1. Unix-like command api
2. 100% compatible with le.sh 1.x command api.
3. Support different webroot for each domain in the same cert.
```
le.sh --issue -d a.com -w /wwwroot/a.com -d b.com -w /wwwroot/b.com
```
4. Support different authentication methods for each domain in the same cert. Hybrid usage:
```
le.sh --issue -d a.com -w /wwwroot/a.com -d b.com -dns dns-cf
```
5. Two different debug levels to provide useful debug info. `--debug` or `--debug 2`
6. Support to install `fullchain.cer` after renewal.
7. Better performance.
Only the domain is required, all the other parameters are optional.
Install the issued cert/key to the production apache or nginx path.
Install the issued cert/key to the production apache or nginx path.
The cert will be renewed every 80 days by default (which is configurable), Once the cert is renewed, the apache/nginx will be automatically reloaded by the command: `service apache2 reload` or `service nginx reload`
The cert will be renewed every 80 days by default (which is configurable), Once the cert is renewed, the apache/nginx will be automatically reloaded by the command: `service apache2 reload` or `service nginx reload`
# Use Standalone server to issue cert (requires you be root/sudoer, or you have permission to listen tcp 80 port):
# Use Standalone server to issue cert
(requires you be root/sudoer, or you have permission to listen tcp 80 port):
Same usage as all above, just give `no` as the webroot.
Same usage as all above, just give `no` as the webroot.
The tcp `80` port must be free to listen, otherwise you will be prompted to free the `80` port and try again.
The tcp `80` port must be free to listen, otherwise you will be prompted to free the `80` port and try again.
```
```
le issue no aa.com www.aa.com,cp.aa.com
le --issue --standalone -d aa.com -d www.aa.com -d cp.aa.com
```
```
# Use Apache mode (requires you be root/sudoer, since it is required to interact with apache server):
More examples: https://github.com/Neilpang/le/wiki/How-to-issue-a-cert
# Use Apache mode
(requires you be root/sudoer, since it is required to interact with apache server):
If you are running a web server, apache or nginx, it is recommended to use the Webroot mode.
If you are running a web server, apache or nginx, it is recommended to use the Webroot mode.
Particularly, if you are running an apache server, you can use apache mode instead. Which doesn't write any file to your web root folder.
Particularly, if you are running an apache server, you can use apache mode instead. Which doesn't write any file to your web root folder.
Just set string "apache" to the first argument, it will use apache plugin automatically.
Just set string "apache" to the first argument, it will use apache plugin automatically.
```
```
le issue apache aa.com www.aa.com,user.aa.com
le --issue --apache -d aa.com -d www.aa.com -d user.aa.com
```
```
All the other arguments are the same with previous.
More examples: https://github.com/Neilpang/le/wiki/How-to-issue-a-cert
# Use DNS mode:
# Use DNS mode:
Support the latest dns-01 challenge.
Support the dns-01 challenge.
```
```
le issue dns aa.com www.aa.com,user.aa.com
le --issue --dns -d aa.com -d www.aa.com -d user.aa.com
```
```
You will get the output like bellow:
You will get the output like bellow:
@ -208,7 +224,7 @@ Please add those txt records to the domains. Waiting for the dns to take effect.
Then just retry with 'renew' command:
Then just retry with 'renew' command:
```
```
le renew aa.com
le --renew -d aa.com
```
```
Ok, it's finished.
Ok, it's finished.
@ -242,12 +258,12 @@ For example:
Single domain:
Single domain:
```
```
le issue /home/wwwroot/aa.com aa.com no ec-256
le --issue -w /home/wwwroot/aa.com -d aa.com --keylength ec-256
```
```
SAN multiple domains:
SAN multiple domains:
```
```
le issue /home/wwwroot/aa.com aa.com www.aa.com,cp.aa.com ec-256
le --issue -w /home/wwwroot/aa.com -d aa.com -d www.aa.com --keylength ec-256