services: certbot: Add --manual-public-ip-logging-ok for manual challenges

* gnu/services/certbot.scm (certbot-command): Add
  --manual-public-ip-logging-ok flag to the certbot command when doing a
  manual challenge.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

doc/guix.texi

@@ -20302,7 +20302,9 @@ all domains will be Subject Alternative Names on the certificate.
 The challenge type that has to be run by certbot.  If @code{#f} is specified,
 default to the HTTP challenge.  If a value is specified, defaults to the
 manual plugin (see @code{authentication-hook}, @code{cleanup-hook} and
-the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}).
+the documentation at @url{https://certbot.eff.org/docs/using.html#hooks}),
+and gives Let's Encrypt permission to log the public IP address of the
+requesting machine.
 
 @item @code{authentication-hook} (default: @code{#f})
 Command to be run in a shell once for each certificate challenge to be

gnu/services/certbot.scm

@@ -99,6 +99,7 @@
                             "--manual"
                             (string-append "--preferred-challenges=" challenge)
                             "--cert-name" name
+                            "--manual-public-ip-logging-ok"
                             "-d" (string-join domains ","))
                       (if rsa-key-size `("--rsa-key-size" ,rsa-key-size) '())
                       (if authentication-hook