delete
neil
parent
373636eb4f
commit
01e0eb1dd7
|
|
@ -1,47 +0,0 @@
|
|||
When issuing a cert, if no CA is specified via the `--server` parameter, the default CA is used. The default CA can be changed via the `--set-default-ca` option. As of acme.sh v3.0 (August 1, 2021), the default CA after installation is ZeroSSL. Prior to this, it was Let's Encrypt.
|
||||
|
||||
See [Server](https://github.com/acmesh-official/acme.sh/wiki/Server) for a list of valid CAs that can be passed to `--server` and `--set-default-ca`.
|
||||
|
||||
The default CA is not used when renewing certs that have already been issued. As such, the change of default CA from Let's Encrypt to ZeroSSL only affects certs issued with the `--issue` option using acme.sh v3.0 or later. Renewal requests for any certs already issued using an older version of acme.sh will still be sent to the CA they were originally issued by. If you never used `--server` or `--set-default-ca` in older versions of acme.sh, this means that your existing certs will continue to be renewed by Let's Encrypt.
|
||||
|
||||
### FAQ
|
||||
|
||||
1. As an existing user, what do I need to do?
|
||||
|
||||
Generally, nothing needs to be done. (If auto-upgrade is enabled, acme.sh can upgrade itself.) Whether acme.sh is upgraded to v3.0 or not, your existing certs will be renewed as before, against the same CA they were issued by.
|
||||
|
||||
2. Will I still be able to use Let's Encrypt?
|
||||
|
||||
Yes, of course. You are still free to use any supported CA by providing the `--server` parameter:
|
||||
```
|
||||
acme.sh --issue -d example.com --dns dns_cf --server letsencrypt
|
||||
```
|
||||
3. What if I don't like this change? I want to stick to Let's Encrypt?
|
||||
|
||||
You can use `--set-default-ca` at any time. Then acme.sh will always use the default CA you set:
|
||||
```
|
||||
acme.sh --set-default-ca --server letsencrypt
|
||||
```
|
||||
In all versions of acme.sh, if you explicitly the default CA using this option, acme.sh will use this choice if `--server` is not specified.
|
||||
|
||||
4. My current cert is using Let's Encrypt, will it be changed when renewed after I upgrade to acme.sh v3.0 or later?
|
||||
|
||||
No, and never. Don't worry. when your cert is renewed, it will use the current CA, not the new default CA.
|
||||
|
||||
5. As a new user of v3.0 or later, what will it look like to me?
|
||||
|
||||
You can install acme.sh as normal, nothing has changed.
|
||||
|
||||
You can also issue certs as normal. See [How to issue a cert](https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert):
|
||||
```
|
||||
acme.sh --issue -d example.com --dns dns_cf
|
||||
```
|
||||
|
||||
The cert will be issued with the default CA, [ZeroSSL](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA).
|
||||
|
||||
You can also try with letsencrypt:
|
||||
```
|
||||
acme.sh --issue -d example.com --dns dns_cf --server letsencrypt
|
||||
```
|
||||
|
||||
Here is a comparison of ZeroSSL and Let's Encrypt: https://zerossl.com/letsencrypt-alternative/
|
||||
Loading…
Reference in New Issue