diff options
Diffstat (limited to 'docs/reference/plugins')
| -rw-r--r-- | docs/reference/plugins/index.md | 2 | ||||
| -rw-r--r-- | docs/reference/plugins/installation/iisftp.md | 2 | ||||
| -rw-r--r-- | docs/reference/plugins/installation/iisweb.md | 14 | ||||
| -rw-r--r-- | docs/reference/plugins/installation/script.md | 24 | ||||
| -rw-r--r-- | docs/reference/plugins/target/iis-site.md | 2 | ||||
| -rw-r--r-- | docs/reference/plugins/target/iis-sites.md | 2 | ||||
| -rw-r--r-- | docs/reference/plugins/target/manual.md | 3 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/dns/acme-dns.md | 3 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/dns/index.md | 4 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/dns/script.md | 22 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/http/index.md | 11 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/http/sftp.md | 2 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/index.md | 2 |
13 files changed, 48 insertions, 45 deletions
diff --git a/docs/reference/plugins/index.md b/docs/reference/plugins/index.md index 7880fc7..1b0e617 100644 --- a/docs/reference/plugins/index.md +++ b/docs/reference/plugins/index.md @@ -7,7 +7,7 @@ sidebar: reference Conceptually win-acme works by chaining together five components also known as plugins, which can be mixed and matched to support many use cases. - A [target plugin](/win-acme/reference/plugins/target/) provides information about (potential) certificates to create. -- A [validation plugin](/win-acme/reference/plugins/validation/) provides the ACME server with proof that you own the domains(s). +- A [validation plugin](/win-acme/reference/plugins/validation/) provides the ACME server with proof that you own the domain(s). - A [CSR plugin](/win-acme/reference/plugins/csr/) determines the (type of) private key and extensions to use for the certificate. - One or more [store plugins](/win-acme/reference/plugins/store/) place the certificate in a specific location and format. - One or more [installation plugins](/win-acme/reference/plugins/installation/) make changes to your application(s) configuration.
\ No newline at end of file diff --git a/docs/reference/plugins/installation/iisftp.md b/docs/reference/plugins/installation/iisftp.md index 416e5fb..393179c 100644 --- a/docs/reference/plugins/installation/iisftp.md +++ b/docs/reference/plugins/installation/iisftp.md @@ -9,4 +9,4 @@ Create or update FTP site bindings in IIS, according to the following logic: - The target FTP site will be updated to use the new certificate. ## Unattended -``--installation iisftp [--installationsiteid x]`
\ No newline at end of file +`--installation iisftp [--ftpsiteid x]`
\ No newline at end of file diff --git a/docs/reference/plugins/installation/iisweb.md b/docs/reference/plugins/installation/iisweb.md index 2a04dc1..c9d2cef 100644 --- a/docs/reference/plugins/installation/iisweb.md +++ b/docs/reference/plugins/installation/iisweb.md @@ -16,14 +16,14 @@ Create or update website bindings in IIS, according to the following logic: `--sslipaddress` switches. - New bindings will be created or updated for matching host headers with the most specific match. E.g. if you generate a certificate for `a.b.c.com`, the order of preference for the binding creation/change will be: - 1. a.b.c.com - 2. *.b.c.com - 3. *.c.com - 4. *.com - 5. Default (emtpy) binding + 1. `a.b.c.com` + 2. `*.b.c.com` + 3. `*.c.com` + 4. `*.com` + 5. `*` (Default/empty binding) - If the certificate contains a wildcard domain, the order of preference will be: - 1. *.a.b.c.com - 2. x.a.b.c.com + 1. `*.a.b.c.com` + 2. `x.a.b.c.com` - In both cases, the first preferred option will be created from scratch if none of the later options are available. - In some cases the plugin will not be able to (safely) add a new binding on older versions of IIS, e.g. due to diff --git a/docs/reference/plugins/installation/script.md b/docs/reference/plugins/installation/script.md index 3274ca8..70a895a 100644 --- a/docs/reference/plugins/installation/script.md +++ b/docs/reference/plugins/installation/script.md @@ -9,17 +9,17 @@ You provide the program with the path to the script and it will run automaticall ## Parameters The following variables can be provided from the program to the script as command line arguments. -``` -{0} or {CertCommonName} - Common name (primary domain name) -{1} or {CachePassword} - The .pfx password (generated randomly for each renewal) -{2} or {CacheFile} - Full path of the cached.pfx file -{4} or {CertFriendlyName} - Friendly name of the generated certificate -{5} or {CertThumbprint} - Thumbprint of the generated certificate -{7} or {RenewalId} - Id of the renewal - -{3} or {6} or {StorePath} - Path or store name used by the store plugin -{StoreType} - Name of the plugin (CentralSsl, CertificateStore or PemFiles) -``` +| Value | Replaced with | +|----------------|----------------| +| `{0}` or `{CertCommonName}` | Common name (primary domain name) | +| `{1}` or `{CachePassword}` | The .pfx password (generated randomly for each renewal) | +| `{2}` or `{CacheFile}` | Full path of the cached.pfx file | +| `{4}` or `{CertFriendlyName}` | Friendly name of the generated certificate | +| `{5}` or `{CertThumbprint}` | Thumbprint of the generated certificate | +| `{7}` or `{RenewalId}` | Id of the renewal | +| `{3}` or `{6}` or `{StorePath}` | Path or store name used by the (first) store plugin | +| `{StoreType}` | Name of the plugin (CentralSsl, CertificateStore or PemFiles) | + ## Example If you need your scripts parameters to look something like this: @@ -40,4 +40,4 @@ If you need to put double quotes around your parameters from the command line, y For **Powershell** scripts, string parameters can also be delimited with single quotes, for example: -`--scriptparameters "action=import file='{CacheFile}' password='{CachePassword}'"` +`--scriptparameters "action=import file='{CacheFile}' password='{CachePassword}'"`
\ No newline at end of file diff --git a/docs/reference/plugins/target/iis-site.md b/docs/reference/plugins/target/iis-site.md index efe5d78..8b4aeec 100644 --- a/docs/reference/plugins/target/iis-site.md +++ b/docs/reference/plugins/target/iis-site.md @@ -8,4 +8,4 @@ Create target based on all bindings of an IIS site. - Automatically adds/removes host names based on bindings ## Unattended -`--target iissite --siteid 1 [--excludebindings exclude.example.com]`
\ No newline at end of file +`--target iissite --siteid 1 [--commonname common.example.com] [--excludebindings exclude.example.com]`
\ No newline at end of file diff --git a/docs/reference/plugins/target/iis-sites.md b/docs/reference/plugins/target/iis-sites.md index 9d8d685..573b148 100644 --- a/docs/reference/plugins/target/iis-sites.md +++ b/docs/reference/plugins/target/iis-sites.md @@ -8,4 +8,4 @@ Create target based on all bindings of multiple IIS sites. - Automatically adds/removes host names based on bindings ## Unattended -`--target iissites --siteid 1,2,3 [--excludebindings exclude.example.com]`
\ No newline at end of file +`--target iissites --siteid 1,2,3 [--commonname common.example.com] [--excludebindings exclude.example.com]`
\ No newline at end of file diff --git a/docs/reference/plugins/target/manual.md b/docs/reference/plugins/target/manual.md index f5ce220..4422c40 100644 --- a/docs/reference/plugins/target/manual.md +++ b/docs/reference/plugins/target/manual.md @@ -3,8 +3,7 @@ sidebar: reference --- # Manual -Manually input host names -- The first name will be the common name of the certificate +Manually input host names. The first name will be the common name of the certificate, the other will only be in the SAN list. ## Unattended `--target manual --host a.example.com,b.example.com`
\ No newline at end of file diff --git a/docs/reference/plugins/validation/dns/acme-dns.md b/docs/reference/plugins/validation/dns/acme-dns.md index 9688fe7..8856cda 100644 --- a/docs/reference/plugins/validation/dns/acme-dns.md +++ b/docs/reference/plugins/validation/dns/acme-dns.md @@ -6,7 +6,8 @@ sidebar: reference Use an [acme-dns](https://github.com/joohoi/acme-dns) server to handle the validation records. The plugin will ask you to choose an endpoint to use. For testing the `https://auth.acme-dns.io/` endpoint is useful, but it is a security concern. As the readme of that project clearly states: -"You are encouraged to run your own acme-dns instance." + +> "You are encouraged to run your own acme-dns instance." ## Unattended Not supported, unless there is a pre-existing acme-dns registration for all the domains. diff --git a/docs/reference/plugins/validation/dns/index.md b/docs/reference/plugins/validation/dns/index.md index 16403f8..84251f5 100644 --- a/docs/reference/plugins/validation/dns/index.md +++ b/docs/reference/plugins/validation/dns/index.md @@ -5,8 +5,8 @@ sidebar: reference # DNS validation DNS validation works as follows: - For each domain, e.g. `sub.example.com`, the ACME server provides a -challenge consisting of an `x` and `y` value (it's a little more complicated than that, -but for the sake of this explanation it will suffice). +challenge consisting of an `x` and `y` value. The truth is actually a little +more complicated than that, but for the sake of this explanation it will suffice. - The client has to make sure that when the ACME server requests the TXT records for `_acme-challenge.sub.example.com`, there should be at least one record called `x` with content `"y"`. diff --git a/docs/reference/plugins/validation/dns/script.md b/docs/reference/plugins/validation/dns/script.md index f241d32..8e85f1f 100644 --- a/docs/reference/plugins/validation/dns/script.md +++ b/docs/reference/plugins/validation/dns/script.md @@ -7,19 +7,21 @@ Run an external script or program to create or update the validation records. ## Create A script to create the DNS record