diff --git a/certbot/cli.py b/certbot/cli.py index 4d91a1904..5fbafa51e 100644 --- a/certbot/cli.py +++ b/certbot/cli.py @@ -852,9 +852,11 @@ def prepare_and_parse_args(plugins, args, detect_defaults=False): # pylint: dis dest="pref_challs", action=_PrefChallAction, default=[], help="A sorted, comma delimited list of the preferred challenge to " "use during authorization with the most preferred challenge " - 'listed first. Eg, "dns-01" or "tls-sni-01,http-01,dns-01").' + 'listed first. Eg, "dns" or "tls-sni-01,http,dns").' ' Not all plugins support all challenges. See ' - 'https://certbot.eff.org/docs/using.html#plugins for details.') + 'https://certbot.eff.org/docs/using.html#plugins for details.' + ' Challenges are versioned, but if you pick "http" rather than' + ' "http-01", Certbot will select the latest version automatically.' ) helpful.add( "renew", "--pre-hook", help="Command to be run in a shell before obtaining any certificates." @@ -1048,7 +1050,9 @@ class _PrefChallAction(argparse.Action): """Action class for parsing preferred challenges.""" def __call__(self, parser, namespace, pref_challs, option_string=None): + aliases = {"dns": "dns-01", "http": "http-01", "tls-sni": "tls-sni-01"} challs = [c.strip() for c in pref_challs.split(",")] + challs = [aliases[c] if c in aliases else c for c in challs] unrecognized = ", ".join(name for name in challs if name not in challenges.Challenge.TYPES) if unrecognized: diff --git a/docs/using.rst b/docs/using.rst index 8e9524634..18dca071a 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -281,16 +281,17 @@ manual_ Y N | Helps you obtain a cert by giving you instructions to pe nginx_ Y Y | Very experimental and not included in certbot-auto_. tls-sni-01_ (443) =========== ==== ==== =============================================================== ============================= -Under the hood, plugins use one of several "Challenge Types" to prove you control a domain. -The options are http-01_ (which uses port 80), tls-sni-01_ (port 443) and dns-01_ -(requring configuration of a DNS server on port 53, thought that's often not -the same machine as your webserver). A few plugins support more than one -challenge type, in which case you can choose one with -``--preferred-challenges``. +Under the hood, plugins use one of several ACME protocol "Challenges_" to +prove you control a domain. The options are http-01_ (which uses port 80), +tls-sni-01_ (port 443) and dns-01_ (requring configuration of a DNS server on +port 53, thought that's often not the same machine as your webserver). A few +plugins support more than one challenge type, in which case you can choose one +with ``--preferred-challenges``. There are also many third-party-plugins_ available. Below we describe in more detail the circumstances in which each plugin can be used, and how to use it. +.. _Challenges: https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7 .. _tls-sni-01: https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7.3 .. _http-01: https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7.2 .. _dns-01: https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7.4