2023-01-08 15:53:15 +02:00
# THIS FILE IS AUTO-GENERATED. PLEASE DO NOT EDIT.
[ [ command ] ]
title = "lego help"
content = "" "
NAME :
lego - Let ' s Encrypt client written in Go
USAGE :
lego [ global options ] command [ command options ] [ arguments . . . ]
COMMANDS :
run Register an account , then create and install a certificate
revoke Revoke a certificate
renew Renew a certificate
dnshelp Shows additional help for the '--dns' global option
list Display certificates and accounts information .
help , h Shows a list of commands or help for one command
GLOBAL OPTIONS :
2023-06-30 20:42:28 +02:00
--domains value , -d value [ --domains value , -d value ] Add a domain to the process . Can be specified multiple times .
--server value , -s value CA hostname ( and optionally : port ) . The server certificate must be trusted in order to avoid further modifications to the client . ( default : "https://acme-v02.api.letsencrypt.org/directory" )
2023-01-08 15:53:15 +02:00
--accept-tos , -a By setting this flag to true you indicate that you accept the current Let ' s Encrypt terms of service . ( default : false )
2023-06-30 20:42:28 +02:00
--email value , -m value Email used for registration and recovery contact .
2023-01-08 15:53:15 +02:00
--csr value , -c value Certificate signing request filename , if an external CSR is to be used .
2023-07-27 14:07:10 +02:00
--eab Use External Account Binding for account registration . Requires --kid and --hmac . ( default : false ) [ $ LEGO_EAB ]
--kid value Key identifier from External CA . Used for External Account Binding . [ $ LEGO_EAB_KID ]
--hmac value MAC key from External CA . Should be in Base64 URL Encoding without padding format . Used for External Account Binding . [ $ LEGO_EAB_HMAC ]
2023-06-30 20:42:28 +02:00
--key-type value , -k value Key type to use for private keys . Supported : rsa2048 , rsa3072 , rsa4096 , rsa8192 , ec256 , ec384 . ( default : "ec256" )
--filename value ( deprecated ) Filename of the generated certificate .
--path value Directory to use for storing the data . ( default : "./.lego" ) [ $ LEGO_PATH ]
2023-03-03 00:14:25 +02:00
--http Use the HTTP-01 challenge to solve challenges . Can be mixed with other types of challenges . ( default : false )
--http . port value Set the port and interface to use for HTTP-01 based challenges to listen on . Supported : interface : port or : port . ( default : ":80" )
--http . proxy-header value Validate against this HTTP header when solving HTTP-01 based challenges behind a reverse proxy . ( default : "Host" )
--http . webroot value Set the webroot folder to use for HTTP-01 based challenges to write directly to the . well-known / acme-challenge file . This disables the built-in server and expects the given directory to be publicly served with access to . well-known / acme-challenge
2023-06-30 20:42:28 +02:00
--http . memcached-host value [ --http . memcached-host value ] Set the memcached host ( s ) to use for HTTP-01 based challenges . Challenges will be written to all specified hosts .
2023-07-27 12:42:48 +02:00
--http . s3-bucket value Set the S3 bucket name to use for HTTP-01 based challenges . Challenges will be written to the S3 bucket .
2023-06-30 20:42:28 +02:00
--tls Use the TLS-ALPN-01 challenge to solve challenges . Can be mixed with other types of challenges . ( default : false )
--tls . port value Set the port and interface to use for TLS-ALPN-01 based challenges to listen on . Supported : interface : port or : port . ( default : ":443" )
--dns value Solve a DNS-01 challenge using the specified provider . Can be mixed with other types of challenges . Run 'lego dnshelp' for help on usage .
--dns . disable-cp By setting this flag to true , disables the need to await propagation of the TXT record to all authoritative name servers . ( default : false )
--dns . resolvers value [ --dns . resolvers value ] Set the resolvers to use for performing ( recursive ) CNAME resolving and apex domain determination . For DNS-01 challenge verification , the authoritative DNS server is queried directly . Supported : host : port . The default is to use the system resolvers , or Google 's DNS resolvers if the system' s cannot be determined .
