644 --- a/docs/public/client/index.html +++ b/docs/public/client/index.html @@ -22,12 +22,14 @@ Table of Contents# Installing ACME Clients Account Registration Configuring Auto-Renewal via Systemd Log Management Installing ACME Clients# Certbot# Note: Certbot’s actively maintained distribution is via Snap. The .deb packages available in apt repositories are no longer maintained by the Certbot project and ship outdated versions."> + + ACME Clients | ACME Proxy @@ -145,6 +147,8 @@

    + +
  • @@ -174,8 +178,6 @@

    - - @@ -478,6 +480,10 @@

    Log Management#
    diff --git a/docs/public/firewall/index.html b/docs/public/firewall/index.html index 78459fd..6e8e1f2 100644 --- a/docs/public/firewall/index.html +++ b/docs/public/firewall/index.html @@ -16,9 +16,11 @@ + + Port Requirements | ACME Proxy @@ -135,6 +137,8 @@

    + +
  • @@ -164,8 +168,6 @@

    - - @@ -224,6 +226,10 @@

    Port Requirements

    diff --git a/docs/public/icons/calendar.svg b/docs/public/icons/calendar.svg new file mode 100644 index 0000000..6e2a8d5 --- /dev/null +++ b/docs/public/icons/calendar.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/public/index.html b/docs/public/index.html index 53bfd8b..16b35c2 100644 --- a/docs/public/index.html +++ b/docs/public/index.html @@ -29,6 +29,7 @@ + ACME Proxy | ACME Proxy @@ -147,6 +148,8 @@

    + +
  • @@ -176,8 +179,6 @@

    - - @@ -266,6 +267,10 @@

    ACME Proxy

    diff --git a/docs/public/index.xml b/docs/public/index.xml index b1c7018..78e2e89 100644 --- a/docs/public/index.xml +++ b/docs/public/index.xml @@ -21,6 +21,13 @@ http://localhost:1313/install/ <h1 id="install">Install<a class="anchor" href="#install">#</a></h1> <p>Three methods are available. The install script is recommended for most deployments.</p> <table> <thead> <tr> <th>Method</th> <th>Best for</th> </tr> </thead> <tbody> <tr> <td><a href="#install-script-recommended">Install script</a></td> <td>Standard Linux servers, systemd environments</td> </tr> <tr> <td><a href="#pre-built-binary">Pre-built binary</a></td> <td>Environments where curl-pipe-to-shell is prohibited</td> </tr> <tr> <td><a href="#build-from-source">Build from source</a></td> <td>Development, or architectures not covered by releases</td> </tr> <tr> <td><a href="#docker">Docker</a></td> <td>Container-based deployments</td> </tr> </tbody> </table> <hr> <h2 id="install-script-recommended">Install Script (Recommended)<a class="anchor" href="#install-script-recommended">#</a></h2> <p>The install script downloads the appropriate release binary, creates a dedicated service user, installs a <code>ca.json</code> template, and registers a hardened <code>systemd</code> service unit.</p> + + Troubleshoot + http://localhost:1313/troubleshoot/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:1313/troubleshoot/ + + User Guide http://localhost:1313/user/ @@ -35,13 +42,6 @@ http://localhost:1313/client/ <h1 id="acme-clients">ACME Clients<a class="anchor" href="#acme-clients">#</a></h1> <p>This guide covers installation and system-level configuration of ACME clients for use with acme-proxy. It is intended for system administrators deploying certificate automation on behalf of end users.</p> <p>For certificate issuance commands and per-scenario usage, see <a href="http://localhost:1313/user/">user.md</a>.</p> <hr> <h2 id="table-of-contents">Table of Contents<a class="anchor" href="#table-of-contents">#</a></h2> <ul> <li><a href="#installing-acme-clients">Installing ACME Clients</a></li> <li><a href="#account-registration">Account Registration</a></li> <li><a href="#configuring-auto-renewal-via-systemd">Configuring Auto-Renewal via Systemd</a></li> <li><a href="#log-management">Log Management</a></li> </ul> <hr> <h2 id="installing-acme-clients">Installing ACME Clients<a class="anchor" href="#installing-acme-clients">#</a></h2> <h3 id="certbot">Certbot<a class="anchor" href="#certbot">#</a></h3> <blockquote class='book-hint '> <p><strong>Note:</strong> Certbot&rsquo;s actively maintained distribution is via Snap. The <code>.deb</code> packages available in apt repositories are no longer maintained by the Certbot project and ship outdated versions.</p> - - Examples - http://localhost:1313/examples/ - Mon, 01 Jan 0001 00:00:00 +0000 - http://localhost:1313/examples/ - - Port Requirements http://localhost:1313/firewall/ diff --git a/docs/public/install/index.html b/docs/public/install/index.html index cfa5435..49d7161 100644 --- a/docs/public/install/index.html +++ b/docs/public/install/index.html @@ -20,11 +20,13 @@ Method Best for Install script Standard Linux servers, systemd environments Pre-built binary Environments where curl-pipe-to-shell is prohibited Build from source Development, or architectures not covered by releases Docker Container-based deployments Install Script (Recommended)# The install script downloads the appropriate release binary, creates a dedicated service user, installs a ca.json template, and registers a hardened systemd service unit."> + + Install | ACME Proxy @@ -142,6 +144,8 @@

