github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated Options and Params (markdown)

master
neil 2019-09-28 09:32:13 +08:00
parent 319cfbf8d3
commit 0338539e80
1 changed files with 107 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
Options-and-Params.md

@ -1,95 +1,110 @@
Usage: acme.sh command ...[parameters]....
*** Commands:
## Usage: --help, -h Show this help message.
acme.sh command ...[parameters].... --version, -v Show version info.
--install Install acme.sh to your system.
*** --uninstall Uninstall acme.sh, and uninstall the cron job.
--upgrade Upgrade acme.sh to the latest code from https://github.com/Neilpang/acme.sh.
## Commands: --issue Issue a cert.
**--help, -h** Show this help message. --signcsr Issue a cert from an existing csr.
**--version, -v** Show version info. --deploy Deploy the cert to your server.
**--install** Install acme.sh to your system. --install-cert Install the issued cert to apache/nginx or any other server.
**--uninstall** Uninstall acme.sh, and uninstall the cron job. --renew, -r Renew a cert.
**--upgrade** Upgrade acme.sh to the latest code from https://github.com/Neilpang/acme.sh . --renew-all Renew all the certs.
**--issue** Issue a cert. --revoke Revoke a cert.
**--signcsr** Issue a cert from an existing csr. --remove Remove the cert from list of certs known to acme.sh.
**--deploy** Deploy the cert to your server. --list List all the certs.
**--installcert** Install the issued cert to apache/nginx or any other server. --showcsr Show the content of a csr.
**--renew, -r** Renew a cert. --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
**--renewAll** Renew all the certs. --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
**--remove** Remove renewal configuration for a cert. --cron Run cron job to renew all the certs.
**--revoke** Revoke a cert. --toPkcs Export the certificate and key to a pfx file.
**--list** List all the certs. --toPkcs8 Convert to pkcs8 format.
**--showcsr** Show the content of a csr. --update-account Update account info.
**--installcronjob** Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job. --register-account Register account key.
**--uninstallcronjob** Uninstall the cron job. The 'uninstall' command can do this automatically. --deactivate-account Deactivate the account.
**--cron** Run cron job to renew all the certs. --create-account-key Create an account private key, professional use.
**--toPkcs** Export the certificate and key to a pfx file. --create-domain-key Create an domain private key, professional use.
**--toPkcs8** Convert to pkcs8 format. --createCSR, -ccsr Create CSR , professional use.
**--updateaccount** Update account info. --deactivate Deactivate the domain authz, professional use.
**--registeraccount** Register account key. --set-notify Set the cron notification hook, level or mode.
**--createAccountKey, -cak** Create an account private key, professional use.
**--createDomainKey, -cdk** Create a domain private key, professional use.
**--createCSR, -ccsr** Create CSR , professional use.
**--deactivate** Deactivate the domain authz, professional use.
***
## Parameters:
**--domain, -d domain.tld** Specifies a domain, used to issue, renew or revoke etc.
**--force, -f** Used to force to install or force to renew a cert immediately.
**--staging, --test** Use staging server, just for test.
**--debug** Output debug info.
**--webroot, -w /path/to/webroot** Specifies the web root folder for web root mode.
**--standalone** Use standalone mode.
**--tls** Use standalone tls mode.
**--apache** Use apache mode.
**--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file]** Use dns mode or dns api.
**--dnssleep [120]** The time in seconds to wait for all the txt records to take effect in dns api mode. Default 120 seconds.
**--keylength, -k [2048]** Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.
**--accountkeylength, -ak [2048]** Specifies the account key length.
**--log [/path/to/logfile]** Specifies the log file. The default is: "/root/.acme.sh/acme.sh.log" if you don't give a file path here.
**--log-level 1|2** Specifies the log level, default is 1.
**These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:**
**--cert-file /path/to/real/cert/file** After issue/renew, the cert will be copied to this path.
**--key-file /path/to/real/key/file** After issue/renew, the key will be copied to this path.
**--ca-file /path/to/real/ca/file** After issue/renew, the intermediate cert will be copied to this path.
**--fullchain-file /path/to/fullchain/file** After issue/renew, the fullchain cert will be copied to this path.
**--reloadcmd "[command]"** Command used after issue/renew, usually to reload the server.
**--pre-hook "[command]"** Command to be run before obtaining any certificates.
**--post-hook "[command]"** Command to be run after attempting to obtain/renew certificates, no matter if the obtain/renew succeeded or failed.
**--renew-hook "[command]"** Command to be run once for each successfully renewed certificate.
**--deploy-hook "[command]"** The hook file to deploy cert
**--accountconf** Specifies a customized account config file.
**--home** Specifies the home dir for acme.sh. If you use it with '--install', then you'll need to use it every time you use acme.sh.
