docs: Add links to DNS provider support; remove tabs from bash command

src/docs/markdown/automatic-https.md

@@ -164,11 +164,9 @@ This challenge is enabled by default and does not require explicit configuration
 
 The DNS challenge performs an authoritative DNS lookup for the candidate hostname's TXT records, and looks for a special TXT record with a certain value. If the CA sees the expected value, a certificate is issued.
 
-This challenge does not require any open ports, and the server requesting a certificate does not need to be externally accessible.
+This challenge does not require any open ports, and the server requesting a certificate does not need to be externally accessible. However, the DNS challenge requires configuration. Caddy needs to know the credentials to access your domain's DNS provider so it can set (and clear) the special TXT records. If the DNS challenge is enabled, other challenges are disabled by default.
 
-However, the DNS challenge requires configuration. Caddy needs to know the credentials to access your domain's DNS provider so it can set (and clear) the special TXT records.
-
-If the DNS challenge is enabled, other challenges are disabled by default.
+DNS provider support is a community effort. [Learn how to enable the DNS challenge for your provider at our wiki.](https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148)
 
 
 ## On-Demand TLS

src/docs/markdown/caddyfile/directives/tls.md

@@ -60,7 +60,7 @@ tls [internal|<email>] | [<cert_file> <key_file>] {
 - **load** specifies a list of folders from which to load PEM files that are certificate+key bundles.
 - **ca** changes the ACME CA endpoint. This is most often used to use [Let's Encrypt's staging endpoint](https://letsencrypt.org/docs/staging-environment/) or an internal ACME server. (To change this value for the whole Caddyfile, use the `acme_ca` [global option](/docs/caddyfile/options) instead.)
 - **ca_root** specifies a PEM file that contains a trusted root certificate for the ACME CA endpoint, if not in the system trust store.
-- **dns** enables the [DNS challenge](/docs/automatic-https#dns-challenge) using the specified provider plugin, which must be plugged in from one of the [caddy-dns](https://github.com/caddy-dns) repositories. Each provider plugin may have their own syntax following their name; refer to their docs for details.
+- **dns** enables the [DNS challenge](/docs/automatic-https#dns-challenge) using the specified provider plugin, which must be plugged in from one of the [caddy-dns](https://github.com/caddy-dns) repositories. Each provider plugin may have their own syntax following their name; refer to their docs for details. Maintaining support for each DNS provider is a community effort. [Learn how to enable the DNS challenge for your provider at our wiki.](https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148)
 - **on_demand** enables [on-demand TLS](/docs/automatic-https#on-demand-tls) for the hostnames given in the site block's address(es).
 
 

src/docs/markdown/install.md

@@ -26,10 +26,10 @@ Test that it worked:
 <pre><code class="cmd bash">caddy version</code></pre>
 
 Create a group named `caddy`:
-<pre><code class="cmd bash">groupadd --system caddy</code></pre>
+<pre><code class="cmd bash">sudo groupadd --system caddy</code></pre>
 
 Create a user named `caddy`, with a writeable home folder:
-<pre><code class="cmd bash">useradd --system \
+<pre><code class="cmd bash">sudo useradd --system \
     --gid caddy \
     --create-home \
     --home-dir /var/lib/caddy \