forked from TrueCloudLab/lego
Document --csr flag
This commit is contained in:
parent
333af54906
commit
01e2a30802
1 changed files with 10 additions and 1 deletions
11
README.md
11
README.md
|
@ -27,7 +27,7 @@ docker build -t lego .
|
||||||
#### Features
|
#### Features
|
||||||
|
|
||||||
- Register with CA
|
- Register with CA
|
||||||
- Obtain certificates
|
- Obtain certificates, both from scratch or with an existing CSR
|
||||||
- Renew certificates
|
- Renew certificates
|
||||||
- Revoke certificates
|
- Revoke certificates
|
||||||
- Robust implementation of all ACME challenges
|
- Robust implementation of all ACME challenges
|
||||||
|
@ -89,6 +89,7 @@ COMMANDS:
|
||||||
|
|
||||||
GLOBAL OPTIONS:
|
GLOBAL OPTIONS:
|
||||||
--domains, -d [--domains option --domains option] Add domains to the process
|
--domains, -d [--domains option --domains option] Add domains to the process
|
||||||
|
--csr, -c Certificate signing request filename, if an external CSR is to be used
|
||||||
--server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.
|
--server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.
|
||||||
--email, -m Email used for registration and recovery contact.
|
--email, -m Email used for registration and recovery contact.
|
||||||
--accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.
|
--accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.
|
||||||
|
@ -130,6 +131,14 @@ $ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego
|
||||||
|
|
||||||
Note that `--dns=foo` implies `--exclude=http-01` and `--exclude=tls-sni-01`. lego will not attempt other challenges if you've told it to use DNS instead.
|
Note that `--dns=foo` implies `--exclude=http-01` and `--exclude=tls-sni-01`. lego will not attempt other challenges if you've told it to use DNS instead.
|
||||||
|
|
||||||
|
Obtain a certificate given a certificate signing request (CSR) generated by something else:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ lego --email="foo@bar.com" --csr=/path/to/csr.pem run
|
||||||
|
```
|
||||||
|
|
||||||
|
(lego will infer the domains to be validated based on the contents of the CSR, so make sure the CSR's Common Name and optional SubjectAltNames are set correctly.)
|
||||||
|
|
||||||
lego defaults to communicating with the production Let's Encrypt ACME server. If you'd like to test something without issuing real certificates, consider using the staging endpoint instead:
|
lego defaults to communicating with the production Let's Encrypt ACME server. If you'd like to test something without issuing real certificates, consider using the staging endpoint instead:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
|
Loading…
Reference in a new issue