From aa7088cf8ae3cfe5ed6c57e9bd74eaebe5e377ec Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Wed, 6 Dec 2023 17:01:17 -0700
Subject: [PATCH] Keep on going

---
 new/index.html                  | 18 +++++++++---------
 new/on-demand-tls.html          |  7 +++++--
 new/resources/css/common.css    |  8 ++++++--
 new/resources/css/home.css      |  4 ++++
 new/resources/css/marketing.css |  2 +-
 5 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/new/index.html b/new/index.html
index 22f1ae7..578f88f 100644
--- a/new/index.html
+++ b/new/index.html
@@ -227,17 +227,17 @@
 							<b>Discover Caddy's automagic HTTPS features with our hosted demo.</b>
 						</p>
 						<p>
-							Point any subdomain named <b><code>caddydemo</code></b> to:
+							Point DNS records for any subdomain named <b><code>caddydemo</code></b> to either:
 						</p>
-						<!-- <p class="demo-ips">
+						<p class="demo-ips">
 							<code>
 								<span class="record-type">CNAME</span>
-								<span class="demo-ip">caddyserver.com</span>
+								<span class="demo-ip">demo.caddyserver.com</span>
 							</code>
 						</p>
-						<p>
-							Or:
-						</p> -->
+						<p class="or">
+							or:
+						</p>
 						<p class="demo-ips">
 							<code>
 								<span class="record-type">A</span>
@@ -257,12 +257,12 @@
 						<div class="demo-help">
 							<p>
 								<b>Not working?</b> Make sure to use a direct subdomain of a registered domain, not a "sub-subdomain."
-								Verify you have created the public DNS records shown above with the correct addresses.
+								Verify you have created the public DNS records shown above with the correct values.
 								You may have to allow time for propagation. Consult your DNS provider's documentation or support for assistance.
-								Your client must set the TLS ServerName indication (most do).
+								Your browser/client must set the TLS ServerName indication (most do).
 							</p>
 							<p>
-								<b>Example subdomains that could work:</b> <code>caddydemo.example.net</code>, <code>caddydemo.example.co.uk</code>
+								<b>Example subdomains that could work:</b> <code>caddydemo.example.net</code>, <code>caddydemo.example.com.au</code>
 							</p>
 							<p>
 								Caddy is capable of serving TLS for any domains and IPs. This demo is intentionally restricted.
diff --git a/new/on-demand-tls.html b/new/on-demand-tls.html
index cdb39f1..ed0bd6b 100644
--- a/new/on-demand-tls.html
+++ b/new/on-demand-tls.html
@@ -60,7 +60,7 @@
 							<div class="rollover" data-rollover="rollover-abuse">
 								<h3 class="purple">1. Prevent abuse</h3>
 								<p>
-									First, you'll configure an internal endpoint that Caddy can "ask" if a certificate should be allowed for a domain. This endpoint usually looks up the domain in a list or database and returns <code>HTTP 200</code> if it's allowed. Make sure to reject domains you don't recognize. This means that customers <i>must</i> register their domain with your app first.
+									First, you'll configure an internal endpoint that Caddy can "ask" if a certificate should be allowed for a domain. This endpoint usually looks up the domain in a list or database and returns <code>HTTP 200</code> if it's allowed. Make sure to reject domains you don't recognize. (This implies that customers have to tell your app what their domain is first.)
 								</p>
 							</div>
 							<div class="rollover" data-rollover="rollover-ondemand">
@@ -99,7 +99,7 @@
 							<div>
 								<h3 class="purple">1. Point DNS records</h3>
 								<p>
-									The customer sets a CNAME record on a domain or subdomain they control, so that <i>their</i> domain resolves to <i>your</i> domain's IP address.
+									The customer sets either a CNAME record or A/AAAA records on a domain or subdomain they control, so that <i>their</i> domain resolves to <i>your</i> server's IP address.
 								</p>
 							</div>
 							<!-- <div class="rollover" data-rollover="rollover-ondemand">
@@ -125,6 +125,9 @@ your-app.com            AAAA   ->  2001:db8::
 					<p>
 						There is no step 2. Caddy will obtain and serve a certificate for their domain as soon as a connection is made to it. Caddy keeps the certificates renewed as long as connections keep coming in. Once they stop, Caddy will let the certificate expire and then delete it automatically.
 					</p>
+					<p>
+						And that is how you save tens of thousands of dollars in development and infrastructure costs every year.
+					</p>
 				</div>
 			</section>
 
diff --git a/new/resources/css/common.css b/new/resources/css/common.css
index c6bda82..b1ab01b 100644
--- a/new/resources/css/common.css
+++ b/new/resources/css/common.css
@@ -413,7 +413,8 @@ button.primary .hover-splash,
 
 .dropdown .linkbox {
 	background: var(--dropdown-linkbox);
-	gap: 4em;
+	gap: 3em;
+	--link-padding-x: 10px;
 }
 
 .dropdown .links-header {
@@ -422,6 +423,7 @@ button.primary .hover-splash,
 	color: var(--dropdown-link-title-color);
 	font-size: 20px;
 	margin-bottom: 14px;
+	padding-left: var(--link-padding-x);
 }
 
 .dropdown .col {
@@ -432,12 +434,14 @@ button.primary .hover-splash,
 	display: block;
 	color: var(--dropdown-link-color);
 	text-decoration: none;
-	padding: 5px 0;
+	padding: 5px var(--link-padding-x);
+	border-radius: 1.5em;
 }
 
 
 .dropdown .col a:hover {
 	color: var(--dropdown-link-hover-color);
+	background-color: var(--dropdown-link-hover-bg);
 }
 
 .dropdown .flatlinks a,
diff --git a/new/resources/css/home.css b/new/resources/css/home.css
index 3d38792..9ade01c 100644
--- a/new/resources/css/home.css
+++ b/new/resources/css/home.css
@@ -12,6 +12,10 @@
 	padding-bottom: 100px;
 }
 
+.demobox .or {
+	margin: -1em 0 1em;
+}
+
 
 
 h1 {
diff --git a/new/resources/css/marketing.css b/new/resources/css/marketing.css
index 747415c..a77ed62 100644
--- a/new/resources/css/marketing.css
+++ b/new/resources/css/marketing.css
@@ -177,7 +177,7 @@ section {
 
 .hero section.transparent {
 	background: none;
-	padding: 0;
+	padding-top: 0;
 	color: #cbe2e4;
 }