Improve documentation (#1265)

This commit is contained in:
Dominik Menke 2020-10-03 21:36:56 +02:00 committed by GitHub
parent 03ca08048c
commit abd783a124
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 3 deletions

View file

@ -34,7 +34,7 @@ GLOBAL OPTIONS:
--eab Use External Account Binding for account registration. Requires --kid and --hmac. --eab Use External Account Binding for account registration. Requires --kid and --hmac.
--kid value Key identifier from External CA. Used for External Account Binding. --kid value Key identifier from External CA. Used for External Account Binding.
--hmac value MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding. --hmac value MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding.
--key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384. (default: "ec384") --key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384. (default: "ec256")
--filename value (deprecated) Filename of the generated certificate. --filename value (deprecated) Filename of the generated certificate.
--path value Directory to use for storing the data. (default: "./.lego") [$LEGO_PATH] --path value Directory to use for storing the data. (default: "./.lego") [$LEGO_PATH]
--http Use the HTTP challenge to solve challenges. Can be mixed with other types of challenges. --http Use the HTTP challenge to solve challenges. Can be mixed with other types of challenges.

View file

@ -16,7 +16,29 @@ If your environment does not allow you to bind to these ports, please read [Port
lego --email="foo@bar.com" --domains="example.com" --http run lego --email="foo@bar.com" --domains="example.com" --http run
``` ```
(Find your certificate in the `.lego` folder of current working directory.) You will find your certificate in the `.lego` folder of the current working directory:
```console
$ ls -1 ./.lego/certificates
example.com.crt
example.com.issuer.crt
example.com.json
example.com.key
[maybe more files for different domains...]
```
where
- `example.com.crt` is the server certificate (including the CA certificate),
- `example.com.key` is the private key needed for the server certificate,
- `example.com.issuer.crt` is the CA certificate, and
- `example.com.json` contains some JSON encoded meta information.
For each domain, you will have a set of these four files.
Please note, that for wildcard certificates (`*.example.com`), the filenames will look like `_.example.com.crt`.
The `.crt` and `.key` files are PEM encoded x509 certificates and private keys.
If you're looking for a `cert.pem` and `privkey.pem`, you can just use `example.com.crt` and `example.com.key`.
### Obtain a certificate (and hook) ### Obtain a certificate (and hook)
@ -84,7 +106,7 @@ lego --email="foo@bar.com" --http --csr=/path/to/csr.pem run
If you have an existing server running on port 80 the `--http` option needs to also use the `--http.webroot` option. If you have an existing server running on port 80 the `--http` option needs to also use the `--http.webroot` option.
This just writes the token to the given directory in the folder `.well-known/acme-challenge` and does not start a server. This just writes the token to the given directory in the folder `.well-known/acme-challenge` and does not start a server.
The given directory **should** be publicly served as `/` on the domain(s) for the validation to complete. The given directory **should** be publicly served as `/` on the domain(s) for the validation to complete.
If the given directory is not publicly served you will have to support rewriting the request to the directory; If the given directory is not publicly served you will have to support rewriting the request to the directory;