diff options
Diffstat (limited to 'docs/reference/cli.md')
| -rw-r--r-- | docs/reference/cli.md | 421 |
1 files changed, 0 insertions, 421 deletions
diff --git a/docs/reference/cli.md b/docs/reference/cli.md deleted file mode 100644 index 8d418ec..0000000 --- a/docs/reference/cli.md +++ /dev/null @@ -1,421 +0,0 @@ ---- -sidebar: reference ---- - -# Command line arguments -Here are all the command line arguments the program accepts. - -#### Notes -- Make sure that you are familiar with the basics of [renewal management](/win-acme/manual/renewal-management) - before proceeding with unattended use. -- Arguments documented as such: `--foo [--bar baz|qux]` mean that `--foo` is only -applicable when `--bar` is set to `baz` or `qux`. - -## Main -``` - --baseuri - Address of the ACMEv2 server to use. The default endpoint - can be modified in settings.json. - - --import - Import scheduled renewals from version 1.9.x in unattended - mode. - - --importbaseuri - [--import] When importing scheduled renewals from version - 1.9.x, this argument can change the address of the ACMEv1 - server to import from. The default endpoint to import from - can be modified in settings.json. - - --test - Enables testing behaviours in the program which may help - with troubleshooting. By default this also switches the - --baseuri to the ACME test endpoint. The default endpoint - for test mode can be modified in settings.json. - - --verbose - Print additional log messages to console for - troubleshooting and bug reports. - - --help - Show information about all available command line options. - - --version - Show version information. - - --renew - Renew any certificates that are due. This argument is used - by the scheduled task. Note that it's not possible to - change certificate properties and renew at the same time. - - --force - Force renewal on all scheduled certificates when used - together with --renew. Otherwise just bypasses the - certificate cache on new certificate requests. - - --cancel - Cancel renewal specified by the --friendlyname or --id - arguments. - - --revoke - Revoke the most recently issued certificate for the renewal - specified by the --friendlyname or --id arguments. - - --list - List all created renewals in unattended mode. - - --id - [--target|--cancel|--renew|--revoke] Id of a new or existing - renewal, can be used to override the default when creating - a new renewal or to specify a specific renewal for other - commands. - - --friendlyname - [--target|--cancel|--renew|--revoke] Friendly name of a new or - existing renewal, can be used to override the default when - creating a new renewal or to specify a specific renewal - for other commands. In the latter case a pattern might be used. - You may use a `*` for a range of any characters and a `?` - for any single character. For example: the pattern `example.*` - will match `example.net` and `example.com` (but not `my.example.com`) - and the pattern `?.example.com` will match `a.example.com` and - `b.example.com` (but not `www.example.com`). Note that multiple patterns - can be combined by comma seperating them. - - --target - Specify which target plugin to run, bypassing the main - menu and triggering unattended mode. - - --validation - Specify which validation plugin to run. If none is - specified, SelfHosting validation will be chosen as the - default. - - --validationmode - Specify which validation mode to use. HTTP-01 is the - default. - - --csr - Specify which csr plugin to use. RSA is the default. - - --store - Specify which store plugin to use. CertificateStore is the - default. This may be a comma separated list. - - --installation - Specify which installation plugins to use. IIS is the - default. This may be a comma separated list. - - --closeonfinish - [--test] Close the application when complete, which - usually does not happen when test mode is active. Useful - to test unattended operation. - - --hidehttps - Hide sites that have existing https bindings from - interactive mode. - - --notaskscheduler - Do not create (or offer to update) the scheduled task. - - --usedefaulttaskuser - (Obsolete) Avoid the question about specifying the task - scheduler user, as such defaulting to the SYSTEM account. - - --accepttos - Accept the ACME terms of service. - - --emailaddress - Email address to use by ACME for renewal fail notices. - - --encrypt - Rewrites all renewal information using current - EncryptConfig setting - -``` -# CSR - -## Common -``` - --ocsp-must-staple - Enable OCSP Must Staple extension on certificate. - - --reuse-privatekey - Reuse the same private key for each renewal. - -``` -# Installation - -## IIS FTP plugin -``` [--installation iisftp] ``` -``` - --ftpsiteid - Site id to install certificate to. - -``` -## IIS Web plugin -``` [--installation iis] ``` -``` - --installationsiteid - Specify site to install new bindings to. Defaults to the - target if that is an IIS site. - - --sslport - Port number to use for newly created HTTPS bindings. - Defaults to 443. - - --sslipaddress - IP address to use for newly created HTTPS bindings. - Defaults to *. - -``` -## Script plugin -``` [--installation script] ``` -``` - --script - Path to script file to run after retrieving the - certificate. This may be a .exe or .bat. Refer to the Wiki - for instructions on how to run .ps1 files. - - --scriptparameters - Parameters for the script to run after retrieving the - certificate. Refer to the Wiki for further instructions. - -``` -# Store - -## Central Certificate Store plugin -``` [--store centralssl] ``` -``` - --centralsslstore - When using this setting, certificate files are stored to - the CCS and IIS bindings are configured to reflect that. - - --pfxpassword - Password to set for .pfx files exported to the IIS CSS. - -``` -## Certificate Store plugin -``` [--store certificatestore] ``` (default) -``` - --certificatestore - This setting can be used to save the certificate in a - specific store. By default it will go to 'WebHosting' - store on modern versions of Windows. - - --keepexisting - While renewing, do not remove the previous certificate. - - --acl-fullcontrol - List of additional principals (besides the owners of the - store) that should get full control permissions on the - private key of the certificate. - -``` -## PEM files plugin -``` [--store pemfiles] ``` -``` - --pemfilespath - .pem files are exported to this folder - -``` -# Target - -## CSR plugin -``` [--target csr] ``` -``` - --csrfile - Specify the location of a CSR file to make a certificate - for - - --pkfile - Specify the location of the private key corresponding to - the CSR - -``` -## IIS plugin -``` [--target iis] ``` -``` - --siteid - Identifiers of one or more sites to include. This may be a - comma seperated list. - - --host - Host name to filter. This parameter may be used to target - specific bindings. This may be a comma seperated list. - - --host-pattern - Pattern filter for host names. Can be used to dynamically - include bindings based on their match with the pattern. - You may use a `*` for a range of any characters and a `?` - for any single character. For example: the pattern - `example.*` will match `example.net` and `example.com` - (but not `my.example.com`) and the pattern `?.example.com` - will match `a.example.com` and `b.example.com` (but not - `www.example.com`). Note that multiple patterns can be - combined by comma seperating them. - - --host-regex - Regex pattern filter for host names. Some people, when - confronted with a problem, think "I know, I'll use regular - expressions." Now they have two problems. - - --commonname - Specify the common name of the certificate that should be - requested for the target. By default this will be the - first binding that is enumerated. - - --excludebindings - Exclude host names from the certificate. This may be a - comma separated list. - -``` -## Manual plugin -``` [--target manual] ``` -``` - --commonname - Specify the common name of the certificate. If not - provided the first host name will be used. - - --host - A host name to get a certificate for. This may be a comma - separated list. - -``` -# Validation - -## SelfHosting plugin -``` [--validationmode tls-alpn-01 --validation selfhosting] ``` (default) -``` - --validationport - Port to use for listening to validation requests. Note - that the ACME server will always send requests to port - 443. This option is only useful in combination with a port - forwarding. - -``` -## FileSystem plugin -``` [--validation filesystem] ``` -``` - --validationsiteid - Specify IIS site to use for handling validation requests. - This will be used to choose the web root path. - -``` -## Common HTTP validation options -``` [--validation filesystem|ftp|sftp|webdav] ``` -``` - --webroot - Root path of the site that will serve the HTTP validation - requests. - - --warmup - Not used (warmup is the new default). - - --manualtargetisiis - Copy default web.config to the .well-known directory. - -``` -## SelfHosting plugin -``` [--validation selfhosting] ``` (default) -``` - --validationport - Port to use for listening to validation requests. Note - that the ACME server will always send requests to port 80. - This option is only useful in combination with a port - forwarding. - -``` -## AcmeDns -``` [--validationmode dns-01 --validation acme-dns] ``` -``` - --acmednsserver - Root URI of the acme-dns service - -``` -## Script -``` [--validationmode dns-01 --validation script] ``` -``` - --dnsscript - Path to script that creates and deletes validation - records, depending on its parameters. If this parameter is - provided then --dnscreatescript and --dnsdeletescript are - ignored. - - --dnscreatescript - Path to script that creates the validation TXT record. - - --dnscreatescriptarguments - Default parameters passed to the script are create - {Identifier} {RecordName} {Token}, but that can be - customized using this argument. - - --dnsdeletescript - Path to script to remove TXT record. - - --dnsdeletescriptarguments - Default parameters passed to the script are delete - {Identifier} {RecordName} {Token}, but that can be - customized using this argument. - -``` -## Credentials -``` [--validation ftp|sftp|webdav] ``` -``` - --username - User name for WebDav/(s)ftp server - - --password - Password for WebDav/(s)ftp server - -``` -## Azure -``` [--validationmode dns-01 --validation azure] ``` -``` - --azureusemsi - Use Managed Service Identity for authentication. - - --azuretenantid - Tenant ID to login into Microsoft Azure. - - --azureclientid - Client ID to login into Microsoft Azure. - - --azuresecret - Secret to login into Microsoft Azure. - - --azuresubscriptionid - Subscription ID to login into Microsoft Azure DNS. - - --azureresourcegroupname - The name of the resource group within Microsoft Azure DNS. - -``` -## Cloudflare -``` [--validationmode dns-01 --validation cloudflare] ``` -``` - --cloudflareapitoken - API Token for Cloudflare. - -``` -## Dreamhost -``` [--validationmode dns-01 --validation dreamhost] ``` -``` - --apiKey - Dreamhost API key. - -``` -## Route53 -``` [--validationmode dns-01 --validation route53] ``` -``` - --route53IAMRole - AWS IAM role for the current EC2 instance to login into - Amazon Route 53. - - --route53AccessKeyId - Access key ID to login into Amazon Route 53. - - --route53SecretAccessKey - Secret access key to login into Amazon Route 53. - -```
\ No newline at end of file |