must be provided. The arguments passed to the -script will be `create {Identifier} {RecordName} {Token}` by default, with: +script will be `create {Identifier} {RecordName} {Token}` by default, where the +following replacements are made by win-acme: -- `create` - fixed value -- `{Identifier}` - host name that's being validated, e.g. `sub.example.com` -- `{RecordName}` - full name of the TXT record that is being expected, e.g. `_acme-challenge.sub.example.com` -- `{Token}` - content of the TXT record, e.g. `DGyRejmCefe7v4NfDGDKfA` +| Value | Replaced with | +|----------------|----------------| +| `{Identifier}` | host name that's being validated, e.g. `sub.example.com` | +| `{RecordName}` | full name of the TXT record that is being expected, e.g. `_acme-challenge.sub.example.com` | +| `{Token}` | content of the TXT record, e.g. `DGyRejmCefe7v4NfDGDKfA` | The order and format of arguments may be customized by providing a diffent argument string. -For example if your script needs arguments like... +For example if your script needs arguments like: `--host _acme-challenge.example.com --token DGyRejmCefe7v4NfDGDKfA` -...your argument string should be +...your argument string should like like this: `--host {RecordName} --token {Token}` @@ -35,9 +37,9 @@ A lot of good example scripts are available from the project. ## Unattended -- Create script only: +- ### Create script only `-validationmode dns-01 --validation dnsscript --dnscreatescript c:\create.ps1 [--dnscreatescriptarguments {args}]` -- Create and delete scripts seperate: +- ### Create and delete scripts seperate `-validationmode dns-01 --validation dnsscript --dnscreatescript c:\create.ps1 --dnsdeletescript c:\delete.ps1 [--dnscreatescriptarguments {args}] [--dnsdeletescriptarguments {args}]` -- Create and delete script (integrated): +- ### Create-delete script (integrated) `-validationmode dns-01 --validation dnsscript --dnsscript c:\create-and-delete.ps1 [--dnscreatescriptarguments {args}] [--dnsdeletescriptarguments {args}]`
\ No newline at end of file diff --git a/docs/reference/plugins/validation/http/index.md b/docs/reference/plugins/validation/http/index.md index 41a4f3d..25c8164 100644 --- a/docs/reference/plugins/validation/http/index.md +++ b/docs/reference/plugins/validation/http/index.md @@ -4,13 +4,14 @@ sidebar: reference # HTTP validation HTTP validation works as follows: -- For each domain, e.g. `sub.example.com`, the ACME server provides a -challenge consisting of an `x` and `y` value (it's a little more complicated than that, -but for the sake of this explanation it will suffice). +- For each domain (e.g. `sub.example.com`), the ACME server sends a +challenge consisting of an `x` and `y` value. The truth is actually a little +more complicated than that, but for the sake of this explanation it will suffice. - The client has to make sure that when the ACME server makes a request -to `http://sub.example.com/.well-known/acme-challenge/x`, the answer will be exactly `y`. +to `http://sub.example.com/.well-known/acme-challenge/x`, the content of the HTTP +response will be `y` with some specific headers set as well. - The validation request is *always* made to port 80, that cannot be changed. -- Let's Encrypt **does** follow 301/302 redirects +- The ACME server **does** follow 301/302 redirects. - There may be more than one validation request for the same token, e.g. from different locations or different protocols (IPv4/IPv6). - Let's Encrypt does **not** disclose the source locations of these requests, which diff --git a/docs/reference/plugins/validation/http/sftp.md b/docs/reference/plugins/validation/http/sftp.md index ab565fe..62d59cc 100644 --- a/docs/reference/plugins/validation/http/sftp.md +++ b/docs/reference/plugins/validation/http/sftp.md @@ -3,7 +3,7 @@ sidebar: reference --- # SFTP -This plugin uploads the validation challenge to a SSH FTP / SFTP server. +This plugin uploads the validation challenge to a SSH FTP, also known as SFTP, server. {% include validation-http-common.md %} diff --git a/docs/reference/plugins/validation/index.md b/docs/reference/plugins/validation/index.md index f5b8f0d..56e4254 100644 --- a/docs/reference/plugins/validation/index.md +++ b/docs/reference/plugins/validation/index.md @@ -7,7 +7,7 @@ sidebar: reference A validation plugin is responsible for providing the ACME server with proof that you own the identifiers (host names) that you want to create a certificate for. The [ACMEv2 protocol](https://tools.ietf.org/html/draft-ietf-acme-acme-18) defines different challenge types, -two whom are supported by Let's Encrypt and win-acme, namely [HTTP-0](/win-acme/reference/plugins/validation/http/) and +two whom are supported by Let's Encrypt and win-acme, namely [HTTP-01](/win-acme/reference/plugins/validation/http/) and [DNS-01](/win-acme/reference/plugins/validation/dns/). For wildcard identifiers, only DNS validation is accepted by Let's Encrypt. |