1
0
mirror of https://github.com/go-acme/lego.git synced 2025-01-16 03:21:21 +02:00

Document --csr flag

This commit is contained in:
Will Glynn 2016-02-11 19:08:36 -06:00 committed by Chris Marchesi
parent 333af54906
commit 01e2a30802

View File

@ -27,7 +27,7 @@ docker build -t lego .
#### Features
- Register with CA
- Obtain certificates
- Obtain certificates, both from scratch or with an existing CSR
- Renew certificates
- Revoke certificates
- Robust implementation of all ACME challenges
@ -89,6 +89,7 @@ COMMANDS:
GLOBAL OPTIONS:
--domains, -d [--domains option --domains option] Add domains to the process
--csr, -c Certificate signing request filename, if an external CSR is to be used
--server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.
--email, -m Email used for registration and recovery contact.
--accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.
@ -130,6 +131,14 @@ $ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego
Note that `--dns=foo` implies `--exclude=http-01` and `--exclude=tls-sni-01`. lego will not attempt other challenges if you've told it to use DNS instead.
Obtain a certificate given a certificate signing request (CSR) generated by something else:
```bash
$ lego --email="foo@bar.com" --csr=/path/to/csr.pem run
```
(lego will infer the domains to be validated based on the contents of the CSR, so make sure the CSR's Common Name and optional SubjectAltNames are set correctly.)
lego defaults to communicating with the production Let's Encrypt ACME server. If you'd like to test something without issuing real certificates, consider using the staging endpoint instead:
```bash