--http-timeout value Set the HTTP timeout value to a specific value in seconds . ( default : 0 )
--dns-timeout value Set the DNS timeout value to a specific value in seconds . Used only when performing authoritative name server queries . ( default : 10 )
2023-03-02 20:29:29 +02:00
--pem Generate an additional . pem ( base64 ) file by concatenating the . key and . crt files together . ( default : false )
--pfx Generate an additional . pfx ( PKCS #12) file by concatenating the .key and .crt and issuer .crt files together. (default: false)
2023-01-08 15:53:15 +02:00
--pfx . pass value The password used to encrypt the . pfx ( PCKS #12) file. (default: "changeit")
2023-06-30 20:42:28 +02:00
--cert . timeout value Set the certificate timeout value to a specific value in seconds . Only used when obtaining certificates . ( default : 30 )
2023-01-08 15:53:15 +02:00
--user-agent value Add to the user-agent sent to the CA to identify an application embedding lego-cli
2023-06-30 20:42:28 +02:00
--help , -h show help
2023-01-08 15:53:15 +02:00
"" "
[ [ command ] ]
title = "lego help run"
content = "" "
NAME :
lego run - Register an account , then create and install a certificate
USAGE :
lego run [ command options ] [ arguments . . . ]
OPTIONS :
--no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate . ( default : false )
2023-06-30 20:42:28 +02:00
--must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate . Only works if the CSR is generated by lego . ( default : false )
2023-06-13 14:05:02 +02:00
--not-before value Set the notBefore field in the certificate ( RFC3339 format )
2023-06-30 20:42:28 +02:00
--not-after value Set the notAfter field in the certificate ( RFC3339 format )
2023-01-08 15:53:15 +02:00
--preferred-chain value If the CA offers multiple certificate chains , prefer the chain with an issuer matching this Subject Common Name . If no match , the default offered chain will be used .
2023-06-30 20:42:28 +02:00
--always-deactivate-authorizations value Force the authorizations to be relinquished even if the certificate request was successful .
2023-01-08 15:53:15 +02:00
--run-hook value Define a hook . The hook is executed when the certificates are effectively created .
2023-06-30 20:42:28 +02:00
--help , -h show help
2023-01-08 15:53:15 +02:00
"" "
[ [ command ] ]
title = "lego help renew"
content = "" "
NAME :
lego renew - Renew a certificate
USAGE :
lego renew [ command options ] [ arguments . . . ]
OPTIONS :
2023-06-30 20:42:28 +02:00
--days value The number of days left on a certificate to renew it . ( default : 0 )
2023-05-28 10:36:37 +02:00
--ari-enable Use the renewalInfo endpoint ( draft-ietf-acme-ari ) to check if a certificate should be renewed . ( default : false )
2023-06-30 20:42:28 +02:00
--ari-hash-name value The string representation of the hash expected by the renewalInfo endpoint ( e . g . "SHA-256" ) .
2023-05-28 10:36:37 +02:00
--ari-wait-to-renew-duration value The maximum duration you ' re willing to sleep for a renewal time returned by the renewalInfo endpoint . ( default : 0 s )
2023-06-30 20:42:28 +02:00
--reuse-key Used to indicate you want to reuse your current private key for the new certificate . ( default : false )
2023-01-08 15:53:15 +02:00
--no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate . ( default : false )
2023-06-30 20:42:28 +02:00
--must-staple Include the OCSP must staple TLS extension in the CSR and generated certificate . Only works if the CSR is generated by lego . ( default : false )
2023-06-13 14:05:02 +02:00
--not-before value Set the notBefore field in the certificate ( RFC3339 format )
2023-06-30 20:42:28 +02:00
--not-after value Set the notAfter field in the certificate ( RFC3339 format )
2023-01-08 15:53:15 +02:00
--preferred-chain value If the CA offers multiple certificate chains , prefer the chain with an issuer matching this Subject Common Name . If no match , the default offered chain will be used .
