Certbot命令行工具使用说明

用法:certbot [子命令] [选项] [-d 域名] [-d 域名] ...Certbot工具用于获取和安装 HTTPS/TLS/SSL 证书。默认情况下，Certbot会尝试为本地网页服务器
(如果不存在会默认安装一个到本地)获取并安装证书。最常用的子命令和选项如下:获取, 安装, 更新证书:(默认) run       获取并安装证书到当前网页服务器certonly        获取或更新证书，但是不安装renew           更新已经获取但快过期的所有证书-d 域名列表        指定证书对应的域名列表，域名之间使用逗号分隔--apache          使用Apache插件进行身份认证和安装--standalone      运行一个独立的网页服务器用于身份认证--nginx           使用Nginx插件进行身份认证和安装--webroot         把身份认证文件放置在服务器的网页根目录下--manual          使用交互式或脚本钩子的方式获取证书-n               非交互式运行--test-cert       从预交付服务器上获取测试证书--dry-run         测试获取或更新证书，但是不存储到本地硬盘证书管理:certificates    显示使用Certbot生成的所有证书的信息revoke          撤销证书(supply --cert-path)delete          删除证书管理你的Let's Encrypt账户register        创建Let's Encrypt ACME账户--agree-tos       同意ACME服务器的订阅协议-m EMAIL         接收有关账户的重要通知的邮箱地址可选参数:-h, --help            显示帮助信息，然后退出-c 配置文件, --config 配置文件配置文件的路径 (默认: /etc/letsencrypt/cli.ini或 ~/.config/letsencrypt/cli.ini)-v, --verbose         当前参数可以重复使用多次来增加输出信息的详细程度，例如 -vvv.(默认: -2)-n, --non-interactive, --noninteractive非交互式运行，即运行过程中不需要询问用户输入，但需要额外的命令行参数。当客户端发现参数缺失时会给出相应的说明。(默认: False)--force-interactive   无论Certbot是否以命令行的方式运行，强制交互式运行。当前参数不能用于renew子命令。(默认: False)-d 域名列表, --domains 域名列表, --domain 域名列表指定域名列表。如果有多个域名，可以多次使用-d参数，也可以在-d参数后使用逗号分隔的域名列表。(默认: 询问)--cert-name 证书名称   指定证书名称。每次Certbot运行只使用一个证书名称。可以使用命令'certbot certificates'查看已生成的证书名称。当创建新的证书时，此选项用于指定证书的名称。(默认: 无)--dry-run             使用客户端执行一次试运行，获取测试证书(无效的证书)但不保存到磁盘。当前选项仅用于'certonly'和'renew'子命令。注: 尽管 --dry-run 选项试图阻止任何对系统的修改，但并不能做到完全避免: 如果使用类似apache或nginx网页服务器来认证插件，程序运行过程中，会尝试修改或恢复配置文件来获取测试证书，也会重启网页服务器来部署和回滚这些修改。如果定义了 --pre-hook 和--post-hook 选项它们会被同时执行，这两个选项有助于更精确地模拟更新证书。--renew-hook 选项在这里不会被执行。(默认: False)--preferred-challenges PREF_CHALLSA sorted, comma delimited list of the preferredchallenge to use during authorization with the mostpreferred challenge listed first (Eg, "dns" or "tls-sni-01,http,dns"). Not all plugins support allchallenges. Seehttps://certbot.eff.org/docs/using.html#plugins fordetails. ACME Challenges are versioned, but if youpick "http" rather than "http-01", Certbot will selectthe latest version automatically. (default: [])--user-agent 用户代理设置本客户端的用户代理信息。用户代理信息用于CA机构收集关于操作系统和插件的使用成功率。如果你希望隐藏此信息，设置此选项为""。(默认: CertbotACMEClient/0.12.0 (Ubuntu 16.04.2 LTS)Authenticator/XXX Installer/YYY)自动化:用于自动运行或其他情况的参数--keep-until-expiring, --keep, --reinstall如果被请求的证书已经存在，那么不执行更新操作直到证书将要过期(如果使用了'run'子命令，无论是否过期证书都会被更新)。(默认: 询问)--expand              如果请求的证书名字是已经存在的证书名字的子集，那么这个本地证书会被重置并重命名。(默认: 询问)--version             显示程序和版本号，然后退出--force-renewal, --renew-by-default如果请求的证书已经存在，无论是否快要到期，更新该证书。(通常使用 --keep-until-expiring 选项)。该选项默认包含了 --expand 选项的功能。(默认: False)--renew-with-new-domains如果被请求的证书已经存在，但是域名变了，那么无论该证书是否将要过期都会被更新。(默认: False)--allow-subset-of-namesWhen performing domain validation, do not consider ita failure if authorizations can not be obtained for astrict subset of the requested domains. This may beuseful for allowing renewals for multiple domains tosucceed even if some domains no longer point at thissystem. This option cannot be used with --csr.(default: False)--agree-tos           同意ACME订阅协议 (默认: 询问)--duplicate           Allow making a certificate lineage that duplicates anexisting one (both can be renewed in parallel)(default: False)--os-packages-only    (仅用于 certbot-auto) 安装系统依赖包，然后停止 (默认: False)--no-self-upgrade     (仅用于 certbot-auto) 禁止 certbot-auto 脚本自动升级自己到新的发布版本 (默认: 自动升级)-q, --quiet           程序运行只输出错误信息。这个选项对于 cron 等自动化工具很有用。该选项默认包含了 --non-interactive 选项的功能。(默认: False)安全:有关安全的参数和服务器设置--rsa-key-size N      RSA密钥的大小。 (默认: 2048)--must-staple         为证书添加 OCSP Must Staple 扩展。当Apache版本高于2.3.3时，自动配置 OCSP Stapling 支持。 (默认: False)--redirect            对于新认证的虚拟主机，自动重定向HTTP到HTTPS。 (默认: 询问)--no-redirect         对于新认证的虚拟主机，不要重定向HTTP到HTTPS。 (默认: 询问)--hsts                Add the Strict-Transport-Security header to every HTTPresponse. Forcing browser to always use SSL for thedomain. Defends against SSL Stripping. (default:False)--uir                 Add the "Content-Security-Policy: upgrade-insecure-requests" header to every HTTP response. Forcing thebrowser to use https:// for every http:// resource.(default: None)--staple-ocsp         Enables OCSP Stapling. A valid OCSP response isstapled to the certificate that the server offersduring TLS. (default: None)--strict-permissions  Require that all configuration files are owned by thecurrent user; only needed if your config is somewhereunsafe like /tmp/ (default: False)测试:The following flags are meant for testing and integration purposes only.--test-cert, --stagingUse the staging server to obtain or revoke test(invalid) certs; equivalent to --server https://acme-staging.api.letsencrypt.org/directory (default: False)--debug               Show tracebacks in case of errors, and allow certbot-auto execution on experimental platforms (default:False)--no-verify-ssl       Disable verification of the ACME server's certificate.