Difference between revisions of "cmd/certbot"

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< cmd
Jump to navigation Jump to search
(Created page with "Table constructed from the manpage, for better searchability ({{hilite|under construction 2022-11-25}}): {| class="wikitable sortable" ! short || long || subsystem || descrip...")
 
Line 1: Line 1:
Table constructed from the manpage, for better searchability ({{hilite|under construction 2022-11-25}}):
+
This documentation is being constructed from the manpage, for better searchability ({{hilite|under construction 2022-11-25}}):
 
+
==Options==
 
{| class="wikitable sortable"
 
{| class="wikitable sortable"
! short || long || subsystem || description
+
! short || long || arguments || subsystem || description
 
|-
 
|-
| -d {{arg|domain list}} || get/renew || Comma-separated list of domains to obtain a certificate for
+
| -d ||              || {{arg|domain list}} || get/renew || Comma-separated list of domains to obtain a certificate for, or to otherwise apply.
 +
For multiple domains you can use multiple -d flags or enter a comma separated list of domains as a parameter. The first domain provided will be the subject CN of the certificate, and all domains will be Subject Alternative Names on the certificate. The first domain will also be used in some software user interfaces and as the file paths
 
|-
 
|-
|                       || --apache    || get/renew || Use the Apache plugin for authentication & installation
+
|   || --apache    ||                    || get/renew || Use the Apache plugin for authentication & installation
 
|-
 
|-
|                       || --standalone || get/renew || Run a standalone webserver for authentication
+
|   || --standalone ||                    || get/renew || Run a standalone webserver for authentication
 
|-
 
|-
|                       || --nginx      || get/renew || Use the Nginx plugin for authentication & installation
+
|   || --nginx      ||                    || get/renew || Use the Nginx plugin for authentication & installation
 
|-
 
|-
|                       || --webroot    || get/renew || Place files in a server's webroot folder for authentication
+
|   || --webroot    ||                    || get/renew || Place files in a server's webroot folder for authentication
 
|-
 
|-
|                       || --manual    || get/renew || Obtain certificates interactively, or using shell script hooks
+
|   || --manual    ||                    || get/renew || Obtain certificates interactively, or using shell script hooks
 
|-
 
|-
| -n                     ||              || get/renew || Run non-interactively
+
| -n ||              ||                    || get/renew || Run non-interactively
 
|-
 
|-
|                       || --test-cert  || get/renew || Obtain a test certificate from a staging server
+
|   || --test-cert  ||                    || get/renew || Obtain a test certificate from a staging server
 
|-
 
|-
|                       || --dry-run    || get/renew || Test "renew" or "certonly" without saving any certificates   
+
|   || --dry-run    ||                    || get/renew || Test "renew" or "certonly" without saving any certificates   
 
|-
 
|-
|                       || --agree-tos  || account  || Agree to the ACME server's Subscriber Agreement\
+
|   || --agree-tos  ||                    || account  || Agree to the ACME server's Subscriber Agreement
 
|-
 
|-
| -m {{arg|email addr}}  ||              || account  || Email address for important account notifications
+
| -m ||              || {{arg|email addr}}  || account  || Email address for important account notifications
 +
|-
 +
| -h || --help      ||                    || general  || show a help message and exit
 +
|-
 +
| -c || --config    || {{arg|config file}} || general  || path to config file (default: /etc/letsencrypt/cli.ini and ~/.config/letsencrypt/cli.ini)
 +
|-
 +
| -v || --verbose    ||                    || general  || This flag can be used multiple times to incrementally increase the verbosity of output, e.g. -vvv. (default: -2)
 +
|-
 +
|    || --max-log-backups || {{arg|number}} || general  || Specifies the maximum number of backup logs that should be kept by Certbot's built in log rotation. Setting this flag to 0 disables log rotation entirely, causing Certbot to always append to the same log file. (default: 1000)
 +
|-
 +
| -n
 +
| --non-interactive<br>--noninteractive
 +
|
 +
| general
 +
| Run without ever asking for user input. This may require additional command line flags; the client will try to explain which ones are required if it finds one missing (default: False)
 +
|-
 +
|    || --force-interactive ||              || general || Force Certbot to be interactive even if it detects it's not being run in a terminal. This flag cannot be used with the renew subcommand. (default: False)
 
|}
 
|}
 +
==Commands==
 +
===get/renew===
 +
obtain, install, and renew certificates:
 +
* {{l/sub|run}} (default): Obtain & install a certificate in your current webserver
 +
* {{l/sub|certonly}}: Obtain or renew a certificate, but do not install it
 +
* {{l/sub|renew}}: Renew all previously obtained certificates that are near expiry
 +
* {{l/sub|enhance}}: Add security enhancements to your existing configuration
 +
===manage===
 +
manage certificates:
 +
* {{l/sub|certificates}}: Display information about certificates you have from Certbot
 +
* {{l/sub|revoke}}: Revoke a certificate (supply --cert-path or --cert-name)
 +
* {{l/sub|delete}}: Delete a certificate
 +
===account===
 +
Manage your ACME account:
 +
* {{l/sub|register}}: Create an ACME account
 +
* {{l/sub|unregister}}: Deactivate an ACME account
 +
* {{l/sub|update_account}}: Update an ACME account

Revision as of 02:03, 26 November 2022

This documentation is being constructed from the manpage, for better searchability (under construction 2022-11-25):

Options

short long arguments subsystem description
-d <domain list> get/renew Comma-separated list of domains to obtain a certificate for, or to otherwise apply.

For multiple domains you can use multiple -d flags or enter a comma separated list of domains as a parameter. The first domain provided will be the subject CN of the certificate, and all domains will be Subject Alternative Names on the certificate. The first domain will also be used in some software user interfaces and as the file paths

--apache get/renew Use the Apache plugin for authentication & installation
--standalone get/renew Run a standalone webserver for authentication
--nginx get/renew Use the Nginx plugin for authentication & installation
--webroot get/renew Place files in a server's webroot folder for authentication
--manual get/renew Obtain certificates interactively, or using shell script hooks
-n get/renew Run non-interactively
--test-cert get/renew Obtain a test certificate from a staging server
--dry-run get/renew Test "renew" or "certonly" without saving any certificates
--agree-tos account Agree to the ACME server's Subscriber Agreement
-m <email addr> account Email address for important account notifications
-h --help general show a help message and exit
-c --config <config file> general path to config file (default: /etc/letsencrypt/cli.ini and ~/.config/letsencrypt/cli.ini)
-v --verbose general This flag can be used multiple times to incrementally increase the verbosity of output, e.g. -vvv. (default: -2)
--max-log-backups <number> general Specifies the maximum number of backup logs that should be kept by Certbot's built in log rotation. Setting this flag to 0 disables log rotation entirely, causing Certbot to always append to the same log file. (default: 1000)
-n --non-interactive
--noninteractive
general Run without ever asking for user input. This may require additional command line flags; the client will try to explain which ones are required if it finds one missing (default: False)
--force-interactive general Force Certbot to be interactive even if it detects it's not being run in a terminal. This flag cannot be used with the renew subcommand. (default: False)

Commands

get/renew

obtain, install, and renew certificates:

  • run (default): Obtain & install a certificate in your current webserver
  • certonly: Obtain or renew a certificate, but do not install it
  • renew: Renew all previously obtained certificates that are near expiry
  • enhance: Add security enhancements to your existing configuration

manage

manage certificates:

  • certificates: Display information about certificates you have from Certbot
  • revoke: Revoke a certificate (supply --cert-path or --cert-name)
  • delete: Delete a certificate

account

Manage your ACME account: