Difference between revisions of "cmd/certbot"
< cmd
Jump to navigation
Jump to search
(Created page with "Table constructed from the manpage, for better searchability ({{hilite|under construction 2022-11-25}}): {| class="wikitable sortable" ! short || long || subsystem || descrip...") |
|||
| Line 1: | Line 1: | ||
| − | + | This documentation is being constructed from the manpage, for better searchability ({{hilite|under construction 2022-11-25}}): | |
| − | + | ==Options== | |
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
| − | ! short || long || subsystem || description | + | ! short || long || arguments || subsystem || description |
|- | |- | ||
| − | | -d {{arg|domain list}} || get/renew || Comma-separated list of domains to obtain a certificate for | + | | -d || || {{arg|domain list}} || get/renew || Comma-separated list of domains to obtain a certificate for, or to otherwise apply. |
| + | For multiple domains you can use multiple -d flags or enter a comma separated list of domains as a parameter. The first domain provided will be the subject CN of the certificate, and all domains will be Subject Alternative Names on the certificate. The first domain will also be used in some software user interfaces and as the file paths | ||
|- | |- | ||
| − | | | + | | || --apache || || get/renew || Use the Apache plugin for authentication & installation |
|- | |- | ||
| − | | | + | | || --standalone || || get/renew || Run a standalone webserver for authentication |
|- | |- | ||
| − | | | + | | || --nginx || || get/renew || Use the Nginx plugin for authentication & installation |
|- | |- | ||
| − | | | + | | || --webroot || || get/renew || Place files in a server's webroot folder for authentication |
|- | |- | ||
| − | | | + | | || --manual || || get/renew || Obtain certificates interactively, or using shell script hooks |
|- | |- | ||
| − | | -n | + | | -n || || || get/renew || Run non-interactively |
|- | |- | ||
| − | | | + | | || --test-cert || || get/renew || Obtain a test certificate from a staging server |
|- | |- | ||
| − | | | + | | || --dry-run || || get/renew || Test "renew" or "certonly" without saving any certificates |
|- | |- | ||
| − | | | + | | || --agree-tos || || account || Agree to the ACME server's Subscriber Agreement |
|- | |- | ||
| − | | -m {{arg|email addr}} | + | | -m || || {{arg|email addr}} || account || Email address for important account notifications |
| + | |- | ||
| + | | -h || --help || || general || show a help message and exit | ||
| + | |- | ||
| + | | -c || --config || {{arg|config file}} || general || path to config file (default: /etc/letsencrypt/cli.ini and ~/.config/letsencrypt/cli.ini) | ||
| + | |- | ||
| + | | -v || --verbose || || general || This flag can be used multiple times to incrementally increase the verbosity of output, e.g. -vvv. (default: -2) | ||
| + | |- | ||
| + | | || --max-log-backups || {{arg|number}} || general || Specifies the maximum number of backup logs that should be kept by Certbot's built in log rotation. Setting this flag to 0 disables log rotation entirely, causing Certbot to always append to the same log file. (default: 1000) | ||
| + | |- | ||
| + | | -n | ||
| + | | --non-interactive<br>--noninteractive | ||
| + | | | ||
| + | | general | ||
| + | | Run without ever asking for user input. This may require additional command line flags; the client will try to explain which ones are required if it finds one missing (default: False) | ||
| + | |- | ||
| + | | || --force-interactive || || general || Force Certbot to be interactive even if it detects it's not being run in a terminal. This flag cannot be used with the renew subcommand. (default: False) | ||
|} | |} | ||
| + | ==Commands== | ||
| + | ===get/renew=== | ||
| + | obtain, install, and renew certificates: | ||
| + | * {{l/sub|run}} (default): Obtain & install a certificate in your current webserver | ||
| + | * {{l/sub|certonly}}: Obtain or renew a certificate, but do not install it | ||
| + | * {{l/sub|renew}}: Renew all previously obtained certificates that are near expiry | ||
| + | * {{l/sub|enhance}}: Add security enhancements to your existing configuration | ||
| + | ===manage=== | ||
| + | manage certificates: | ||
| + | * {{l/sub|certificates}}: Display information about certificates you have from Certbot | ||
| + | * {{l/sub|revoke}}: Revoke a certificate (supply --cert-path or --cert-name) | ||
| + | * {{l/sub|delete}}: Delete a certificate | ||
| + | ===account=== | ||
| + | Manage your ACME account: | ||
| + | * {{l/sub|register}}: Create an ACME account | ||
| + | * {{l/sub|unregister}}: Deactivate an ACME account | ||
| + | * {{l/sub|update_account}}: Update an ACME account | ||
Revision as of 02:03, 26 November 2022
This documentation is being constructed from the manpage, for better searchability (under construction 2022-11-25):
Options
| short | long | arguments | subsystem | description |
|---|---|---|---|---|
| -d | <domain list> | get/renew | Comma-separated list of domains to obtain a certificate for, or to otherwise apply.
For multiple domains you can use multiple -d flags or enter a comma separated list of domains as a parameter. The first domain provided will be the subject CN of the certificate, and all domains will be Subject Alternative Names on the certificate. The first domain will also be used in some software user interfaces and as the file paths | |
| --apache | get/renew | Use the Apache plugin for authentication & installation | ||
| --standalone | get/renew | Run a standalone webserver for authentication | ||
| --nginx | get/renew | Use the Nginx plugin for authentication & installation | ||
| --webroot | get/renew | Place files in a server's webroot folder for authentication | ||
| --manual | get/renew | Obtain certificates interactively, or using shell script hooks | ||
| -n | get/renew | Run non-interactively | ||
| --test-cert | get/renew | Obtain a test certificate from a staging server | ||
| --dry-run | get/renew | Test "renew" or "certonly" without saving any certificates | ||
| --agree-tos | account | Agree to the ACME server's Subscriber Agreement | ||
| -m | <email addr> | account | Email address for important account notifications | |
| -h | --help | general | show a help message and exit | |
| -c | --config | <config file> | general | path to config file (default: /etc/letsencrypt/cli.ini and ~/.config/letsencrypt/cli.ini) |
| -v | --verbose | general | This flag can be used multiple times to incrementally increase the verbosity of output, e.g. -vvv. (default: -2) | |
| --max-log-backups | <number> | general | Specifies the maximum number of backup logs that should be kept by Certbot's built in log rotation. Setting this flag to 0 disables log rotation entirely, causing Certbot to always append to the same log file. (default: 1000) | |
| -n | --non-interactive --noninteractive |
general | Run without ever asking for user input. This may require additional command line flags; the client will try to explain which ones are required if it finds one missing (default: False) | |
| --force-interactive | general | Force Certbot to be interactive even if it detects it's not being run in a terminal. This flag cannot be used with the renew subcommand. (default: False) |
Commands
get/renew
obtain, install, and renew certificates:
- run (default): Obtain & install a certificate in your current webserver
- certonly: Obtain or renew a certificate, but do not install it
- renew: Renew all previously obtained certificates that are near expiry
- enhance: Add security enhancements to your existing configuration
manage
manage certificates:
- certificates: Display information about certificates you have from Certbot
- revoke: Revoke a certificate (supply --cert-path or --cert-name)
- delete: Delete a certificate
account
Manage your ACME account:
- register: Create an ACME account
- unregister: Deactivate an ACME account
- update_account: Update an ACME account