chore: fix grammar and typo (#1978)

Co-authored-by: Dominik Menke <git@dmke.org>

CHANGELOG.md

@@ -477,7 +477,7 @@ Cancelled due to a CI issue, replaced by v4.5.2.
 - **[dnsprovider]** azure: Allow for the use of MSI
 - **[dnsprovider]** constellix: improve challenge.
 - **[dnsprovider]** godaddy: allow parallel solve.
-- **[dnsprovider]** namedotcom: get the actual registered domain so we can remove just that from the hostname to be created
+- **[dnsprovider]** namedotcom: get the actual registered domain, so we can remove just that from the hostname to be created
 - **[dnsprovider]** transip: updated the client to v6
 
 ### Fixed:
@@ -581,7 +581,7 @@ Cancelled due to a CI issue, replaced by v4.5.2.
 
 ## [v3.0.1] - 2019-08-14
 
-There was a problem when creating the tag v3.0.1, this tag has been invalidate.
+There was a problem when creating the tag v3.0.1, this tag has been invalidated.
 
 ## [v3.0.0] - 2019-08-05
 
@@ -873,7 +873,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
 - lib: The `DeleteRegistration` function on `acme.Client`. This deletes the registration as currently configured in the client.
 - lib: The `ObtainCertificateForCSR` function on `acme.Client`. The function allows to request a certificate for an already existing CSR.
 - CLI: The `--csr` switch. Allows to use already existing CSRs for certificate requests on the command line.
-- CLI: The `--pem` flag. This will change the certificate output so it outputs a .pem file concatanating the .key and .crt files together.
+- CLI: The `--pem` flag. This will change the certificate output, so it outputs a .pem file concatanating the .key and .crt files together.
 - CLI: The `--dns-resolvers` flag. Allows for users to override the default DNS servers used for recursive lookup.
 - lib: Added a memcached provider for the HTTP challenge.
 - CLI: The `--memcached-host` flag. This allows to use memcached for challenge storage.
@@ -895,11 +895,11 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
 - lib: The library will now skip challenge solving if a valid Authz already exists.
 
 ### Removed:
-- lib: The library will no longer check for auto renewed certificates. This has been removed from the spec and is not supported in Boulder.
+- lib: The library will no longer check for auto-renewed certificates. This has been removed from the spec and is not supported in Boulder.
 
 ### Fixed:
 - lib: Fix a problem with the Route53 provider where it was possible the verification was published to a private zone.
-- lib: Loading an account from file should fail if a integral part is nil
+- lib: Loading an account from file should fail if an integral part is nil
 - lib: Fix a potential issue where the Dyn provider could resolve to an incorrect zone.
 - lib: If a registration encounteres a conflict, the old registration is now recovered.
 - CLI: The account.json file no longer has the executable flag set.
@@ -967,7 +967,7 @@ There was a problem when creating the tag v3.0.1, this tag has been invalidate.
 
 ### Changed:
 - lib: NewClient does no longer accept the optPort parameter
-- lib: ObtainCertificate now returns a SAN certificate if you pass more then one domain.
+- lib: ObtainCertificate now returns a SAN certificate if you pass more than one domain.
 - lib: GetOCSPForCert now returns the parsed OCSP response instead of just the status.
 - lib: ObtainCertificate has a new parameter `privKey crypto.PrivateKey` which lets you reuse an existing private key for new certificates.
 - lib: RenewCertificate now expects the PrivateKey property of the CertificateResource to be set only if you want to reuse the key.

CONTRIBUTING.md

@@ -7,7 +7,7 @@ To ensure a great and easy experience for everyone, please review the few guidel
 
 - Use the issue search to see if the issue has already been reported.
 - Also look for closed issues to see if your issue has already been fixed.
-- If both of the above do not apply create a new issue and include as much information as possible.
+- If both of the above do not apply, create a new issue and include as much information as possible.
 
 Bug reports should include all information a person could need to reproduce your problem without the need to
 follow up for more information. If possible, provide detailed steps for us to reproduce it, the expected behaviour and the actual behaviour.

acme/api/internal/nonces/nonce_manager.go

@@ -63,7 +63,7 @@ func (n *Manager) getNonce() (string, error) {
 	return GetFromResponse(resp)
 }
 
-// GetFromResponse Extracts a nonce from a HTTP response.
+// GetFromResponse Extracts a nonce from an HTTP response.
 func GetFromResponse(resp *http.Response) (string, error) {
 	if resp == nil {
 		return "", errors.New("nil response")

acme/commons.go

@@ -71,12 +71,12 @@ type Meta struct {
 
 	// externalAccountRequired (optional, boolean):
 	// If this field is present and set to "true",
-	// then the CA requires that all new- account requests include an "externalAccountBinding" field
+	// then the CA requires that all new-account requests include an "externalAccountBinding" field
 	// associating the new account with an external account.
 	ExternalAccountRequired bool `json:"externalAccountRequired"`
 }
 
-// ExtendedAccount a extended Account.
+// ExtendedAccount an extended Account.
 type ExtendedAccount struct {
 	Account
 	// Contains the value of the response header `Location`
@@ -91,7 +91,7 @@ type Account struct {
 	// The status of this account.
 	// Possible values are: "valid", "deactivated", and "revoked".
 	// The value "deactivated" should be used to indicate client-initiated deactivation
-	// whereas "revoked" should be used to indicate server- initiated deactivation. (See Section 7.1.6)
+	// whereas "revoked" should be used to indicate server-initiated deactivation. (See Section 7.1.6)
 	Status string `json:"status,omitempty"`
 
