From 433c48427f67f2584830549a2e3b7742af341533 Mon Sep 17 00:00:00 2001 From: Michal Zdrojewski Date: Thu, 27 Oct 2016 13:04:28 +0100 Subject: [PATCH] I could not find the list of all options anywhere. --- Options-and-Params.md | 87 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 Options-and-Params.md diff --git a/Options-and-Params.md b/Options-and-Params.md new file mode 100644 index 0000000..64e3dbc --- /dev/null +++ b/Options-and-Params.md @@ -0,0 +1,87 @@ + +*** +##Usage: +acme.sh command ...[parameters].... + +*** + +##Commands: + **--help, -h** Show this help message. + **--version, -v** Show version info. + **--install** Install acme.sh to your system. + **--uninstall** Uninstall acme.sh, and uninstall the cron job. + **--upgrade** Upgrade acme.sh to the latest code from https://github.com/Neilpang/acme.sh . + **--issue** Issue a cert. + **--signcsr** Issue a cert from an existing csr. + **--deploy** Deploy the cert to your server. + **--installcert** Install the issued cert to apache/nginx or any other server. + **--renew, -r** Renew a cert. + **--renewAll** Renew all the certs. + **--revoke** Revoke a cert. + **--list** List all the certs. + **--showcsr** Show the content of a csr. + **--installcronjob** Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job. + **--uninstallcronjob** Uninstall the cron job. The 'uninstall' command can do this automatically. + **--cron** Run cron job to renew all the certs. + **--toPkcs** Export the certificate and key to a pfx file. + **--updateaccount** Update account info. + **--registeraccount** Register account key. + **--createAccountKey, -cak** Create an account private key, professional use. + **--createDomainKey, -cdk** Create an domain private key, professional use. + **--createCSR, -ccsr** Create CSR , professional use. + **--deactivate** Deactivate the domain authz, professional use. + +*** + +##Parameters: + **--domain, -d domain.tld** Specifies a domain, used to issue, renew or revoke etc. + **--force, -f** Used to force to install or force to renew a cert immediately. + **--staging, --test** Use staging server, just for test. + **--debug** Output debug info. + + **--webroot, -w /path/to/webroot** Specifies the web root folder for web root mode. + **--standalone** Use standalone mode. + **--tls** Use standalone tls mode. + **--apache** Use apache mode. + **--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file]** Use dns mode or dns api. + **--dnssleep [120]** The time in seconds to wait for all the txt records to take effect in dns api mode. Default 120 seconds. + + **--keylength, -k [2048]** Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384. + **--accountkeylength, -ak [2048]** Specifies the account key length. + **--log [/path/to/logfile]** Specifies the log file. The default is: "/root/.acme.sh/acme.sh.log" if you don't give a file path here. + **--log-level 1|2** Specifies the log level, default is 1. + +**These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:** + + **--certpath /path/to/real/cert/file** After issue/renew, the cert will be copied to this path. + **--keypath /path/to/real/key/file** After issue/renew, the key will be copied to this path. + **--capath /path/to/real/ca/file** After issue/renew, the intermediate cert will be copied to this path. + **--fullchainpath /path/to/fullchain/file** After issue/renew, the fullchain cert will be copied to this path. + + **--reloadcmd "service nginx reload"** After issue/renew, it's used to reload the server. + + **--accountconf** Specifies a customized account config file. + **--home** Specifies the home dir for acme.sh . + **--certhome** Specifies the home dir to save all the certs, only valid for '--install' command. + **--useragent** Specifies the user agent string. it will be saved for future use too. + **--accountemail** Specifies the account email for registering, Only valid for the '--install' command. + **--accountkey** Specifies the account key path, Only valid for the '--install' command. + **--days** Specifies the days to renew the cert when using '--issue' command. The max value is 60 days. + **--httpport** Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer. + **--tlsport** Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer. + **--local-address** Specifies the standalone/tls server listening address, in case you have multiple ip addresses. + **--listraw** Only used for '--list' command, list the certs in raw format. + **--stopRenewOnError, -se** Only valid for '--renewall' command. Stop if one cert has error in renewal. + **--insecure** Do not check the server certificate, in some devices, the api server's certificate may not be trusted. + **--ca-bundle** Specifices the path to the CA certificate bundle to verify api server's certificate. + **--nocron** Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. + **--ecc** Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR' + **--csr** Specifies the input csr. + **--pre-hook** Command to be run before obtaining any certificates. + **--post-hook** Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed. + **--renew-hook** Command to be run once for each successfully renewed certificate. + **--deploy-hook** The hook file to deploy cert + **--ocsp-must-staple, --ocsp** Generate ocsp must Staple extension. + **--auto-upgrade [0|1]** Valid for '--upgrade' command, indicating whether to upgrade automatically in future. + **--listen-v4** Force standalone/tls server to listen at ipv4. + **--listen-v6** Force standalone/tls server to listen at ipv6. \ No newline at end of file