Skip to content

Option reference

Laurens Blanckenborg edited this page Apr 20, 2017 · 6 revisions

--account-key, -a

Your user account key. This is the key that you use to register with the CA (e.g. Let's Encrypt) and to provide authentication with subsequent operations.

--agreement-url

The URL to a Subscriber Agreement. The URL to the most recent Subscriber Agreement can be retrieved by running the command get-agreement-url. This option can be used with all commands.

--cert-dir

The directory where downloaded certificates will be saved to.
Default: /var/acme_work_dir/cert/

--challenge-type

Challenge type to use when authorizing domains.
Possible values: HTTP01, DNS01
Default: HTTP01

--csr, -c

Certificate Singing Request (CSR) file.

--dns-digests-dir

Directory to save DNS digest files to.
Default: /var/acme_work_dir/dns_digests/

--domain, -d

Domain name. Can be used multiple times, up to CA's limit (Let's Encrypt CA, for instance, has a limit of 100 domains for one certificate).

--email, -e

E-mail address to associate with an user account. Can be used to i.a. retrieve an account if you lost your associated user account key (if supported by your provider) and to receive notifications from the CA.

--force

Force renewal without checking expiration time.
Default: false

--from-time

Revoke all certificates which are generated after this time. The time is specified in milliseconds since the UNIX epoch (January 1, 1970 00:00:00 UTC). See also --to-time.
Default: -9223372036854775808

--help

Show help. This option can be used without specifying a command.

--log-dir

The directory PJAC's log files will be saved to. This option can be used with all commands.
Default: /var/log/acme/

--log-level

Level of detail for logging.
Possible values: OFF - no logging; ERROR - errors only; WARN - errors and warnings; INFO - errors, warnings and information; DEBUG - errors, warnings, information and debug information; TRACE - errors, warnings, information, debug information and operations tracing. This option can be used with all commands.
Default: WARN

--max-expiration-time

Expiration time in milliseconds to use with renew-certificate. A certificate will be renewed only if your most recent existing certificate will expire within <max-expiration-time>. By default max-expiration-time is set to 2592000000 milliseconds (30 days).
Default: 2592000000

--newest-only

Download only the most recent certificate with download-certificates.
Default: false

--one-dir-for-well-known

By default challenge files will be saved in separate directories on a per-domain basis. Use this option to save all downloaded challenge files to one directory.
Default: false

--server-url, -u

ACME Server URL. Can be specified to use a different CA server, e.g. a staging server (test server). This option can be used with all commands.
Default: https://acme-v01.api.letsencrypt.org/directory

--to-time

Revoke all certificates which will expire before this time. The time is specified in milliseconds since the UNIX epoch (January 1, 1970 00:00:00 UTC). See also --from-time.
Default: 9223372036854775807

--version, -v

Show version information. This option can be used without specifying a command.

--well-known-dir

Directory to save challenge files to.
Default: /var/acme_work_dir/well_known/

ℹ️ All challenge files must be accessible from internet via link:
http://${domain}/.well-known/acme-challenge/${token}, where ${token} is the name of the challenge file and ${domain} is the domain name the challenge file corresponds to.

--with-agreement-update

Automatically agree to the latest Subscriber Agreement. Once in a while, the CA changes the Subscriber Agreement. Instead of manual updating (agreeing) to the latest Subscriber Agreement (retrieve agreement URL, read the agreement and update the agreement) each time the agreement is changed, you can automate this process. This option can be used with all commands.
Default: false

Don't set this parameter if you don't want to agree with stuff you didn't read, but be aware that a new Subscriber Agreement you didn't yet update (agree with) can break unattended operations.

--work-dir, -w

Directory to save information about authorizations (authorization_uri_list) and about generated certificates (certificate_uri_list) to. These files contain no sensitive information, but they have to be stored for use with later operations.
If authorization_uri_list is lost you need to perform authorization again and if certificate_uri_list is lost PJAC cannot download certificates or check expiration times of previously generated certificates.
Default: /var/acme_work_dir/