**--certhome** Specifies the home dir to save all the certs, only valid for '--install' command.
**--useragent** Specifies the user agent string. it will be saved for future use too.
**--accountemail** Specifies the account email for registering, Only valid for the '--install' and '--updateaccount' commands.
**--accountkey** Specifies the account key path, Only valid for the '--install' command.
**--days** Specifies the days to renew the cert when using '--issue' command. The max value is 60 days.
**--httpport** Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
**--tlsport** Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
**--local-address** Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
**--listraw** Only used for '--list' command, list the certs in raw format.
**--stopRenewOnError, -se** Only valid for '--renewall' command. Stop if one cert has error in renewal.
**--insecure** Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
**--ca-path** Specifies directory containing CA certificates in PEM format, used by wget or curl to verify API server's certificate.
**--ca-bundle** Specifies the CA certificate bundle file used by wget or curl to verify API server's certificate.
**--nocron** Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
**--noprofile** Only valid for '--install' command, which means: do not install aliases to user profile.
**--ecc** Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
**--csr** Specifies the input csr.
**--ocsp-must-staple, --ocsp** Generate ocsp must Staple extension.
**--auto-upgrade [0|1]** Valid for '--upgrade' command, indicating whether to upgrade automatically in future.
**--listen-v4** Force standalone/tls server to listen at ipv4.
**--listen-v6** Force standalone/tls server to listen at ipv6.
Parameters:
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
--challenge-alias domain.tld The challenge domain alias for DNS alias mode: https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
--domain-alias domain.tld The domain alias for DNS alias mode: https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
--force, -f Used to force to install or force to renew a cert immediately.
--staging, --test Use staging server, just for test.
--debug Output debug info.
--output-insecure Output all the sensitive messages. By default all the credentials/sensitive messages are hidden from the output/debug/log for secure.
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
--standalone Use standalone mode.
--alpn Use standalone alpn mode.
--stateless Use stateless mode, see: https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode
--apache Use apache mode.
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
--dnssleep [120] The time in seconds to wait for all the txt records to take effect in dns api mode. Default 120 seconds.
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.
--accountkeylength, -ak [2048] Specifies the account key length.
--log [/path/to/logfile] Specifies the log file. The default is: "/root/.acme.sh/acme.sh.log" if you don't give a file path here.
--log-level 1|2 Specifies the log level, default is 1.
--syslog [0|3|6|7] Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
--cert-file After issue/renew, the cert will be copied to this path.
--key-file After issue/renew, the key will be copied to this path.
--ca-file After issue/renew, the intermediate cert will be copied to this path.
--fullchain-file After issue/renew, the fullchain cert will be copied to this path.
--reloadcmd "service nginx reload" After issue/renew, it's used to reload the server.
--server SERVER ACME Directory Resource URI. (default: https://acme-v01.api.letsencrypt.org/directory)
--accountconf Specifies a customized account config file.
--home Specifies the home dir for acme.sh.
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
--config-home Specifies the home dir to save all the configurations.
--useragent Specifies the user agent string. it will be saved for future use too.
--accountemail Specifies the account email, only valid for the '--install' and '--update-account' command.
--accountkey Specifies the account key path, only valid for the '--install' command.
--days Specifies the days to renew the cert when using '--issue' command. The default value is 60 days.
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
--tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
--listraw Only used for '--list' command, list the certs in raw format.
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
--ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
--noprofile Only valid for '--install' command, which means: do not install aliases to user profile.
--no-color Do not output color text.
--force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails.
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
--csr Specifies the input csr.
--pre-hook Command to be run before obtaining any certificates.
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obtain/renew is success or failed.
--renew-hook Command to be run once for each successfully renewed certificate.
--deploy-hook The hook file to deploy cert
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
--always-force-new-domain-key Generate new domain key when renewal. Otherwise, the domain key is not changed by default.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future.
--listen-v4 Force standalone/tls server to listen at ipv4.
--listen-v6 Force standalone/tls server to listen at ipv6.
--openssl-bin Specifies a custom openssl bin location.
--use-wget Force to use wget, if you have both curl and wget installed.
--yes-I-know-dns-manual-mode-enough-go-ahead-please Force to use dns manual mode: https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode
--branch, -b Only valid for '--upgrade' command, specifies the branch name to upgrade to.
--notify-level 0|1|2|3 Set the notification level: Default value is 2.
0: disabled, no notification will be sent.
1: send notifications only when there is an error.
2: send notifications when a cert is successfully renewed, or there is an error.
3: send notifications when a cert is skipped, renewed, or error.
--notify-mode 0|1 Set notification mode. Default value is 0.
0: Bulk mode. Send all the domain's notifications in one message(mail).
1: Cert mode. Send a message for every single cert.
--notify-hook [hookname] Set the notify hook