Plugins
Conceptually simple-acme works by chaining together five components also known as plugins, which can be mixed and matched to support many use cases. Using the “default settings” mode of the UI, the default for each plugin will be chosen for you. These defaults can be changed in settings.json.
In “full options” mode, you will be asked to pick each of these plugins.
From the command line you can also rely on the configured defaults or explicitly provide which one(s) you want. Check the command line reference to see how.
- A source plugin determines which domains to include in the renewal.
- An order plugin divides these domains over one or more certificates to be ordered.
- A CSR plugin determines the (type of) private key and extensions to use for the certificate(s).
- A validation plugin provides the ACME server with proof that you own the domain(s).
- One or more store plugins place the certificate(s) in a specific location and format.
- One or more installation plugins make changes to your application(s) configuration.
There are two other types of plugins that may be interesting to developers of custom solutions:
- A notification target can be used to send success or error messages to your favorite channel, instead of (or in addition to) the built in emails.
- A secret store can be used to get and set secrets like passwords and API keys from your favorite management tool, instead of (or in addition to) the built in encrypted JSON file.
Currently there are no alternative implementations for these last two interfaces available as part of this project, but we welcome contributions in these areas.
Pluggable vs. Trimmed releases
A lot of plugins are built-in, but some plugins are distributed as optional extra downloads. When using one of the extra downloads, it’s required to use the “pluggable” releases of the main program. Otherwise you may use the “trimmed” releases to save disk space and network bandwidth.
Arguments
‑‑source |
Specify which source plugin to run, bypassing the main menu and triggering unattended mode. | |
|---|---|---|
‑‑order |
Specify which order plugin to use. Single is the default. | |
‑‑csr |
Specify which CSR plugin to use. RSA is the default. | |
‑‑validation |
Specify which validation plugin to run. If none is specified, SelfHosting validation will be chosen as the default. | |
‑‑store |
Specify which store plugin to use. CertificateStore is the default. This may be a comma-separated list. | |
‑‑installation |
Specify which installation plugins to use (if any). This may be a comma-separated list. |
Settings
Source.DefaultSource |
Default source plugin. This only affects the menu in the UI.
Type: string Default: undefined (equivalent to "iis", with "manual" as backup for unprivileged users or systems without IIS.)
|
|
|---|---|---|
Order.DefaultOrder |
Default order plugin.
Type: string Default: undefined (equivalent to "single")
|
|
Csr.DefaultCsr |
Default CSR plugin.
Type: string Default: undefined (equivalent to "rsa")
|
|
Validation.DefaultValidation |
Default validation plugin.
Type: string Default: undefined (equivalent to "selfhosting", with "filesystem" as backup for unprivileged users.)
|
|
Store.DefaultStore |
Default store plugin(s).
This may be a comma separated value for multiple default store plugins. Default: undefined (equivalent to "certificatestore" on Windows and "pemfiles" on other platforms)
|
|
Installation.DefaultInstallation |
Default installation plugin(s).
This may be a comma separated value for multiple default installation plugins. Default: undefined (equivalent to "none" for most unattended usage (unless ‑‑source iis is provided) and "iis" for interactive mode)
|
Looking for win-acme?
simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.