github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

See #6442

master
Jens Spanier 2025-09-22 12:01:08 +02:00
parent 228bda0380
commit 5031f3fdcf
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Profile-selection.md Normal file

@ -0,0 +1,32 @@
Starting with recent CA developments, some Certificate Authorities (CAs) now support issuing certificates under different **profiles**.<br>
These profiles may differ in terms of validation rules, supported features, or certificate lifetime.
For example, Lets Encrypt provides multiple [certificate profiles](https://letsencrypt.org/docs/profiles/) that define validity periods and capabilities.
## Usage
You can select the certificate profile during issuance with the `--cert-profile` parameter:
```
acme.sh --issue -d example.com --cert-profile <profile-name>
```
## Example (Lets Encrypt)
```
acme.sh --issue --server letsencrypt -d example.com -w /home/username/public_html --cert-profile tlsserver
```
This will request a certificate using Lets Encrypts tlsserver profile.
## Important: Certificate Lifetime and `--days`
Some profiles may reduce the validity period of the certificate (e.g. 160 hours lifetimes instead of 90 days).
When using such profiles, you should also set the `--days` parameter to ensure that acme.sh renews the certificate early enough:
```
acme.sh --issue --server letsencrypt -d 203.0.113.195 -w /home/username/public_html --certificate-profile shortlived --days 6
```
## Notes
- The available profile names depend on the selected CA.
- If you do not specify `--cert-profile`, the default profile is used.
- Always check your CAs documentation for supported profile names and their characteristics.