 	// contact (optional, array of string):
@@ -321,7 +321,7 @@ type RenewalInfoResponse struct {
 	// SuggestedWindow contains two fields, start and end,
 	// whose values are timestamps which bound the window of time in which the CA recommends renewing the certificate.
 	SuggestedWindow Window `json:"suggestedWindow"`
-	//	ExplanationURL is a optional URL pointing to a page which may explain why the suggested renewal window is what it is.
+	//	ExplanationURL is an optional URL pointing to a page which may explain why the suggested renewal window is what it is.
 	//	For example, it may be a page explaining the CA's dynamic load-balancing strategy,
 	//	or a page documenting which certificates are affected by a mass revocation event.
 	//	Callers SHOULD provide this URL to their operator, if present.

certcrypto/crypto.go

@@ -84,7 +84,7 @@ func ParsePEMBundle(bundle []byte) ([]*x509.Certificate, error) {
 // ParsePEMPrivateKey parses a private key from key, which is a PEM block.
 // Borrowed from Go standard library, to handle various private key and PEM block types.
 // https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L291-L308
-// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238)
+// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238
 func ParsePEMPrivateKey(key []byte) (crypto.PrivateKey, error) {
 	keyBlockDER, _ := pem.Decode(key)
 	if keyBlockDER == nil {

certificate/certificates.go

@@ -292,7 +292,7 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
 	}
 
 	if respOrder.Status == acme.StatusValid {
-		// if the certificate is available right away, short cut!
+		// if the certificate is available right away, shortcut!
 		ok, errR := c.checkResponse(respOrder, certRes, bundle, preferredChain)
 		if errR != nil {
 			return nil, errR

challenge/dns01/nameserver.go

@@ -264,7 +264,7 @@ func sendDNSQuery(m *dns.Msg, ns string) (*dns.Msg, error) {
 
 	if in != nil && in.Truncated {
 		tcp := &dns.Client{Net: "tcp", Timeout: dnsTimeout}
-		// If the TCP request succeeds, the err will reset to nil
+		// If the TCP request succeeds, the "err" will reset to nil
 		in, _, err = tcp.Exchange(m, ns)
 	}
 

challenge/dns01/precheck_test.go

@@ -37,8 +37,8 @@ func TestCheckDNSPropagation(t *testing.T) {
 
 			ok, err := check.checkDNSPropagation(test.fqdn, test.value)
 			if test.expectError {
-				assert.Errorf(t, err, "PreCheckDNS must failed for %s", test.fqdn)
+				assert.Errorf(t, err, "PreCheckDNS must fail for %s", test.fqdn)
-				assert.False(t, ok, "PreCheckDNS must failed for %s", test.fqdn)
+				assert.False(t, ok, "PreCheckDNS must fail for %s", test.fqdn)
 			} else {
 				assert.NoErrorf(t, err, "PreCheckDNS failed for %s", test.fqdn)
 				assert.True(t, ok, "PreCheckDNS failed for %s", test.fqdn)

challenge/resolver/prober.go

@@ -128,7 +128,7 @@ func sequentialSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
 }
 
 func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
-	// For all valid preSolvers, first submit the challenges so they have max time to propagate
+	// For all valid preSolvers, first submit the challenges, so they have max time to propagate
 	for _, authSolver := range authSolvers {
 		authz := authSolver.authz
 		if solvr, ok := authSolver.solver.(preSolver); ok {

challenge/tlsalpn01/tls_alpn_challenge_server.go

@@ -40,7 +40,7 @@ func (s *ProviderServer) GetAddress() string {
 	return net.JoinHostPort(s.iface, s.port)
 }
 
-// Present generates a certificate with a SHA-256 digest of the keyAuth provided
+// Present generates a certificate with an SHA-256 digest of the keyAuth provided
 // as the acmeValidation-v1 extension value to conform to the ACME-TLS-ALPN spec.
 func (s *ProviderServer) Present(domain, token, keyAuth string) error {
 	if s.port == "" {

cmd/zz_gen_cmd_dnshelp.go

@@ -1310,7 +1310,7 @@ func displayDNSHelp(w io.Writer, name string) error {
 
 		ew.writeln(`Credentials:`)
 		ew.writeln(`	- "SOFTLAYER_API_KEY":	Classic Infrastructure API key`)
-		ew.writeln(`	- "SOFTLAYER_USERNAME":	User name (IBM Cloud is <accountID>_<emailAddress>)`)
+		ew.writeln(`	- "SOFTLAYER_USERNAME":	Username (IBM Cloud is <accountID>_<emailAddress>)`)
 		ew.writeln()
 
 		ew.writeln(`Additional Configuration:`)
@@ -2709,7 +2709,7 @@ func displayDNSHelp(w io.Writer, name string) error {
 
 		ew.writeln(`Credentials:`)
 		ew.writeln(`	- "YANDEX_CLOUD_FOLDER_ID":	The string id of folder (aka project) in Yandex Cloud`)
-		ew.writeln(`	- "YANDEX_CLOUD_IAM_TOKEN":	The base64 encoded json which contains inforamtion about iam token of serivce account with 'dns.admin' permissions`)
+		ew.writeln(`	- "YANDEX_CLOUD_IAM_TOKEN":	The base64 encoded json which contains information about iam token of serivce account with 'dns.admin' permissions`)
 		ew.writeln()
 
 		ew.writeln(`Additional Configuration:`)

docs/content/dns/manual.md

@@ -21,7 +21,7 @@ To start using the CLI prompt "provider", start lego with `--dns manual`:
 $ lego --email "you@example.com" --domains="example.com" --dns "manual" run
 ```
 
-What follows are a few log print outs, interspersed with some prompts, asking for you to do perform some actions:
+What follows are a few log print-outs, interspersed with some prompts, asking for you to do perform some actions:
 
 ```txt
 No key found for account you@example.com. Generating a P256 key.

docs/content/dns/zz_gen_cloudflare.md

@@ -85,7 +85,7 @@ very specific access can be granted to your resources at Cloudflare.
 See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
 
 The main resources Lego cares for are the DNS entries for your Zones.
-It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
+It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
 
 Hence, you should create an API token with the following permissions:
 

docs/content/dns/zz_gen_dnsimple.md

@@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
 
 While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
-DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge.
+DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.
 
