-
-
Notifications
You must be signed in to change notification settings - Fork 5.4k
Profile selection
Starting with recent CA developments, some Certificate Authorities (CAs) now support issuing certificates under different profiles.
These profiles may differ in terms of validation rules, supported features, or certificate lifetime.
For example, Let’s Encrypt provides multiple certificate profiles that define validity periods and capabilities.
You can select the certificate profile during issuance with the --cert-profile parameter:
acme.sh --issue -d example.com --cert-profile <profile-name>
acme.sh --issue --server letsencrypt -d example.com -w /home/username/public_html --cert-profile tlsserver
This will request a certificate using Let’s Encrypt’s tlsserver profile.
Some profiles may reduce the validity period of the certificate (e.g. 160 hours lifetimes instead of 90 days).
When using such profiles, you should also set the --days parameter to ensure that acme.sh renews the certificate early enough:
acme.sh --issue --server letsencrypt -d 203.0.113.195 -w /home/username/public_html --certificate-profile shortlived --days 6
- The available profile names depend on the selected CA.
- If you do not specify
--cert-profile, the default profile is used. - Always check your CA’s documentation for supported profile names and their characteristics.
Buy me a beer, Donate to acme.sh if it saves your time. Your donation makes acme.sh better: https://donate.acme.sh/
如果 acme.sh 帮你节省了时间,请考虑赏我一杯啤酒🍺, 捐助: https://donate.acme.sh/ 你的支持将会使得 acme.sh 越来越好. 感谢