2023-06-30 20:42:28 +02:00
--always-deactivate-authorizations value Force the authorizations to be relinquished even if the certificate request was successful .
2023-01-08 15:53:15 +02:00
--renew-hook value Define a hook . The hook is executed only when the certificates are effectively renewed .
2023-06-30 20:42:28 +02:00
--no-random-sleep Do not add a random sleep before the renewal . We do not recommend using this flag if you are doing your renewals in an automated way . ( default : false )
--help , -h show help
2023-01-08 15:53:15 +02:00
"" "
[ [ command ] ]
title = "lego help revoke"
content = "" "
NAME :
lego revoke - Revoke a certificate
USAGE :
lego revoke [ command options ] [ arguments . . . ]
OPTIONS :
--keep , -k Keep the certificates after the revocation instead of archiving them . ( default : false )
--reason value Identifies the reason for the certificate revocation . See https : / / www . rfc-editor . org / rfc / rfc5280 . html #section-5.3.1. Valid values are: 0 (unspecified), 1 (keyCompromise), 2 (cACompromise), 3 (affiliationChanged), 4 (superseded), 5 (cessationOfOperation), 6 (certificateHold), 8 (removeFromCRL), 9 (privilegeWithdrawn), or 10 (aACompromise). (default: 0)
2023-06-30 20:42:28 +02:00
--help , -h show help
2023-01-08 15:53:15 +02:00
"" "
[ [ command ] ]
title = "lego help list"
content = "" "
NAME :
lego list - Display certificates and accounts information .
USAGE :
lego list [ command options ] [ arguments . . . ]
OPTIONS :
--accounts , -a Display accounts . ( default : false )
--names , -n Display certificate common names only . ( default : false )
2023-06-30 20:42:28 +02:00
--help , -h show help
2023-01-08 15:53:15 +02:00
"" "
[ [ command ] ]
title = "lego dnshelp"
content = "" "
Credentials for DNS providers must be passed through environment variables .
To display the documentation for a specific DNS provider , run :
$ lego dnshelp -c code
Supported DNS providers :
2023-07-27 13:09:39 +02:00
acme-dns , alidns , allinkl , arvancloud , auroradns , autodns , azure , azuredns , bindman , bluecat , brandit , bunny , checkdomain , civo , clouddns , cloudflare , cloudns , cloudru , cloudxns , conoha , constellix , derak , desec , designate , digitalocean , dnshomede , dnsimple , dnsmadeeasy , dnspod , dode , domeneshop , dreamhost , duckdns , dyn , dynu , easydns , edgedns , efficientip , epik , exec , exoscale , freemyip , gandi , gandiv5 , gcloud , gcore , glesys , godaddy , googledomains , hetzner , hostingde , hosttech , httpreq , hurricane , hyperone , ibmcloud , iij , iijdpf , infoblox , infomaniak , internetbs , inwx , ionos , ipv64 , iwantmyname , joker , liara , lightsail , linode , liquidweb , loopia , luadns , manual , metaname , mydnsjp , mythicbeasts , namecheap , namedotcom , namesilo , nearlyfreespeech , netcup , netlify , nicmanager , nifcloud , njalla , nodion , ns1 , oraclecloud , otc , ovh , pdns , plesk , porkbun , rackspace , rcodezero , regru , rfc2136 , rimuhosting , route53 , safedns , sakuracloud , scaleway , selectel , servercow , simply , sonic , stackpath , tencentcloud , transip , ultradns , variomedia , vegadns , vercel , versio , vinyldns , vkcloud , vscale , vultr , websupport , wedos , yandex , yandexcloud , zoneee , zonomi
2023-01-08 15:53:15 +02:00
More information : https : / / go-acme . github . io / lego / dns
"" "