Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add --always-force-reuse-domain-key option (opposite of --always-force-new-domain-key)

pull/3435/head
Marco Arment 5 years ago
parent
c33e5bc40f
commit
cf83e1847a
1 changed files with 10 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      acme.sh

12
acme.sh
View File

@ -1480,7 +1480,10 @@ createDomainKey() {
_initpath "$domain" "$_cdl"
if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$_ACME_IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then
if _createkey "$_cdl" "$CERT_KEY_PATH"; then
if [ "$Le_ForceReuseDomainKey" = "1" ] ; then
_err "Cannot create new domain key because --always-force-reuse-domain-key is set"
return 1
elif _createkey "$_cdl" "$CERT_KEY_PATH"; then
_savedomainconf Le_Keylength "$_cdl"
_info "The domain key is here: $(__green $CERT_KEY_PATH)"
return 0
@ -6551,7 +6554,6 @@ Parameters:
--eab-kid <eab_key_id> Key Identifier for External Account Binding.
--eab-hmac-key <eab_hmac_key> HMAC key for External Account Binding.
These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
--cert-file <file> Path to copy the cert file to after issue/renew..
@ -6591,7 +6593,10 @@ Parameters:
--renew-hook <command> Command to be run after each successfully renewed certificate.
--deploy-hook <hookname> The hook file to deploy cert
--ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
--always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
--always-force-reuse-domain-key When renewing, always reuse the existing private key, and fail if it doesn't exist.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted.
--listen-v4 Force standalone/tls server to listen at ipv4.
--listen-v6 Force standalone/tls server to listen at ipv6.
@ -7233,6 +7238,9 @@ _process() {
shift
fi
;;
--always-force-reuse-domain-key)
Le_ForceReuseDomainKey=1
;;
--yes-I-know-dns-manual-mode-enough-go-ahead-please)
export FORCE_DNS_MANUAL=1
;;

Write Preview
Loading…
Cancel
Save