Update documentation about challenge hooks

README.md

@@ -154,7 +154,7 @@ You can increase logging severity for debugging purposes by passing
 
 ## Validation Options
 
-<img src="https://i.imgur.com/w8TbgLL.png" align="right" alt="[screenshot]" />
+<img src="https://i.imgur.com/h1rtdek.png" align="right" alt="[screenshot]" />
 
 **Webroot:** acmetool can place challenge files in a given directory, allowing your normal
 web server to serve them. The files must be served from the path you specify at
@@ -182,6 +182,10 @@ Make sure your web server is not listening on port 80.
 will use those ports. Either port being available is sufficient. This is only
 really useful for development purposes.
 
+**Hook:** You can write custom shell scripts (or binary executables) which
+acmetool invokes to provison challenge files at the desired location. For
+example, you could rsync challenge files to a directory on a remote server. [More information.](https://hlandau.github.io/acme/userguide#challenge-hooks)
+
 ## Renewal
 
 acmetool will try to renew certificates automatically once they are 30 days
@@ -251,6 +255,7 @@ short lifetime of certificates issued by Let's Encrypt.
 <tr><td>Authorization via port 80 redirector</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr>
 <tr><td>Authorization via proxy</td><td>Yes</td><td>No</td><td>No</td><td>No</td></tr>
 <tr><td>Authorization via listener§</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td></tr>
+<tr><td>Authorization via custom hook</td><td><a href="https://hlandau.github.io/acme/userguide#challenge-hooks">Yes</a></td><td>No</td><td>No</td><td>No</td></tr>
 <tr><td>Import state from official client</td><td>Yes</td><td>—</td><td>—</td><td>—</td></tr>
 <tr><td>Windows (basic) support</td><td>No</td><td>No</td><td>Yes</td><td>—</td></tr>
 <tr><td>Windows integration support</td><td>No</td><td>No</td><td>No</td><td>—</td></tr>

cmd/acmetool/quickstart.go

@@ -582,7 +582,9 @@ PROXY: The proxy option requires you to configure your web server to proxy reque
 
 REDIRECTOR: The redirector option runs a special web server daemon on port 80. This means that you cannot run your own web server on port 80. The redirector redirects all HTTP requests to the equivalent HTTPS URL, so this is useful if you want to enforce use of HTTPS. You will need to configure your web server to not listen on port 80, and you will need to configure your system to run "acmetool redirector" as a daemon. If your system uses systemd, an appropriate unit file can automatically be installed.
 
-LISTEN: Directly listen on port 80 or 443, whichever is available, in order to complete challenges. This is useful only for development purposes.`,
+LISTEN: Directly listen on port 80 or 443, whichever is available, in order to complete challenges. This is useful only for development purposes.
+
+HOOK: Programmatic challenge provisioning. Advanced users only. Please see documentation.`,
 		ResponseType: interaction.RTSelect,
 		Options: []interaction.Option{
 			{
@@ -598,6 +600,9 @@ LISTEN: Directly listen on port 80 or 443, whichever is available, in order to c
 			{Title: "LISTEN - Listen on port 80 or 443 (only useful for development purposes)",
 				Value: "listen",
 			},
+			{Title: "HOOKS - I will write scripts to provision challenges",
+				Value: "hook",
+			},
 		},
 		UniqueID: "acmetool-quickstart-choose-method",
 	})