 To authenticate you need to provide a valid API token.
 HTTP Basic Authentication is intentionally not supported.
@@ -69,7 +69,7 @@ HTTP Basic Authentication is intentionally not supported.
 ### API tokens
 
 You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
-Only Account API tokens are supported, if you try to use an User API token you will receive an error message.
+Only Account API tokens are supported, if you try to use a User API token you will receive an error message.
 
 
 

docs/content/dns/zz_gen_edgedns.md

@@ -62,7 +62,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
 More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 
-Akamai credentials are automatically detected in the following locations and prioritized in the following order:
+Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
 
 1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
   - `AKAMAI_{SECTION}_HOST`

docs/content/dns/zz_gen_httpreq.md

@@ -64,7 +64,7 @@ The server must provide:
 - `POST` `/present`
 - `POST` `/cleanup`
 
-The URL of the server must be define by `HTTPREQ_ENDPOINT`.
+The URL of the server must be defined by `HTTPREQ_ENDPOINT`.
 
 ### Mode
 

docs/content/dns/zz_gen_ibmcloud.md

@@ -39,7 +39,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run
 | Environment Variable Name | Description |
 |-----------------------|-------------|
 | `SOFTLAYER_API_KEY` | Classic Infrastructure API key |
-| `SOFTLAYER_USERNAME` | User name (IBM Cloud is <accountID>_<emailAddress>) |
+| `SOFTLAYER_USERNAME` | Username (IBM Cloud is <accountID>_<emailAddress>) |
 
 The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
 More information [here]({{< ref "dns#configuration-and-credentials" >}}).

docs/content/dns/zz_gen_joker.md

@@ -78,7 +78,7 @@ In the SVC mode, username and passsword are not your email and account passwords
 
 As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
 
-> 1. please login at Joker.com, visit 'My Domains',
+> 1. please log in at Joker.com, visit 'My Domains',
 >    find the domain you want to add  Let's Encrypt certificate for, and chose "DNS" in the menu
 >
 > 2. on the top right, you will find the setting for 'Dynamic DNS'.

docs/content/dns/zz_gen_nicmanager.md

@@ -80,7 +80,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 
 ## Description
 
-You can login using your account name + username or using your email address.
+You can log in using your account name + username or using your email address.
 Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.
 
 

docs/content/dns/zz_gen_ovh.md

@@ -65,7 +65,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 
 Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
 
-When requesting the consumer key, the following configuration can be use to define access rights:
+When requesting the consumer key, the following configuration can be used to define access rights:
 
 ```json
 {

docs/content/dns/zz_gen_rcodezero.md

@@ -58,7 +58,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 ## Description
 
 Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
-This are special tokens with limited access for ACME requests only.
+These are special tokens with limited access for ACME requests only.
 
 RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.
 

docs/content/dns/zz_gen_route53.md

@@ -123,7 +123,7 @@ so it is recommended to narrow them down as much as possible if you are using th
 
 ### Least privilege policy for production purposes
 
-The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge.
+The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
 Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
 Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.
 

docs/content/dns/zz_gen_sonic.md

@@ -73,7 +73,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de
 
 This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
 
-Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`.
+Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`.
 
 
 

docs/content/dns/zz_gen_vkcloud.md

@@ -61,7 +61,7 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
 More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 
-## Credential inforamtion
+## Credential information
 
 You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.
 

docs/content/dns/zz_gen_yandexcloud.md

@@ -52,7 +52,7 @@ lego --email you@example.com --dns yandexcloud --domains "example.org" --domains
 | Environment Variable Name | Description |
 |-----------------------|-------------|
 | `YANDEX_CLOUD_FOLDER_ID` | The string id of folder (aka project) in Yandex Cloud |
-| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions |
+| `YANDEX_CLOUD_IAM_TOKEN` | The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions |
 
 The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
 More information [here]({{< ref "dns#configuration-and-credentials" >}}).

docs/content/usage/cli/Obtain-a-Certificate.md

@@ -49,7 +49,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers,
 and you need to pick the one where your domain's DNS settings are set up.
 Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.
 
-For this example, let's assume you have setup CloudFlare for your domain.
+For this example, let's assume you have set up CloudFlare for your domain.
 
 Execute this command:
 

docs/content/usage/cli/Options.md

@@ -34,11 +34,11 @@ To run the CLI without `sudo`, you have four options:
 
 ## Port Usage
 
-By default lego assumes it is able to bind to ports 80 and 443 to solve challenges.
+By default, lego assumes it is able to bind to ports 80 and 443 to solve challenges.
 If this is not possible in your environment, you can use the `--http.port` and `--tls.port` options to instruct
 lego to listen on that interface:port for any incoming challenges.
 
-If you are using this option, make sure you proxy all of the following traffic to these ports.
+If you are using either of these options, make sure you setup a proxy to redirect traffic to the chosen ports.
 
 **HTTP Port:** All plaintext HTTP requests to port **80** which begin with a request path of `/.well-known/acme-challenge/` for the HTTP challenge[^header].
 
@@ -77,7 +77,7 @@ Remember that some ACME providers impose a rate limit on certain actions (at the
 There are also situations, where this verification step doesn't work as expected:
 
 - A "split DNS" setup gives different answers to clients on the internal network (Lego) vs. on the public internet (Let's Encrypt).
-- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagate to the (public) secondary servers, yet.
+- With "hidden master" setups, Lego may be able to directly talk to the primary DNS server, while the `_acme-challenge` record might not have fully propagated to the (public) secondary servers, yet.
 
 The effect is the same: Lego determined the challenge token to be installed correctly, while Let's Encrypt has a different view, and rejects the certificate order.
 

docs/content/usage/cli/Renew-a-Certificate.md

@@ -36,7 +36,7 @@ lego comes with [support for many]({{< ref "dns#dns-providers" >}}) providers,
 and you need to pick the one where your domain's DNS settings are set up.
 Typically, this is the registrar where you bought the domain, but in some cases this can be another third-party provider.
 
-For this example, let's assume you have setup CloudFlare for your domain.
+For this example, let's assume you have set up CloudFlare for your domain.
 
 Execute this command:
 
@@ -107,4 +107,4 @@ RandomizedDelaySec=1h
 WantedBy=timers.target
 ```
 
