2023-01-08 13:53:15 +00:00
# THIS FILE IS AUTO-GENERATED. PLEASE DO NOT EDIT.
[ [ command ] ]
title = "lego help"
content = "" "
NAME :
lego - Let ' s Encrypt client written in Go
USAGE :
lego [ global options ] command [ command options ] [ arguments . . . ]
COMMANDS :
run Register an account , then create and install a certificate
revoke Revoke a certificate
renew Renew a certificate
dnshelp Shows additional help for the '--dns' global option
list Display certificates and accounts information .
help , h Shows a list of commands or help for one command
GLOBAL OPTIONS :
--accept-tos , -a By setting this flag to true you indicate that you accept the current Let ' s Encrypt terms of service . ( default : false )
--cert . timeout value Set the certificate timeout value to a specific value in seconds . Only used when obtaining certificates . ( default : 30 )
--csr value , -c value Certificate signing request filename , if an external CSR is to be used .
--dns value Solve a DNS challenge using the specified provider . Can be mixed with other types of challenges . Run 'lego dnshelp' for help on usage .
--dns-timeout value Set the DNS timeout value to a specific value in seconds . Used only when performing authoritative name servers queries . ( default : 10 )
--dns . disable-cp By setting this flag to true , disables the need to wait the propagation of the TXT record to all authoritative name servers . ( default : false )
2023-01-12 14:07:31 +00:00
--dns . resolvers value [ --dns . resolvers value ] Set the resolvers to use for performing ( recursive ) CNAME resolving and apex domain determination . For DNS challenge verification , the authoritative DNS server is queried directly . Supported : host : port . The default is to use the system resolvers , or Google 's DNS resolvers if the system' s cannot be determined .
2023-01-08 13:53:15 +00:00
--domains value , -d value [ --domains value , -d value ] Add a domain to the process . Can be specified multiple times .
--eab Use External Account Binding for account registration . Requires --kid and --hmac . ( default : false )
--email value , -m value Email used for registration and recovery contact .
--filename value ( deprecated ) Filename of the generated certificate .
--help , -h show help ( default : false )
--hmac value MAC key from External CA . Should be in Base64 URL Encoding without padding format . Used for External Account Binding .
--http Use the HTTP challenge to solve challenges . Can be mixed with other types of challenges . ( default : false )
--http-timeout value Set the HTTP timeout value to a specific value in seconds . ( default : 0 )
--http . memcached-host value [ --http . memcached-host value ] Set the memcached host ( s ) to use for HTTP based challenges . Challenges will be written to all specified hosts .
--http . port value Set the port and interface to use for HTTP based challenges to listen on . Supported : interface : port or : port . ( default : ":80" )
--http . proxy-header value Validate against this HTTP header when solving HTTP based challenges behind a reverse proxy . ( default : "Host" )
--http . webroot value Set the webroot folder to use for HTTP based challenges to write directly in a file in . well-known / acme-challenge . This disables the built-in server and expects the given directory to be publicly served with access to . well-known / acme-challenge
2023-03-01 15:27:20 +00:00
--key-type value , -k value Key type to use for private keys . Supported : rsa2048 , rsa3072 , rsa4096 , rsa8192 , ec256 , ec384 . ( default : "ec256" )
2023-01-08 13:53:15 +00:00
--kid value Key identifier from External CA . Used for External Account Binding .
--path value Directory to use for storing the data . ( default : "./.lego" ) [ $ LEGO_PATH ]
--pem Generate a . pem file by concatenating the . key and . crt files together . ( default : false )
--pfx Generate a . pfx ( PKCS #12) file by with the .key and .crt and issuer .crt files together. (default: false)
--pfx . pass value The password used to encrypt the . pfx ( PCKS #12) file. (default: "changeit")
--server value , -s value CA hostname ( and optionally : port ) . The server certificate must be trusted in order to avoid further modifications to the client . ( default : "https://acme-v02.api.letsencrypt.org/directory" )
--tls Use the TLS challenge to solve challenges . Can be mixed with other types of challenges . ( default : false )
--tls . port value Set the port and interface to use for TLS based challenges to listen on . Supported : interface : port or : port . ( default : ":443" )
--user-agent value Add to the user-agent sent to the CA to identify an application embedding lego-cli
"" "
[ [ command ] ]
title = "lego help run"
content = "" "
NAME :
lego run - Register an account , then create and install a certificate
USAGE :
lego run [ command options ] [ arguments . . . ]
OPTIONS :
--always-deactivate-authorizations value Force the authorizations to be relinquished even if the certificate request was successful .