(default: False)--tls-sni-01-port TLS_SNI_01_PORTPort used during tls-sni-01 challenge. This onlyaffects the port Certbot listens on. A conforming ACMEserver will still attempt to connect on port 443.(default: 443)--http-01-port HTTP01_PORTPort used in the http-01 challenge. This only affectsthe port Certbot listens on. A conforming ACME serverwill still attempt to connect on port 80. (default:80)--break-my-certs      Be willing to replace or renew valid certs withinvalid (testing/staging) certs (default: False)路径:修改有关执行路径和服务器的参数--cert-path 证书路径Path to where cert is saved (with auth --csr),installed from, or revoked. (default: None)--key-path 密钥路径    Path to private key for cert installation orrevocation (if account key is missing) (default: None)--chain-path 钥匙链路径Accompanying path to a certificate chain. (default:None)--config-dir 配置文件目录Configuration directory. (default: /etc/letsencrypt)--work-dir 工作目录    Working directory. (default: /var/lib/letsencrypt)--logs-dir 日志目录    Logs directory. (default: /var/log/letsencrypt)--server 服务器        ACME Directory Resource URI. (default:https://acme-v01.api.letsencrypt.org/directory)管理:Various subcommands and flags are available for managing yourcertificates:certificates          List certificates managed by Certbotdelete                Clean up all files related to a certificaterenew                 Renew all certificates (or one specified with --cert-name)revoke                Revoke a certificate specified with --cert-pathupdate_symlinks       Recreate symlinks in your /etc/letsencrypt/live/directoryrun:获取和安装证书的选项certonly:修改获取证书方式的选项--csr CSR             Path to a Certificate Signing Request (CSR) in DER orPEM format. Currently --csr only works with the'certonly' subcommand. (default: None)renew:The 'renew' subcommand will attempt to renew all certificates (or moreprecisely, certificate lineages) you have previously obtained if they areclose to expiry, and print a summary of the results. By default, 'renew'will reuse the options used to create obtain or most recently successfullyrenew each certificate lineage. You can try it with `--dry-run` first. Formore fine-grained control, you can renew individual lineages with the`certonly` subcommand. Hooks are available to run commands before andafter renewal; see https://certbot.eff.org/docs/using.html#renewal formore information on these.--pre-hook PRE_HOOK   Command to be run in a shell before obtaining anycertificates. Intended primarily for renewal, where itcan be used to temporarily shut down a webserver thatmight conflict with the standalone plugin. This willonly be called if a certificate is actually to beobtained/renewed. When renewing several certificatesthat have identical pre-hooks, only the first will beexecuted. (default: None)--post-hook POST_HOOKCommand to be run in a shell after attempting toobtain/renew certificates. Can be used to deployrenewed certificates, or to restart any servers thatwere stopped by --pre-hook. This is only run if anattempt was made to obtain/renew a certificate. Ifmultiple renewed certificates have identical post-hooks, only one will be run. (default: None)--renew-hook RENEW_HOOKCommand to be run in a shell once for eachsuccessfully renewed certificate. For this command,the shell variable $RENEWED_LINEAGE will point to theconfig live subdirectory containing the new certs andkeys; the shell variable $RENEWED_DOMAINS will containa space-delimited list of renewed cert domains(default: None)--disable-hook-validationOrdinarily the commands specified for --pre-hook/--post-hook/--renew-hook will be checked forvalidity, to see if the programs being run are in the$PATH, so that mistakes can be caught early, even whenthe hooks aren't being run just yet. The validation israther simplistic and fails if you use more advancedshell constructs, so you can use this switch todisable it. (default: False)certificates:列出由Certbot管理的所有证书信息delete:用于删除证书的选项revoke:用于撤销证书的选项--reason {keycompromise,affiliationchanged,superseded,unspecified,cessationofoperation}Specify reason for revoking certificate. (default: 0)register:用于账户注册和更新的选项--register-unsafely-without-emailSpecifying this flag enables registering an accountwith no email address. This is strongly discouraged,because in the event of key loss or account compromiseyou will irrevocably lose access to your account. Youwill also be unable to receive notice about impendingexpiration or revocation of your certificates. Updatesto the Subscriber Agreement will still affect you, andwill be effective 14 days after posting an update tothe web site. (default: False)--update-registrationWith the register verb, indicates that detailsassociated with an existing registration, such as thee-mail address, should be updated, rather thanregistering a new account. (default: False)-m EMAIL, --email EMAILEmail used for registration and recovery contact.