-[^loadspikes]: See [Github issue #1656](https://github.com/go-acme/lego/issues/1656) for an excellent problem description.
+[^loadspikes]: See [GitHub issue #1656](https://github.com/go-acme/lego/issues/1656) for an excellent problem description.

docs/content/usage/library/_index.md

@@ -4,7 +4,7 @@ date: 2019-03-03T16:39:46+01:00
 draft: false
 ---
 
-Lego can be use as a Go Library.
+Lego can be used as a Go Library.
 
 <!--more-->
 

e2e/fixtures/certs/README.md

@@ -1,7 +1,7 @@
 # certs/
 
 This directory contains a CA certificate (`pebble.minica.pem`) and a private key
-(`pebble.minica.key.pem`) that are used to issue a end-entity certificate (See
+(`pebble.minica.key.pem`) that are used to issue an end-entity certificate (See
 `certs/localhost`)  for the Pebble HTTPS server.
 
 To get your **testing code** to use Pebble without HTTPS errors you should
@@ -14,12 +14,11 @@ code!!! The CA's private key is **public** and anyone can use it to issue
 certificates that will be trusted by a system with the Pebble CA in the trust
 store.
 
-To re-create all of the Pebble certificates run:
+To re-create all certificates used by Pebble, run:
 
     minica -ca-cert pebble.minica.pem \
            -ca-key pebble.minica.key.pem \
            -domains localhost,pebble \
            -ip-addresses 127.0.0.1
 
-From the `test/certs/` directory after [installing
+From the `test/certs/` directory after [installing MiniCA](https://github.com/jsha/minica#installation)
-MiniCA](https://github.com/jsha/minica#installation)

lego/client_config.go

@@ -29,7 +29,7 @@ const (
 
 	// caServerNameEnvVar is the environment variable name that can be used to
 	// specify the CA server name that can be used to
-	// authenticate an ACME server with a HTTPS certificate not issued by a CA in
+	// authenticate an ACME server with an HTTPS certificate not issued by a CA in
 	// the system-wide trusted root list.
 	caServerNameEnvVar = "LEGO_CA_SERVER_NAME"
 

platform/config/env/env.go

@@ -95,7 +95,7 @@ func getOneWithFallback(main string, names ...string) (string, string) {
 }
 
 // GetOrDefaultInt returns the given environment variable value as an integer.
-// Returns the default if the envvar cannot be coopered to an int, or is not found.
+// Returns the default if the env var cannot be coopered to an int, or is not found.
 func GetOrDefaultInt(envVar string, defaultValue int) int {
 	v, err := strconv.Atoi(GetOrFile(envVar))
 	if err != nil {
@@ -105,8 +105,8 @@ func GetOrDefaultInt(envVar string, defaultValue int) int {
 	return v
 }
 
-// GetOrDefaultSecond returns the given environment variable value as an time.Duration (second).
+// GetOrDefaultSecond returns the given environment variable value as a time.Duration (second).
-// Returns the default if the envvar cannot be coopered to an int, or is not found.
+// Returns the default if the env var cannot be coopered to an int, or is not found.
 func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration {
 	v := GetOrDefaultInt(envVar, -1)
 	if v < 0 {
@@ -117,7 +117,7 @@ func GetOrDefaultSecond(envVar string, defaultValue time.Duration) time.Duration
 }
 
 // GetOrDefaultString returns the given environment variable value as a string.
-// Returns the default if the envvar cannot be find.
+// Returns the default if the env var cannot be found.
 func GetOrDefaultString(envVar, defaultValue string) string {
 	v := GetOrFile(envVar)
 	if v == "" {
@@ -128,7 +128,7 @@ func GetOrDefaultString(envVar, defaultValue string) string {
 }
 
 // GetOrDefaultBool returns the given environment variable value as a boolean.
-// Returns the default if the envvar cannot be coopered to a boolean, or is not found.
+// Returns the default if the env var cannot be coopered to a boolean, or is not found.
 func GetOrDefaultBool(envVar string, defaultValue bool) bool {
 	v, err := strconv.ParseBool(GetOrFile(envVar))
 	if err != nil {

platform/tester/env.go

@@ -48,7 +48,7 @@ func (e *EnvTest) WithLiveTestRequirements(keys ...string) *EnvTest {
 
 	for _, key := range keys {
 		if e.domainKey != key && !e.isManagedKey(key) {
-			panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed or it's not the key of the domain.", key))
+			panic(fmt.Sprintf("Unauthorized action, the env var %s is not managed, or it's not the key of the domain.", key))
 		}
 
 		if e.domainKey == key {

providers/dns/azure/azure.go

@@ -204,7 +204,7 @@ func getAuthorizer(config *Config) (autorest.Authorizer, error) {
 	return auth.NewAuthorizerFromEnvironment()
 }
 
