From 620500495eaa83a8d6a6e1be473f1315a00cc43d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=BDiga=20Kokelj?= <ziga.kokelj@gmail.com>
Date: Mon, 2 Dec 2024 16:01:20 +0100
Subject: [PATCH] comment added

---
 tools/walletextension/walletextension_container.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tools/walletextension/walletextension_container.go b/tools/walletextension/walletextension_container.go
index 5ecc51246..b9cbbc2a5 100644
--- a/tools/walletextension/walletextension_container.go
+++ b/tools/walletextension/walletextension_container.go
@@ -74,6 +74,14 @@ func NewContainerFromConfig(config wecommon.Config, logger gethlog.Logger) *Cont
 	// check if TLS is enabled
 	if config.EnableTLS {
 		// Create autocert manager for automatic certificate management
+		// Generating a certificate consists of the following steps:
+		// generating a new private key
+		// domain ownership verification (HTTP-01 challenge since certManager.HTTPHandler(nil) is set)
+		// Certificate Signing Request (CRS) is generated
+		// CRS is sent to CA (Let's Encrypt) via ACME (automated certificate management environment) client
+		// CA verifies CRS and issues a certificate
+		// we store store certificate and private key (in memory and also in on a mounted volume attached to docker container - /data/certs/)
+
 		certManager := &autocert.Manager{
 			Prompt:     autocert.AcceptTOS,
 			HostPolicy: autocert.HostWhitelist(config.TLSDomain),