    + +
  • @@ -171,8 +175,6 @@

    - - @@ -592,6 +594,10 @@

    Verify#

    diff --git a/docs/public/quickstart/index.html b/docs/public/quickstart/index.html index 0e446b3..eeaad7e 100644 --- a/docs/public/quickstart/index.html +++ b/docs/public/quickstart/index.html @@ -24,6 +24,7 @@ Installs the step-ca binary to /opt/acme-proxy/ Writes a ca.json config template to /opt/acme-proxy/ca.json Creates a dedicated acme-proxy service user Registers and enables an acme-proxy.service systemd unit The service is enabled but not started — configure ca.json first."> + @@ -31,6 +32,7 @@ For production deployments with custom install paths, build-from-source, or Docker, see install.md. Step 1 — Install# curl -fsSL https://raw.githubusercontent.com/esnet/acme-proxy/main/install.sh | sudo shThe script: Installs the step-ca binary to /opt/acme-proxy/ Writes a ca.json config template to /opt/acme-proxy/ca.json Creates a dedicated acme-proxy service user Registers and enables an acme-proxy.service systemd unit The service is enabled but not started — configure ca.json first."> + Quickstart | ACME Proxy @@ -148,6 +150,8 @@

    + +
  • @@ -177,8 +181,6 @@

    - - @@ -396,6 +398,10 @@

    Next Steps#

    diff --git a/docs/public/sitemap.xml b/docs/public/sitemap.xml index d4fdfdc..dc98a7a 100644 --- a/docs/public/sitemap.xml +++ b/docs/public/sitemap.xml @@ -3,18 +3,24 @@ xmlns:xhtml="http://www.w3.org/1999/xhtml"> http://localhost:1313/quickstart/ + 2026-04-12T20:08:41-05:00 http://localhost:1313/install/ + 2026-04-12T20:08:41-05:00 + + http://localhost:1313/troubleshoot/ http://localhost:1313/user/ + 2026-04-12T20:08:41-05:00 http://localhost:1313/client/ - - http://localhost:1313/examples/ + 2026-04-12T20:08:41-05:00 http://localhost:1313/firewall/ + 2026-04-12T20:08:41-05:00 http://localhost:1313/ + 2026-04-12T20:08:41-05:00 http://localhost:1313/categories/ diff --git a/docs/public/sw.js b/docs/public/sw.js index 54c4d29..7983406 100644 --- a/docs/public/sw.js +++ b/docs/public/sw.js @@ -3,9 +3,9 @@ const pages = [ "/quickstart/", "/install/", + "/troubleshoot/", "/user/", "/client/", - "/examples/", "/firewall/", "/", "/categories/", diff --git a/docs/public/tags/index.html b/docs/public/tags/index.html index 9e9687d..75a6b3d 100644 --- a/docs/public/tags/index.html +++ b/docs/public/tags/index.html @@ -136,6 +136,8 @@

    + +
  • @@ -165,8 +167,6 @@

    - - diff --git a/docs/public/troubleshoot/index.html b/docs/public/troubleshoot/index.html new file mode 100644 index 0000000..638d95e --- /dev/null +++ b/docs/public/troubleshoot/index.html @@ -0,0 +1,315 @@ + + + + + + + + + + + + + + + + + + + +Troubleshoot | ACME Proxy + + + + + + + + + + + + + + + + + + + +
    + + + + +
    + + + + +
    + + + +
    + +
    + +
    + +
    + + + +
    + + + + + + + + + + + + + + + + + + + + + + + + +
    + + +
    + + + + +
    + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/public/user/index.html b/docs/public/user/index.html index 4e1f164..ed40a13 100644 --- a/docs/public/user/index.html +++ b/docs/public/user/index.html @@ -24,6 +24,7 @@ Table of Contents# 1. NGINX on Linux VM / Baremetal 2. Apache on Linux VM / Baremetal 3. Standalone Mode 4. Docker and Docker Compose 5. Kubernetes (cert-manager) Prerequisites# The ACME client must be installed and an account registered with acme-proxy before running any commands in this guide. See admin.md for installation instructions and systemd renewal timer setup. Port 80 must be reachable from the acme-proxy server (used for HTTP-01 challenge validation). Your domain’s DNS must resolve to the host where the ACME client runs. Replace the following placeholders throughout this guide: acme-proxy.example.com — your acme-proxy hostname myserver.example.com — the domain you want a certificate for admin@example.com — your contact email 1. NGINX on Linux VM / Baremetal# 1a. acme.sh# Register and issue a certificate (single domain):"> + @@ -31,6 +32,7 @@ ACME directory URL: https://acme-proxy.example.com/acme/acme/directoryReplace acme-proxy.example.com with your organization’s actual acme-proxy hostname. Table of Contents# 1. NGINX on Linux VM / Baremetal 2. Apache on Linux VM / Baremetal 3. Standalone Mode 4. Docker and Docker Compose 5. Kubernetes (cert-manager) Prerequisites# The ACME client must be installed and an account registered with acme-proxy before running any commands in this guide. See admin.md for installation instructions and systemd renewal timer setup. Port 80 must be reachable from the acme-proxy server (used for HTTP-01 challenge validation). Your domain’s DNS must resolve to the host where the ACME client runs. Replace the following placeholders throughout this guide: acme-proxy.example.com — your acme-proxy hostname myserver.example.com — the domain you want a certificate for admin@example.com — your contact email 1. NGINX on Linux VM / Baremetal# 1a. acme.sh# Register and issue a certificate (single domain):"> + User Guide | ACME Proxy @@ -148,6 +150,8 @@

    + +
  • @@ -177,8 +181,6 @@

    - - @@ -1038,6 +1040,10 @@

    Troubleshooting