-// Fetches metadata from environment or he instance metadata service.
+// Fetches metadata from environment or the instance metadata service.
 // borrowed from https://github.com/Microsoft/azureimds/blob/master/imdssample.go
 func getMetadata(config *Config, field string) (string, error) {
 	metadataEndpoint := config.MetadataEndpoint

providers/dns/bluecat/internal/client.go

@@ -200,7 +200,7 @@ func (c *Client) LookupViewID(ctx context.Context, configName, viewName string)
 	return view.ID, nil
 }
 
-// LookupParentZoneID Return the entityId of the parent zone by recursing from the root view.
+// LookupParentZoneID returns the entityId of the parent zone by iterating through the root labels.
 // Also return the simple name of the host.
 func (c *Client) LookupParentZoneID(ctx context.Context, viewID uint, fqdn string) (uint, string, error) {
 	if fqdn == "" {

providers/dns/cloudflare/cloudflare.go

@@ -63,7 +63,7 @@ type DNSProvider struct {
 // For a more paranoid setup, provide CLOUDFLARE_DNS_API_TOKEN and CLOUDFLARE_ZONE_API_TOKEN.
 //
 // The email and API key should be avoided, if possible.
-// Instead setup a API token with both Zone:Read and DNS:Edit permission, and pass the CLOUDFLARE_DNS_API_TOKEN environment variable.
+// Instead, set up an API token with both Zone:Read and DNS:Edit permission, and pass the CLOUDFLARE_DNS_API_TOKEN environment variable.
 // You can split the Zone:Read and DNS:Edit permissions across multiple API tokens:
 // in this case pass both CLOUDFLARE_ZONE_API_TOKEN and CLOUDFLARE_DNS_API_TOKEN accordingly.
 func NewDNSProvider() (*DNSProvider, error) {

providers/dns/cloudflare/cloudflare.toml

@@ -33,7 +33,7 @@ very specific access can be granted to your resources at Cloudflare.
 See this [Cloudflare announcement](https://blog.cloudflare.com/api-tokens-general-availability/) for details.
 
 The main resources Lego cares for are the DNS entries for your Zones.
-It also need to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
+It also needs to resolve a domain name to an internal Zone ID in order to manipulate DNS entries.
 
 Hence, you should create an API token with the following permissions:
 

providers/dns/conoha/conoha.go

@@ -105,7 +105,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 
 	tokens, err := identifier.GetToken(context.TODO(), auth)
 	if err != nil {
-		return nil, fmt.Errorf("conoha: failed to login: %w", err)
+		return nil, fmt.Errorf("conoha: failed to log in: %w", err)
 	}
 
 	client, err := internal.NewClient(config.Region, tokens.Access.Token.ID)

providers/dns/conoha/conoha_test.go

@@ -29,7 +29,7 @@ func TestNewDNSProvider(t *testing.T) {
 				EnvAPIUsername: "api_username",
 				EnvAPIPassword: "api_password",
 			},
-			expected: `conoha: failed to login: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
+			expected: `conoha: failed to log in: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
 		},
 		{
 			desc: "missing credentials",
@@ -99,7 +99,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
 	}{
 		{
 			desc:     "complete credentials, but login failed",
-			expected: `conoha: failed to login: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
+			expected: `conoha: failed to log in: unexpected status code: [status code: 401] body: {"unauthorized":{"message":"Invalid user: api_username","code":401}}`,
 			tenant:   "tenant_id",
 			username: "api_username",
 			password: "api_password",

providers/dns/constellix/internal/auth.go

@@ -23,7 +23,7 @@ type TokenTransport struct {
 	Transport http.RoundTripper
 }
 
-// NewTokenTransport Creates a HTTP transport for API authentication.
+// NewTokenTransport Creates an HTTP transport for API authentication.
 func NewTokenTransport(apiKey, secretKey string) (*TokenTransport, error) {
 	if apiKey == "" {
 		return nil, errors.New("credentials missing: API key")

providers/dns/dnsimple/dnsimple.toml

@@ -16,7 +16,7 @@ Additional = '''
 if `DNSIMPLE_BASE_URL` is not defined or empty, the production URL is used by default.
 
 While you can manage DNS records in the [DNSimple Sandbox environment](https://developer.dnsimple.com/sandbox/),
-DNS records will not resolve and you will not be able to satisfy the ACME DNS challenge.
+DNS records will not resolve, and you will not be able to satisfy the ACME DNS challenge.
 
