PEM files

Create PEM encoded files (for Apache, nginx, etc.)

Plugin type Store
Download Built-in
Compatibility All platforms

Description

Designed for Apache, nginx and other web servers. Exports a .pem file for the certificate and private key and places them a folder of your choice.

Files created are:

  • {name}-crt.pem (certificate)
  • {name}-key.pem (private key)
  • {name}-chain.pem (certificate plus chain)
  • {name}-chain-only.pem (chain without certificate)

By default {name} will be the common name of the certificate (i.e. the primary host name), but this may be overruled. If you choose to have the -key.pem file password protected, you should make sure that the software you intend to consume the key with supports this as well.

Command line

--store pemfiles Activates the plugin
‑‑pemfilespath .pem files are exported to this folder.
‑‑pemfilesname Prefix to use for the .pem files, defaults to the common name.
‑‑pempassword Password to set for the private key .pem file.

You may pass the secret in plain text, but can also use a reference to the secret vault like "vault://json/mysecret".

Examples

Typical --store pemfiles [‑‑pemfilespath C:\Certificates\] [‑‑pempassword ******] [‑‑pemfilesname mycert]

JSON

ID e57c70e4-cd60-4ba6-80f6-a41703e21031

Settings

Store.PemFiles.DefaultPath When using the PEM files plugin this path is used by default, saving you the effort of providing it manually. Filling this out makes the ‑‑pemfilespath parameter unnecessary in most cases. Renewals created with the default path will automatically change to any future default value, meaning this is also a good practice for maintainability.

Paths should be JSON-encoded, e.g. "C:\\" (note the double backslash).

Type: string
Default: undefined
Store.PemFiles.DefaultPassword When using the PEM files plugin this password is used by default for the .pem files, saving you the effort from providing it manually. Filling this out makes the ‑‑pempassword parameter unnecessary in most cases. Renewals created with the default password will automatically change to any future default value, meaning this is also a good practice for maintainability.

You don't have store a literal password here, but may also place a reference to the secret vault like "vault://json/mysecret".

Type: string
Default: undefined

Looking for win-acme?

simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.