-
-
Notifications
You must be signed in to change notification settings - Fork 5.1k
Preferred Chain
neil edited this page Oct 12, 2021
·
12 revisions
Using --preferred-chain to select alternate chain.
If the ACME CA provides multiple cert chain, you can use --preferred-chain to select one. Otherwise, it will get the default chain.
- For letsencrypt.org Staging Server:
https://letsencrypt.org/docs/staging-environment/
There are 2 chains provided:
| Name | Default |
|-------------------------------|----------|
| (STAGING) Pretend Pear X1 | Yes |
| (STAGING) Bogus Broccoli X2 | No |
You select the ca like:
acme.sh --issue -d example.com ..... --test --preferred-chain "(STAGING) Bogus Broccoli X2"
You can also use part of the name:
acme.sh --issue -d example.com ..... --test --preferred-chain "X2"
It's also case-insensitive:
acme.sh --issue -d example.com ..... --test --preferred-chain "x2"
-
For Letsencrypt.org Production server:
There are 2 chains provided:
Name Default DST Root CA X3 Yes ISRG Root X1 No You select the ca like:
acme.sh --issue -d example.com ..... --server letsencrypt --preferred-chain "ISRG Root X1"
You can also use part of the name:
acme.sh --issue -d example.com ..... --server letsencrypt --preferred-chain "ISRG"
It's also case-insensitive:
acme.sh --issue -d example.com ..... --server letsencrypt --preferred-chain "isrg"
- You can also set the default preferred chain for a specified CA(from v3.0.1).
acme.sh --set-default-chain --preferred-chain "ISRG" --server letsencrypt
When you request a cert from letsencrypt in future, it will use the default preferred chain.
Buy me a beer, Donate to acme.sh if it saves your time. Your donation makes acme.sh better: https://donate.acme.sh/
如果 acme.sh 帮你节省了时间,请考虑赏我一杯啤酒🍺, 捐助: https://donate.acme.sh/ 你的支持将会使得 acme.sh 越来越好. 感谢