 To authenticate you need to provide a valid API token.
 HTTP Basic Authentication is intentionally not supported.
@@ -24,7 +24,7 @@ HTTP Basic Authentication is intentionally not supported.
 ### API tokens
 
 You can [generate a new API token](https://support.dnsimple.com/articles/api-access-token/) from your account page.
-Only Account API tokens are supported, if you try to use an User API token you will receive an error message.
+Only Account API tokens are supported, if you try to use a User API token you will receive an error message.
 '''
 
 [Configuration]

providers/dns/domeneshop/internal/client.go

@@ -17,7 +17,7 @@ import (
 const defaultBaseURL string = "https://api.domeneshop.no/v0"
 
 // Client implements a very simple wrapper around the Domeneshop API.
-// For now it will only deal with adding and removing TXT records, as required by ACME providers.
+// For now, it will only deal with adding and removing TXT records, as required by ACME providers.
 // https://api.domeneshop.no/docs/
 type Client struct {
 	apiToken  string

providers/dns/dynu/internal/auth.go

@@ -16,7 +16,7 @@ type TokenTransport struct {
 	Transport http.RoundTripper
 }
 
-// NewTokenTransport Creates a HTTP transport for API authentication.
+// NewTokenTransport Creates an HTTP transport for API authentication.
 func NewTokenTransport(apiKey string) (*TokenTransport, error) {
 	if apiKey == "" {
 		return nil, errors.New("credentials missing: API key")

providers/dns/dynu/internal/client.go

@@ -110,7 +110,7 @@ func (c Client) GetRootDomain(ctx context.Context, hostname string) (*DNSHostnam
 	return &apiResp, nil
 }
 
-// doRetry the API is really unstable so we need to retry on EOF.
+// doRetry the API is really unstable, so we need to retry on EOF.
 func (c Client) doRetry(ctx context.Context, method, uri string, body []byte, result any) error {
 	operation := func() error {
 		return c.do(ctx, method, uri, body, result)

providers/dns/edgedns/edgedns.go

@@ -62,7 +62,7 @@ type DNSProvider struct {
 }
 
 // NewDNSProvider returns a DNSProvider instance configured for Akamai EdgeDNS:
-// Akamai credentials are automatically detected in the following locations and prioritized in the following order:
+// Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
 //
 // 1. Section-specific environment variables `AKAMAI_{SECTION}_HOST`, `AKAMAI_{SECTION}_ACCESS_TOKEN`, `AKAMAI_{SECTION}_CLIENT_TOKEN`, `AKAMAI_{SECTION}_CLIENT_SECRET` where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`
 // 2. If `AKAMAI_EDGERC_SECTION` is not defined or is set to `default`: Environment variables `AKAMAI_HOST`, `AKAMAI_ACCESS_TOKEN`, `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`

providers/dns/edgedns/edgedns.toml

@@ -15,7 +15,7 @@ lego --email you@example.com --dns edgedns --domains my.example.org run
 '''
 
 Additional = '''
-Akamai credentials are automatically detected in the following locations and prioritized in the following order:
+Akamai's credentials are automatically detected in the following locations and prioritized in the following order:
 
 1. Section-specific environment variables (where `{SECTION}` is specified using `AKAMAI_EDGERC_SECTION`):
   - `AKAMAI_{SECTION}_HOST`

providers/dns/glesys/glesys.go

@@ -14,11 +14,7 @@ import (
 	"github.com/go-acme/lego/v4/providers/dns/glesys/internal"
 )
 
-const (
+const minTTL = 60
-	// defaultBaseURL is the GleSYS API endpoint used by Present and CleanUp.
-	defaultBaseURL = "https://api.glesys.com/domain"
-	minTTL         = 60
-)
 
 // Environment variables names.
 const (

providers/dns/httpreq/httpreq.go

@@ -1,4 +1,4 @@
-// Package httpreq implements a DNS provider for solving the DNS-01 challenge through a HTTP server.
+// Package httpreq implements a DNS provider for solving the DNS-01 challenge through an HTTP server.
 package httpreq
 
 import (

providers/dns/httpreq/httpreq.toml

@@ -17,7 +17,7 @@ The server must provide:
 - `POST` `/present`
 - `POST` `/cleanup`
 
-The URL of the server must be define by `HTTPREQ_ENDPOINT`.
+The URL of the server must be defined by `HTTPREQ_ENDPOINT`.
 
 ### Mode
 

providers/dns/hurricane/internal/client.go

@@ -113,7 +113,7 @@ func evaluateBody(body string, hostname string) error {
 	case codeAbuse:
 		return fmt.Errorf("%s: blocked hostname for abuse: %s", body, hostname)
 	case codeBadAgent:
-		return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on Github", body)
+		return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on GitHub", body)
 	case codeBadAuth:
 		return fmt.Errorf("%s: wrong authentication token provided for TXT record %s", body, hostname)
 	case codeInterval:

providers/dns/ibmcloud/ibmcloud.toml

@@ -12,7 +12,7 @@ lego --email you@example.com --dns ibmcloud --domains my.example.org run
 
 [Configuration]
   [Configuration.Credentials]
-    SOFTLAYER_USERNAME = "User name (IBM Cloud is <accountID>_<emailAddress>)"
+    SOFTLAYER_USERNAME = "Username (IBM Cloud is <accountID>_<emailAddress>)"
     SOFTLAYER_API_KEY = "Classic Infrastructure API key"
   [Configuration.Additional]
     SOFTLAYER_POLLING_INTERVAL = "Time between DNS propagation check"

providers/dns/internal/selectel/client.go

@@ -55,7 +55,7 @@ func (c *Client) GetDomainByName(ctx context.Context, domainName string) (*Domai
 	statusCode, err := c.do(req, domain)
 	if err != nil {
 		if statusCode == http.StatusNotFound && strings.Count(domainName, ".") > 1 {
-			// Look up for the next sub domain
+			// Look up for the next subdomain
 			subIndex := strings.Index(domainName, ".")
 			return c.GetDomainByName(ctx, domainName[subIndex+1:])
 		}

providers/dns/inwx/inwx.go

@@ -108,7 +108,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	defer func() {
 		errL := d.client.Account.Logout()
 		if errL != nil {
-			log.Infof("inwx: failed to logout: %v", errL)
+			log.Infof("inwx: failed to log out: %v", errL)
 		}
 	}()
 