(default: Ask)--eff-email           Share your e-mail address with EFF (default: None)--no-eff-email        Don't share your e-mail address with EFF (default:None)unregister:用于注销账户的选项--account 账户ID       需要注销的账户ID (默认: 无)install:用于修改证书部署路径的选项--fullchain-path 完整钥匙链的路径Accompanying path to a full certificate chain (certplus chain). (default: None)config_changes:Options for controlling which changes are displayed--num NUM             How many past revisions you want to be displayed(default: None)rollback:Options for rolling back server configuration changes--checkpoints N       Revert configuration N number of checkpoints.(default: 1)plugins:Options for for the "plugins" subcommand--init                Initialize plugins. (default: False)--prepare             Initialize and prepare plugins. (default: False)--authenticators      Limit to authenticator plugins only. (default: None)--installers          Limit to installer plugins only. (default: None)update_symlinks:Recreates cert and key symlinks in /etc/letsencrypt/live, if you changedthem by hand or edited a renewal configuration fileplugins:Plugin Selection: Certbot client supports an extensible pluginsarchitecture. See 'certbot plugins' for a list of all installed pluginsand their names. You can force a particular plugin by setting optionsprovided below. Running --help <plugin_name> will list flags specific tothat plugin.--configurator CONFIGURATORName of the plugin that is both an authenticator andan installer. Should not be used together with--authenticator or --installer. (default: Ask)-a AUTHENTICATOR, --authenticator AUTHENTICATORAuthenticator plugin name. (default: None)-i INSTALLER, --installer INSTALLERInstaller plugin name (also used to find domains).(default: None)--apache              Obtain and install certs using Apache (default: False)--nginx               Obtain and install certs using Nginx (default: False)--standalone          运行一个独立的网页服务器用于获取证书。(默认: False)--manual              Provide laborious manual instructions for obtaining acert (default: False)--webroot             把身份认证文件放置在服务器的网页根目录下用于获取证书。(默认: False)nginx:Nginx网页服务器插件 - Alpha版本--nginx-server-root NGINX_SERVER_ROOTNginx server root directory. (default: /etc/nginx)--nginx-ctl NGINX_CTLPath to the 'nginx' binary, used for 'configtest' andretrieving nginx version number. (default: nginx)standalone:启动一个临时的网页服务器manual:Authenticate through manual configuration or custom shell scripts. Whenusing shell scripts, an authenticator script must be provided. Theenvironment variables available to this script are $CERTBOT_DOMAIN whichcontains the domain being authenticated, $CERTBOT_VALIDATION which is thevalidation string, and $CERTBOT_TOKEN which is the filename of theresource requested when performing an HTTP-01 challenge. An additionalcleanup script can also be provided and can use the additional variable$CERTBOT_AUTH_OUTPUT which contains the stdout output from the authscript.--manual-auth-hook MANUAL_AUTH_HOOKPath or command to execute for the authenticationscript (default: None)--manual-cleanup-hook MANUAL_CLEANUP_HOOKPath or command to execute for the cleanup script(default: None)--manual-public-ip-logging-okAutomatically allows public IP logging (default: Ask)webroot:Place files in webroot directory--webroot-path WEBROOT_PATH, -w WEBROOT_PATHpublic_html / webroot path. This can be specifiedmultiple times to handle different domains; eachdomain will have the webroot path that preceded it.For instance: `-w /var/www/example -d example.com -dwww.example.com -w /var/www/thing -d thing.net -dm.thing.net` (default: Ask)--webroot-map WEBROOT_MAPJSON dictionary mapping domains to webroot paths; thisimplies -d for each entry. You may need to escape thisfrom your shell. E.g.: --webroot-map'{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}'This option is merged with, but takes precedence over,-w / -d entries. At present, if you put webroot-map ina config file, it needs to be on a single line, like:webroot-map = {"example.com":"/var/www"}. (default:{})apache:Apache网页服务器插件 - Beta版本--apache-enmod APACHE_ENMODPath to the Apache 'a2enmod' binary. (default:a2enmod)--apache-dismod APACHE_DISMODPath to the Apache 'a2dismod' binary. (default:a2dismod)--apache-le-vhost-ext APACHE_LE_VHOST_EXTSSL vhost configuration extension. (default: -le-ssl.conf)--apache-server-root APACHE_SERVER_ROOTApache server root directory. (default: /etc/apache2)--apache-vhost-root APACHE_VHOST_ROOTApache server VirtualHost configuration root (default:/etc/apache2/sites-available)--apache-logs-root APACHE_LOGS_ROOTApache server logs directory (default:/var/log/apache2)--apache-challenge-location APACHE_CHALLENGE_LOCATIONDirectory path for challenge configuration. (default:/etc/apache2)--apache-handle-modules APACHE_HANDLE_MODULESLet installer handle enabling required modules foryou.(Only Ubuntu/Debian currently) (default: True)--apache-handle-sites APACHE_HANDLE_SITESLet installer handle enabling sites for you.(OnlyUbuntu/Debian currently) (default: True)null:Null Installer

