aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xletsencrypt38
1 files changed, 2 insertions, 36 deletions
diff --git a/letsencrypt b/letsencrypt
index cba4271..027afd4 100755
--- a/letsencrypt
+++ b/letsencrypt
@@ -46,48 +46,14 @@ usage() {
local msg="${1:-}"
if [ "$msg" ]; then
echo "$NAME: $msg" >&2
- echo "Try '$NAME --help' for more information." >&2
+ echo "Try '$NAME --help' or consult the manpage for more information." >&2
exit 1
fi
cat <<- EOF
Usage: $NAME [OPTIONS] new-reg ACCOUNTKEY [EMAIL ..]
or: $NAME [OPTIONS] new-cert ACCOUNTKEY --output=CERT {--csr=CSR | CSR Options }
or: $NAME [OPTIONS] revoke-cert ACCOUNTKEY CERT [CERT ..]
-
- ACCOUNTKEY is the private key file of the user's account. Generic options are:
- --genkey[=ALGO[:BITS]] For 'new-*' commands, generate key pairs (with mode 0600) if they don't
- exist already. (Default: "RSA".) RSA is the only algorithm curently supported.
- --runas=USERNAME Username to run the ACME client as. (This user doesn't need access to
- any private key material.)
- --help, -? Display this help text and exit
- --quiet, -q Be quiet
- --debug Turn on debug mode
-
- $NAME new-reg ACCOUNTKEY [EMAIL ..]
- Register a new ACCOUNTKEY; an optional list of EMAIL addresses can be supplied as contact information.
-
- $NAME new-cert ACCOUNTKEY --output=CERT --csr=FILE
- $NAME new-cert ACCOUNTKEY --output=CERT --key=FILE [--hash=ALGO] [--subject=STRING] [--san=STRING] [--keyusage=STRING]
- Request a new Certificate Issuance. The Certificate Signing Request can be supplied directly, or
- generated from the server key using options --hash, --subject, --san and --keyusage.
-
- --min-age=SECONDS Skip the issuance if the certificate specified by --output exists and its
- expiration date is more than SECONDS ahead.
- --csr=FILE Certificate Signing Request to send (alternatively, use --key to generate it)
- --key=FILE Server private key (use --genkey to generate it)
- --hash=DGST Message digest to sign the CSR with (in PEM format)
- --subject=STRING Subject name, formatted as "/type0=value0/type1=value1/type2=..." (default: "/")
- --san=STRING Comma-separated list of Subject Alternative Names formatted as "type:value"
- --keyusage=STRING Comma-separated list of Key Usages, see x509v3_config(5ssl)
- (default: "digitalSignature,keyEncipherment,keyCertSign")
- --output=FILE Where to store the issued (signed) X.509 certificate
- --chain[=FILE] Store the server certificate along with its intermediate CA in FILE; if FILE is
- empty or omitted, use the file specified with --output
- --notify=COMMAND Command to run upon success. (This option can be repeated.)
-
- $NAME revoke-cert {ACCOUNTKEY|SVRKEY} FILE [FILE ..]
- Request that the given certificate(s) FILE(s) be revoked. The first argument can be either the account
- key file or the server's private key.
+ Consult the manpage for more information.
EOF
exit 0
}