@@ -158,7 +158,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	defer func() {
 		errL := d.client.Account.Logout()
 		if errL != nil {
-			log.Infof("inwx: failed to logout: %v", errL)
+			log.Infof("inwx: failed to log out: %v", errL)
 		}
 	}()
 
@@ -199,7 +199,7 @@ func (d *DNSProvider) twoFactorAuth(info *goinwx.LoginResponse) error {
 	}
 
 	if d.config.SharedSecret == "" {
-		return errors.New("two factor authentication but no shared secret is given")
+		return errors.New("two-factor authentication but no shared secret is given")
 	}
 
 	tan, err := totp.GenerateCode(d.config.SharedSecret, time.Now())

providers/dns/joker/joker.toml

@@ -29,7 +29,7 @@ In the SVC mode, username and passsword are not your email and account passwords
 
 As per [Joker.com documentation](https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html):
 
-> 1. please login at Joker.com, visit 'My Domains',
+> 1. please log in at Joker.com, visit 'My Domains',
 >    find the domain you want to add  Let's Encrypt certificate for, and chose "DNS" in the menu
 >
 > 2. on the top right, you will find the setting for 'Dynamic DNS'.

providers/dns/loopia/loopia.go

@@ -192,7 +192,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 
 	err = d.client.RemoveSubdomain(ctx, authZone, subDomain)
 	if err != nil {
-		return fmt.Errorf("loopia: failed to remove sub-domain: %w", err)
+		return fmt.Errorf("loopia: failed to remove subdomain: %w", err)
 	}
 
 	return nil

providers/dns/loopia/loopia_mock_test.go

@@ -149,10 +149,10 @@ func TestDNSProvider_Cleanup(t *testing.T) {
 			callGetTXTRecords:    true,
 			callRemoveSubdomain:  true,
 
-			expectedError: `loopia: failed to remove sub-domain: unknown error: "UNKNOWN_ERROR"`,
+			expectedError: `loopia: failed to remove subdomain: unknown error: "UNKNOWN_ERROR"`,
 		},
 		{
-			desc: "Dont call removeSubdomain when records",
+			desc: "Don't call removeSubdomain when records",
 
 			getTXTRecordsReturn: []internal.RecordObj{{Type: "TXT", Rdata: "LEFTOVER"}},
 			callAddTXTRecord:    true,

providers/dns/namecheap/namecheap.go

@@ -18,17 +18,16 @@ import (
 )
 
 // Notes about namecheap's tool API:
-// 1. Using the API requires registration. Once registered, use your account
+// 1. Using the API requires registration.
-//    name and API key to access the API.
+//    Once registered, use your account name and API key to access the API.
-// 2. There is no API to add or modify a single DNS record. Instead you must
+// 2. There is no API to add or modify a single DNS record.
-//    read the entire list of records, make modifications, and then write the
+//    Instead, you must read the entire list of records, make modifications,
-//    entire updated list of records.  (Yuck.)
+//    and then write the entire updated list of records. (Yuck.)
-// 3. Namecheap's DNS updates can be slow to propagate. I've seen them take
+// 3. Namecheap's DNS updates can be slow to propagate.
-//    as long as an hour.
+//    I've seen them take as long as an hour.
-// 4. Namecheap requires you to whitelist the IP address from which you call
+// 4. Namecheap requires you to whitelist the IP address from which you call its APIs.
-//    its APIs. It also requires all API calls to include the whitelisted IP
+//    It also requires all API calls to include the whitelisted IP address as a form or query string value.
-//    address as a form or query string value. This code uses a namecheap
+//    This code uses a namecheap service to query the client's IP address.
-//    service to query the client's IP address.
 
 // Environment variables names.
 const (

providers/dns/nicmanager/nicmanager.go

@@ -201,5 +201,5 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		}
 	}
 
-	return fmt.Errorf("nicmanager: no record found to cleanup")
+	return fmt.Errorf("nicmanager: no record found to clean up")
 }

providers/dns/nicmanager/nicmanager.toml

@@ -30,7 +30,7 @@ lego --email you@example.com --dns nicmanager --domains my.example.org run
 Additional = '''
 ## Description
 
-You can login using your account name + username or using your email address.
+You can log in using your account name + username or using your email address.
 Optionally if TOTP is configured for your account, set `NICMANAGER_API_OTP`.
 '''
 

providers/dns/oraclecloud/oraclecloud.go

@@ -161,7 +161,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	}
 
 	if *domainRecords.OpcTotalItems == 0 {
-		return errors.New("oraclecloud: no record to CleanUp")
+		return errors.New("oraclecloud: no record to clean up")
 	}
 
 	var deleteHash *string
@@ -173,7 +173,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	}
 
 	if deleteHash == nil {
-		return errors.New("oraclecloud: no record to CleanUp")
+		return errors.New("oraclecloud: no record to clean up")
 	}
 
 	recordOperation := dns.RecordOperation{

providers/dns/ovh/ovh.toml

@@ -17,7 +17,7 @@ Additional = '''
 
 Application key and secret can be created by following the [OVH guide](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/).
 
