From b840395474aeeca81511f001e2368530df8c52b5 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 22 Jun 2021 20:45:11 +0800 Subject: [PATCH] Updated Options and Params (markdown) --- Options-and-Params.md | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/Options-and-Params.md b/Options-and-Params.md index 1873790..28663ab 100644 --- a/Options-and-Params.md +++ b/Options-and-Params.md @@ -24,13 +24,14 @@ Commands: --register-account Register account key. --deactivate-account Deactivate the account. --create-account-key Create an account private key, professional use. - --install-cronjob Install the cron job to renew certs, you don't need to call this. - The 'install' command can automatically install the cron job. + --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job. --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically. --cron Run cron job to renew all the certs. --set-notify Set the cron notification hook, level or mode. --deactivate Deactivate the domain authz, professional use. - --set-default-ca Used with '--server', to set the default CA to use to use. + --set-default-ca Used with '--server', Set the default CA to use. + See: https://github.com/acmesh-official/acme.sh/wiki/Server + Parameters: -d, --domain Specifies a domain, used to issue, renew or revoke etc. @@ -63,19 +64,22 @@ Parameters: It's not necessary to use this by default, acme.sh polls dns status by DOH automatically. -k, --keylength Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521. -ak, --accountkeylength Specifies the account key length: 2048, 3072, 4096 - --log [file] Specifies the log file. Defaults to '~/.acme.sh/acme.sh.log' if argument is omitted. + --log [file] Specifies the log file. Defaults to "/root/.acme.sh/acme.sh.log" if argument is omitted. --log-level <1|2> Specifies the log level, default is 1. --syslog <0|3|6|7> Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug. --eab-kid Key Identifier for External Account Binding. --eab-hmac-key HMAC key for External Account Binding. + These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert: + --cert-file Path to copy the cert file to after issue/renew.. --key-file Path to copy the key file to after issue/renew. --ca-file Path to copy the intermediate cert file to after issue/renew. --fullchain-file Path to copy the fullchain cert file to after issue/renew. --reloadcmd Command to execute after issue/renew to reload the server. - --server ACME Directory Resource URI. (default: https://acme-v02.api.letsencrypt.org/directory) + + --server ACME Directory Resource URI. (default: https://acme.zerossl.com/v2/DV90) See: https://github.com/acmesh-official/acme.sh/wiki/Server --accountconf Specifies a customized account config file. @@ -83,7 +87,7 @@ Parameters: --cert-home Specifies the home dir to save all the certs, only valid for '--install' command. --config-home Specifies the home dir to save all the configurations. --useragent Specifies the user agent string. it will be saved for future use too. - -m, --accountemail Specifies the account email, only valid for the '--install' and '--update-account' command. + -m, --email Specifies the account email, only valid for the '--install' and '--update-account' command. --accountkey Specifies the account key path, only valid for the '--install' command. --days Specifies the days to renew the cert when using '--issue' command. The default value is 60 days. --httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer. @@ -94,28 +98,26 @@ Parameters: --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate. --ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl. - --nocron Only valid for '--install' command, which means: do not install the default cron job. + --no-cron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. - --noprofile Only valid for '--install' command, which means: do not install aliases to user profile. + --no-profile Only valid for '--install' command, which means: do not install aliases to user profile. --no-color Do not output color text. --force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails. --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--to-pkcs12' and '--create-csr' --csr Specifies the input csr. --pre-hook Command to be run before obtaining any certificates. - --post-hook Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew - succeeded or failed. + --post-hook Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed. --renew-hook Command to be run after each successfully renewed certificate. --deploy-hook The hook file to deploy cert --ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension. --always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default. - --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. - Defaults to 1 if argument is omitted. + --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted. --listen-v4 Force standalone/tls server to listen at ipv4. --listen-v6 Force standalone/tls server to listen at ipv6. --openssl-bin Specifies a custom openssl bin location. --use-wget Force to use wget, if you have both curl and wget installed. --yes-I-know-dns-manual-mode-enough-go-ahead-please Force use of dns manual mode. - See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode + See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode -b, --branch Only valid for '--upgrade' command, specifies the branch name to upgrade to. --notify-level <0|1|2|3> Set the notification level: Default value is 2. @@ -131,4 +133,7 @@ Parameters: See: https://github.com/acmesh-official/acme.sh/wiki/revokecert --password Add a password to exported pfx file. Use with --to-pkcs12. + + + ``` \ No newline at end of file