Certbot命令行工具使用说明相关推荐

TaxonKit：小巧、高效、实用的NCBI分类学数据命令行工具
TaxonKit: 小巧.高效.实用的NCBI分类学数据命令行工具集宏基因组按:NCBI物种分类注释信息格式复杂,存在层级不整齐.缺失.名称变动等问题,在使用中存在一定困难.最近发现了一款分类信息查 ...
一些.net命令行工具的使用
首先用文本编辑器写一个helloworld程序,存为hello.cs using System;namespace HelloWorld {class Program{/// <summary& ...
Jenkins CLI命令行工具，助你轻松管理 Jenkins
Jenkins CLI,简称 jcli,一个使用 Golang 开发的开源的 Jenkins 命令行工具.它可以帮忙你轻松地管理 Jenkins.无论你是 Jenkins 插件开发者,还是 Jenki ...
通过命令行工具使用阿里云资源编排服务
资源编排ROS 是一种简单易用的云计算资源管理和自动化运维服务.用户通过模板描述多个云计算资源的依赖关系.配置等,并自动完成所有资源的创建和配置,以达到自动化部署.运维等目的. 了解更多通过命令行工 ...
mp4 转 mp3 命令行工具（超快）
ffmpeg 工具最近想要提取视频中的音频,搜了一下,用视频播放软件的方法基本上都要把视频放一遍,然后是录制声音.很明显很low. 找了一下,有一个命令行工具特别好用,-- f f m p e g ...
NetworkManager的命令行工具nmcli
在CentOS 7中同时支持network.service和NetworkManager.service(简称NM)2种方式配置网络, 而在CentOS 8中已经废弃network.service,必 ...
pomelo html5,Pomelo命令行工具使用
概述命令行工具pomelo是Pomelo框架提供的一个小工具,该工具能够帮助开发者更便捷.更有效率地进行应用开发.该工具包括的命令支持绝大多数的应用开发操作,包括创建初始项目.启动应用.停止应用.关 ...
python3命令需要使用命令行开发者工具_3 个 Python 命令行工具
用 Click.Docopt 和 Fire 库写你自己的命令行应用. 有时对于某项工作来说一个命令行工具就足以胜任.命令行工具是一种从你的 shell 或者终端之类的地方交互或运行的程序.Git 和 ...
go Cobra命令行工具入门
简介 Github:https://github.com/spf13/cobra Star:26.5K Cobra是一个用Go语言实现的命令行工具.并且现在正在被很多项目使用,例如:Kubernete ...

Certbot命令行工具使用说明

Certbot命令行工具使用说明相关推荐

最新文章

热门文章