-When requesting the consumer key, the following configuration can be use to define access rights:
+When requesting the consumer key, the following configuration can be used to define access rights:
 
 ```json
 {

providers/dns/rcodezero/rcodezero.toml

@@ -13,7 +13,7 @@ Additional = '''
 ## Description
 
 Generate your API Token via https://my.rcodezero.at with the `ACME` permissions.
-This are special tokens with limited access for ACME requests only.
+These are special tokens with limited access for ACME requests only.
 
 RcodeZero is an Anycast Network so the distribution of the DNS01-Challenge can take up to 2 minutes.
 

providers/dns/rfc2136/rfc2136_test.go

@@ -85,7 +85,7 @@ func TestServerError(t *testing.T) {
 	err = provider.Present(fakeDomain, "", fakeKeyAuth)
 	require.Error(t, err)
 	if !strings.Contains(err.Error(), "NOTZONE") {
-		t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string but it did not: %v", err)
+		t.Errorf("Expected Present() to return an error with the 'NOTZONE' rcode string, but it did not: %v", err)
 	}
 }
 

providers/dns/route53/route53.go

@@ -95,7 +95,7 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(NewDefaultConfig())
 }
 
-// NewDNSProviderConfig takes a given config ans returns a custom configured DNSProvider instance.
+// NewDNSProviderConfig takes a given config and returns a custom configured DNSProvider instance.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
 		return nil, errors.New("route53: the configuration of the Route53 DNS provider is nil")

providers/dns/route53/route53.toml

@@ -70,7 +70,7 @@ so it is recommended to narrow them down as much as possible if you are using th
 
 ### Least privilege policy for production purposes
 
-The following AWS IAM policy document describes least privilege permissions required for lego to complete the DNS challenge.
+The following AWS IAM policy document describes the least privilege permissions required for lego to complete the DNS challenge.
 Write access is limited to a specified hosted zone's DNS TXT records with a key of `_acme-challenge.example.com`.
 Replace `Z11111112222222333333` with your hosted zone ID and `example.com` with your domain name to use this policy.
 

providers/dns/sonic/sonic.toml

@@ -26,7 +26,7 @@ See https://public-api.sonic.net/dyndns/#requesting_an_api_key for additional de
 
 This `userid` and `apikey` combo allow modifications to any DNS entries connected to the managed domain (hostname).
 
-Hostname should be the toplevel domain managed e.g `example.com` not `www.example.com`.
+Hostname should be the toplevel domain managed e.g. `example.com` not `www.example.com`.
 '''
 
 [Configuration]

providers/dns/transip/transip_test.go

@@ -81,7 +81,7 @@ func TestNewDNSProvider(t *testing.T) {
 	}
 
 	// The error message for a file not existing is different on Windows and Linux.
-	// Therefore we test if the error type is the same.
+	// Therefore, we test if the error type is the same.
 	t.Run("could not open private key path", func(t *testing.T) {
 		defer envTest.RestoreEnv()
 		envTest.ClearEnv()
@@ -144,7 +144,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
 	}
 
 	// The error message for a file not existing is different on Windows and Linux.
-	// Therefore we test if the error type is the same.
+	// Therefore, we test if the error type is the same.
 	t.Run("could not open private key path", func(t *testing.T) {
 		config := NewDefaultConfig()
 		config.AccountName = "johndoe"

providers/dns/vkcloud/vkcloud.toml

@@ -12,7 +12,7 @@ lego --email you@example.com --dns vkcloud --domains "example.org" --domains "*.
 '''
 
 Additional = '''
-## Credential inforamtion
+## Credential information
 
 You can find all required and additional information on ["Project/Keys" page](https://mcs.mail.ru/app/en/project/keys) of your cloud.
 

providers/dns/wedos/internal/token.go

@@ -38,7 +38,7 @@ func czechHour() int {
 
 func utcToCet(utc time.Time) time.Time {
 	// https://en.wikipedia.org/wiki/Central_European_Time
-	// As of 2011, all member states of the European Union observe summer time (daylight saving time),
+	// As of 2011, all member states of the European Union observe Summer Time (daylight saving time),
 	// from the last Sunday in March to the last Sunday in October.
 	// States within the CET area switch to Central European Summer Time (CEST -- UTC+02:00) for the summer.[1]
 	utcMonth := utc.Month()

providers/dns/yandexcloud/yandexcloud.toml

@@ -37,7 +37,7 @@ cat key.json | base64
 
 [Configuration]
   [Configuration.Credentials]
-    YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains inforamtion about iam token of serivce account with `dns.admin` permissions"
+    YANDEX_CLOUD_IAM_TOKEN = "The base64 encoded json which contains information about iam token of serivce account with `dns.admin` permissions"
     YANDEX_CLOUD_FOLDER_ID = "The string id of folder (aka project) in Yandex Cloud"
   [Configuration.Additional]
     YANDEX_CLOUD_POLLING_INTERVAL = "Time between DNS propagation check"

providers/http/memcached/memcached.go

@@ -1,5 +1,4 @@
-// Package memcached implements a HTTP provider for solving the HTTP-01 challenge using memcached
+// Package memcached implements an HTTP provider for solving the HTTP-01 challenge using memcached in combination with a webserver.
-// in combination with a webserver.
 package memcached
 
 import (

providers/http/s3/s3.go

@@ -1,4 +1,4 @@
-// Package s3 implements a HTTP provider for solving the HTTP-01 challenge using web server's root path.
+// Package s3 implements an HTTP provider for solving the HTTP-01 challenge using AWS S3.
 package s3
 
 import (

providers/http/s3/s3_test.go

@@ -1,5 +1,3 @@
-// Package s3 implements a HTTP provider for solving the HTTP-01 challenge
-// using AWS S3 in combination with AWS CloudFront.
 package s3
 
 import (

providers/http/webroot/webroot.go

@@ -1,4 +1,4 @@
-// Package webroot implements a HTTP provider for solving the HTTP-01 challenge using web server's root path.
+// Package webroot implements an HTTP provider for solving the HTTP-01 challenge using web server's root path.
 package webroot
 
 import (