-
Notifications
You must be signed in to change notification settings - Fork 23
Option reference
ℹ️ If an optional option-parameter is omitted, the default value is used.
ℹ️ The options --server-url, --log-dir, --log-level, --with-agreement-update and --agreement-url can be used with all commands.
- --account-key, -a
- --agreement-url
- --cert-dir
- --challenge-type
- --csr, -c
- --dns-digests-dir
- --domain, -d
- --email, -e
- --force
- --from-time
- --help
- --log-dir
- --log-level
- --max-expiration-time
- --newest-only
- --one-dir-for-well-known
- --server-url, -u
- --to-time
- --version, -v
- --well-known-dir
- --with-agreement-update
- --work-dir, -w
Your user account key. This is the key that you use to register with the CA (e.g. Let's Encrypt) and to provide authentication with subsequent operations.
The URL to a Subscriber Agreement. The URL to the most recent Subscriber Agreement can be retrieved by running the command get-agreement-url. This option can be used with all commands.
The directory where downloaded certificates will be saved to.
Default: /var/acme_work_dir/cert/
Challenge type to use when authorizing domains.
Possible values: HTTP01, DNS01
Default: HTTP01
Certificate Singing Request (CSR) file.
Directory to save DNS digest files to.
Default: /var/acme_work_dir/dns_digests/
Domain name. Can be used multiple times, up to CA's limit (Let's Encrypt CA, for instance, has a limit of 100 domains for one certificate).
E-mail address to associate with an user account. Can be used to i.a. retrieve an account if you lost your associated user account key (if supported by your provider) and to receive notifications from the CA.
Force renewal without checking expiration time.
Default: false
Revoke all certificates which are generated after this time. The time is specified in milliseconds since the UNIX epoch (January 1, 1970 00:00:00 UTC). See also --to-time.
Default: -9223372036854775808
Show help.
The directory PJAC's log files will be saved to. This option can be used with all commands.
Default: /var/log/acme/
Level of detail for logging.
Possible values: OFF - no logging; ERROR - errors only; WARN - errors and warnings; INFO - errors, warnings and information; DEBUG - errors, warnings, information and debug information; TRACE - errors, warnings, information, debug information and operations tracing. This option can be used with all commands.
Default: WARN
Expiration time in milliseconds to use with renew-certificate. A certificate will be renewed only if your most recent existing certificate will expire within <max-expiration-time>. By default max-expiration-time is set to 2592000000 milliseconds (30 days).
Default: 2592000000
Download only the most recent certificate with download-certificates.
Default: false
By default challenge files will be saved in separate directories on a per-domain basis. Use this option to save all downloaded challenge files to one directory.
Default: false
ACME Server URL. Can be specified to use a different CA server, e.g. a staging server (test server). This option can be used with all commands.
Default: https://acme-v01.api.letsencrypt.org/directory
Revoke all certificates which will expire before this time. The time is specified in milliseconds since the UNIX epoch (January 1, 1970 00:00:00 UTC). See also --from-time.
Default: 9223372036854775807
Show version of the PJAC.
Directory to save challenge files to.
Default: /var/acme_work_dir/well_known/
ℹ️ All challenge files must be accessible from internet via link:
http://${domain}/.well-known/acme-challenge/${token}, where ${token} is the name of the challenge file and ${domain} is the domain name the challenge file corresponds to.
Automatically agree to the latest Subscriber Agreement. Once in a while, the CA changes the Subscriber Agreement. Instead of manual updating (agreeing) to the latest Subscriber Agreement (retrieve agreement URL, read the agreement and update the agreement) each time the agreement is changed, you can automate this process. This option can be used with all commands.
Default: false
Don't set this parameter if you don't want to agree with stuff you didn't read, but be aware that a new Subscriber Agreement you didn't yet update (agree with) can break unattended operations.
Directory to save information about authorizations (authorization_uri_list) and about generated certificates
(certificate_uri_list) to. These files contain no sensitive information, but you have to store them for use with later operations.
If authorization_uri_list is lost you need to perform authorization again and if certificate_uri_list is lost PJAC cannot download certificates or check expiration times of previously generated certificates.
Default: /var/acme_work_dir/