--must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate . Only works if the CSR is generated by lego . ( default : false )
--no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate . ( default : false )
--preferred-chain value If the CA offers multiple certificate chains , prefer the chain with an issuer matching this Subject Common Name . If no match , the default offered chain will be used .
--run-hook value Define a hook . The hook is executed when the certificates are effectively created .
"" "
[ [ command ] ]
title = "lego help renew"
content = "" "
NAME :
lego renew - Renew a certificate
USAGE :
lego renew [ command options ] [ arguments . . . ]
OPTIONS :
--always-deactivate-authorizations value Force the authorizations to be relinquished even if the certificate request was successful .
--days value The number of days left on a certificate to renew it . ( default : 30 )
--must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate . Only works if the CSR is generated by lego . ( default : false )
--no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate . ( default : false )
--no-random-sleep Do not add a random sleep before the renewal . We do not recommend using this flag if you are doing your renewals in an automated way . ( default : false )
--preferred-chain value If the CA offers multiple certificate chains , prefer the chain with an issuer matching this Subject Common Name . If no match , the default offered chain will be used .
--renew-hook value Define a hook . The hook is executed only when the certificates are effectively renewed .
--reuse-key Used to indicate you want to reuse your current private key for the new certificate . ( default : false )
"" "
[ [ command ] ]
title = "lego help revoke"
content = "" "
NAME :
lego revoke - Revoke a certificate
USAGE :
lego revoke [ command options ] [ arguments . . . ]
OPTIONS :
--keep , -k Keep the certificates after the revocation instead of archiving them . ( default : false )
--reason value Identifies the reason for the certificate revocation . See https : / / www . rfc-editor . org / rfc / rfc5280 . html #section-5.3.1. Valid values are: 0 (unspecified), 1 (keyCompromise), 2 (cACompromise), 3 (affiliationChanged), 4 (superseded), 5 (cessationOfOperation), 6 (certificateHold), 8 (removeFromCRL), 9 (privilegeWithdrawn), or 10 (aACompromise). (default: 0)
"" "
[ [ command ] ]
title = "lego help list"
content = "" "
NAME :
lego list - Display certificates and accounts information .
USAGE :
lego list [ command options ] [ arguments . . . ]
OPTIONS :
--accounts , -a Display accounts . ( default : false )
--names , -n Display certificate common names only . ( default : false )
"" "
[ [ command ] ]
title = "lego dnshelp"
content = "" "
Credentials for DNS providers must be passed through environment variables .
To display the documentation for a specific DNS provider , run :
$ lego dnshelp -c code
Supported DNS providers :
2023-02-27 00:54:39 +00:00
acme-dns , alidns , allinkl , arvancloud , auroradns , autodns , azure , bindman , bluecat , bunny , checkdomain , civo , clouddns , cloudflare , cloudns , cloudxns , conoha , constellix , desec , designate , digitalocean , dnshomede , dnsimple , dnsmadeeasy , dnspod , dode , domeneshop , dreamhost , duckdns , dyn , dynu , easydns , edgedns , epik , exec , exoscale , freemyip , gandi , gandiv5 , gcloud , gcore , glesys , godaddy , hetzner , hostingde , hosttech , httpreq , hurricane , hyperone , ibmcloud , iij , iijdpf , infoblox , infomaniak , internetbs , inwx , ionos , iwantmyname , joker , liara , lightsail , linode , liquidweb , loopia , luadns , manual , mydnsjp , mythicbeasts , namecheap , namedotcom , namesilo , nearlyfreespeech , netcup , netlify , nicmanager , nifcloud , njalla , nodion , ns1 , oraclecloud , otc , ovh , pdns , plesk , porkbun , rackspace , regru , rfc2136 , rimuhosting , route53 , safedns , sakuracloud , scaleway , selectel , servercow , simply , sonic , stackpath , tencentcloud , transip , ultradns , variomedia , vegadns , vercel , versio , vinyldns , vkcloud , vscale , vultr , websupport , wedos , yandex , yandexcloud , zoneee , zonomi
2023-01-08 13:53:15 +00:00
More information : https : / / go-acme . github . io / lego / dns
"" "