From 01e2a30802219e5e7be1acfed21aa0866099ad88 Mon Sep 17 00:00:00 2001 From: Will Glynn Date: Thu, 11 Feb 2016 19:08:36 -0600 Subject: [PATCH] Document --csr flag --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ff692132..d2ced1bd 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ docker build -t lego . #### Features - Register with CA -- Obtain certificates +- Obtain certificates, both from scratch or with an existing CSR - Renew certificates - Revoke certificates - Robust implementation of all ACME challenges @@ -89,6 +89,7 @@ COMMANDS: GLOBAL OPTIONS: --domains, -d [--domains option --domains option] Add domains to the process + --csr, -c Certificate signing request filename, if an external CSR is to be used --server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. --email, -m Email used for registration and recovery contact. --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. @@ -130,6 +131,14 @@ $ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego Note that `--dns=foo` implies `--exclude=http-01` and `--exclude=tls-sni-01`. lego will not attempt other challenges if you've told it to use DNS instead. +Obtain a certificate given a certificate signing request (CSR) generated by something else: + +```bash +$ lego --email="foo@bar.com" --csr=/path/to/csr.pem run +``` + +(lego will infer the domains to be validated based on the contents of the CSR, so make sure the CSR's Common Name and optional SubjectAltNames are set correctly.) + lego defaults to communicating with the production Let's Encrypt ACME server. If you'd like to test something without issuing real certificates, consider using the staging endpoint instead: ```bash