-
Notifications
You must be signed in to change notification settings - Fork 23
Option reference
- --account-key, -a
- --cert-dir
- --challenge-type
- --csr, -c
- --dns-digests-dir
- --domain, -d
- --email, -e
- --from-time
- --help
- --log-dir
- --log-level
- --newest-only
- --one-dir-for-well-known
- --server-url, -u
- --to-time
- --version, -v
- --well-known-dir
- --with-agreement-update
- --work-dir, -w
Your user account key. This is the key that you use to register with the CA (e.g. Let's Encrypt) and to provide authentication with subsequent operations.
The directory where downloaded certificates will be saved to.
Default: /var/acme_work_dir/cert/
Challenge type to use when authorizing domains.
Possible values: HTTP01, DNS01
Default: HTTP01
Certificate Singing Request (CSR) file.
Directory to save DNS digest files to. Notice, dns digests will have a name of required domains with a _dns_digest suffix. Also, if the domain is a wildcard domain it will have a _dns_digest_wildcard suffix. All files will have digests which should be saved in your dns provider. For your domains you should create TXT records with such structure: name - _acme-challenge.<your_domain> TXT value:
<digest>. For wildcard domains you should do the same (i.e. create another TXT record with name _acme-challenge.<your_domain> with the value from <your_domain>_dns_digest_wildcard). Example name: _acme-challenge.example.com.
Default: /var/acme_work_dir/dns_digests/
Domain name. Can be used multiple times, up to CA's limit (Let's Encrypt CA, for instance, has a limit of 100 domains for one certificate).
E-mail address to associate with an user account. Can be used to i.a. retrieve an account if you lost your associated user account key (if supported by your provider) and to receive notifications from the CA.
Revoke all certificates which are generated after this time. The time is specified in milliseconds since the UNIX epoch (January 1, 1970 00:00:00 UTC). See also --to-time.
Default: -9223372036854775808
Show help. This option can be used without specifying a command.
The directory PJAC's log files will be saved to. This option can be used with all commands.
Default: /var/log/acme/
Level of detail for logging.
Possible values: OFF - no logging; ERROR - errors only; WARN - errors and warnings; INFO - errors, warnings and information; DEBUG - errors, warnings, information and debug information; TRACE - errors, warnings, information, debug information and operations tracing. This option can be used with all commands.
Default: WARN
Download only the most recent certificate with download-certificates.
Default: false
By default challenge files will be saved in separate directories on a per-domain basis (with _wildcard
suffix if the domain is wildcard). Use this option to save all downloaded challenge files to one directory.
Default: false
ACME Server URL. Can be specified to use a different CA server, e.g. a staging server (test server). This option can be used with all commands.
Default: https://acme-v02.api.letsencrypt.org/directory
Revoke all certificates which will expire before this time. The time is specified in milliseconds since the UNIX epoch (January 1, 1970 00:00:00 UTC). See also --from-time.
Default: 9223372036854775807
Show version information. This option can be used without specifying a command.
Directory to save challenge files to.
Default: /var/acme_work_dir/well_known/
ℹ️ All HTTP01 challenge files must be accessible from internet via link:
http://${domain}/.well-known/acme-challenge/${token}, where ${token} is the name of the challenge file and ${domain} is the domain name the challenge file corresponds to.
Automatically agree to the latest Subscriber Agreement. Once in a while, the CA changes the Subscriber Agreement. You cannot use CA without accepting the latest Subscriber Agreement. To read the agreement
you can use get-agreement-url.
This option can be used with all commands.
Default: false
Don't set this parameter if you don't want to agree with stuff you didn't read, but be aware that a new Subscriber Agreement you didn't yet update (agree with) can break unattended operations.
Directory to save information about certificate orders (order_uri_list) and about generated
certificates (certificate_uri_list) to, for use with later operations. These files contain no
sensitive information.
If order_uri_list is lost you need to perform certificate order again and if certificate_uri_list is lost PJAC cannot download certificates or revoke previously generated certificates.
Default: /var/acme_work_dir/