PEM files

Create PEM encoded files (for Apache, nginx, etc.)

Plugin type	Store
Download	Built-in
Compatibility	All platforms

Description

Designed for Apache, nginx and other web servers. Exports a .pem file for the certificate and private key and places them a folder of your choice.

Files created are:

{name}-crt.pem (certificate)
{name}-key.pem (private key)
{name}-chain.pem (certificate plus chain)
{name}-chain-only.pem (chain without certificate)

By default {name} will be the common name of the certificate (i.e. the primary host name), but this may be overruled. If you choose to have the -key.pem file password protected, you should make sure that the software you intend to consume the key with supports this as well.

Command line

`--store pemfiles`	Activates the plugin
`‑‑pemfilespath`	.pem files are exported to this folder.
`‑‑pemfilesname`	Prefix to use for the .pem files, defaults to the common name.
`‑‑pempassword`	Password to set for the private key .pem file. You may pass the secret in plain text, but can also use a reference to the secret vault like `"vault://json/mysecret"`.

Examples

Typical	`--store pemfiles [‑‑pemfilespath C:\Certificates\] [‑‑pempassword ******] [‑‑pemfilesname mycert]`

Settings

`Store.PemFiles.DefaultPath`	When using the PemFiles plugin this path is used by default, saving you the effort of providing it manually. Filling this out makes the `‑‑pemfilespath` parameter unnecessary in most cases. Renewals created with the default path will automatically change to any future default value, meaning this is also a good practice for maintainability. Paths should be JSON-encoded, e.g. `"C:\\"` (note the double backslash). Type: string Default: undefined
`Store.PemFiles.DefaultPassword`	When using the PemFiles plugin this password is used by default for the `.pem` files, saving you the effort from providing it manually. Filling this out makes the `‑‑pempassword` parameter unnecessary in most cases. Renewals created with the default password will automatically change to any future default value, meaning this is also a good practice for maintainability. You don't have store a literal password here, but may also place a reference to the secret vault like `"vault://json/mysecret"`. Type: string Default: undefined

JSON

ID	`e57c70e4-cd60-4ba6-80f6-a41703e21031`

Settings

`Store.PemFiles.DefaultPath`	When using the PemFiles plugin this path is used by default, saving you the effort of providing it manually. Filling this out makes the `‑‑pemfilespath` parameter unnecessary in most cases. Renewals created with the default path will automatically change to any future default value, meaning this is also a good practice for maintainability. Paths should be JSON-encoded, e.g. `"C:\\"` (note the double backslash). Type: string Default: undefined
`Store.PemFiles.DefaultPassword`	When using the PemFiles plugin this password is used by default for the `.pem` files, saving you the effort from providing it manually. Filling this out makes the `‑‑pempassword` parameter unnecessary in most cases. Renewals created with the default password will automatically change to any future default value, meaning this is also a good practice for maintainability. You don't have store a literal password here, but may also place a reference to the secret vault like `"vault://json/mysecret"`. Type: string Default: undefined

Looking for win-acme?

simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.