PEM files
Create PEM encoded files (for Apache, nginx, etc.)
Plugin type | Store | |
---|---|---|
Download | Built-in | |
Compatibility | All platforms |
Description
Designed for Apache, nginx and other web servers.
Exports a .pem
file for the certificate and private key and places them a folder of your choice.
Files created are:
{name}-crt.pem
(certificate){name}-key.pem
(private key){name}-chain.pem
(certificate plus chain){name}-chain-only.pem
(chain without certificate)
By default {name}
will be the common name of the certificate (i.e. the primary host
name), but this may be overruled. If you choose to have the -key.pem
file password
protected, you should make sure that the software you intend to consume the key with
supports this as well.
Command line
--store pemfiles |
Activates the plugin | |
---|---|---|
‑‑pemfilespath |
.pem files are exported to this folder. | |
‑‑pemfilesname |
Prefix to use for the .pem files, defaults to the common name. | |
‑‑pempassword |
Password to set for the private key .pem file.
You may pass the secret in plain text, but can also use a reference to the secret vault like |
Examples
Typical | --store pemfiles [‑‑pemfilespath C:\Certificates\] [‑‑pempassword ******] [‑‑pemfilesname mycert] |
---|
JSON
ID | e57c70e4-cd60-4ba6-80f6-a41703e21031 |
---|
Settings
Store.PemFiles.DefaultPath |
When using the PEM files plugin this path is used by default, saving you the effort of providing it manually. Filling this out makes the ‑‑pemfilespath parameter unnecessary in most cases. Renewals created with the default path will automatically change to any future default value, meaning this is also a good practice for maintainability.
Paths should be JSON-encoded, e.g. Default: undefined |
|
---|---|---|
Store.PemFiles.DefaultPassword |
When using the PEM files plugin this password is used by default for the .pem files, saving you the effort from providing it manually. Filling this out makes the ‑‑pempassword parameter unnecessary in most cases. Renewals created with the default password will automatically change to any future default value, meaning this is also a good practice for maintainability.
You don't have store a literal password here, but may also place a reference to the secret vault like Default: undefined |
Looking for win-acme?
simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.