-
Notifications
You must be signed in to change notification settings - Fork 39
Example commands for acme clients
grindsa edited this page Aug 16, 2020
·
2 revisions
root@rlh:~# acme.sh --server http://<server address> --register-account --accountemail <email address> --debug 2 --output-insecure
root@rlh:~# acme.sh --server http://<server address> --deactivate-account --debug 2 --output-insecure
root@rlh:~# acme.sh --server http://<server address> --issue -d acme-1.example.com -d acme-2.example.com --standalone --debug 2 --output-insecure --force
acme.sh --server http://<server address> --revoke -d acme-1.example.com -d acme-2.example.com --debug 2 --output-insecure
root@rlh:~# certbot-auto register --agree-tos -m <email address> --server http://<server address> --no-eff-email
root@rlh:~# rm -rf /etc/letsencrypt/accounts/*
root@rlh:~# certbot-auto certonly --server http://<server address> --standalone --preferred-challenges http -d certbot-1.example.com -d certbot-2.example.com --cert-name certbot-test
certbot-auto revoke --server http://<server address> --cert-name certbot-test
IMPORTANT: by default a CSR generated by certbot does not contain any subject name. Such CSR will be refused by enterprise CA servers. For mitigation you need to create a CA policy setting a subject name. Example CA policy for Insta Certifier
lego -s http://<server address> -a --email <email address> -d lego-1.bar.local -d lego-2.bar.local --http run
lego -s http://<server address> -a --email <email address> -d lego-1.bar.local revoke
root@rlh:~# acmeshell -directory http://<server address> -postAsGet=true
root@rlh:~# newAccount [email protected],
root@rlh:~# newOrder -identifiers=foo.bar
root@rlh:~# getOrder -order 0
root@rlh:~# getAuthz -order=0 -identifier=foo.bar
root@rlh:~# getChall -order=0 -identifier=foo.bar -type=http-01
root@rlh:~# solve -order=0 -identifier=foo.bar -challengeType=http-01
root@rlh:~# poll -order=0
root@rlh:~# finalize -order=0
root@rlh:~# poll -order=0 -status=valid
root@rlh:~# getCert -order=0