From 9ea14d2e2b9709ac260bcbfd0a39bf4587e0e2f7 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Wed, 14 Mar 2018 08:48:40 -0700 Subject: [PATCH] Add docs about --server (#5713) * Add docs about --server * address review comments * mention server in Docker docs * correct server URL * Use prod ACMEv2 example --- docs/install.rst | 7 +++++-- docs/using.rst | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/docs/install.rst b/docs/install.rst index 07af41fbd..67889d8f7 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -142,8 +142,11 @@ validation over DNS for popular providers. To use one, just replace want to use. For example, to use Certbot's plugin for Amazon Route 53, you'd use ``certbot/dns-route53``. You may also need to add flags to Certbot and/or mount additional directories to provide access to your -DNS API credentials. See the :ref:`DNS plugin documentation -` for more info. +DNS API credentials as specified in the :ref:`DNS plugin documentation +`. If you would like to obtain a wildcard certificate from +Let's Encrypt's ACMEv2 server, you'll need to include ``--server +https://acme-v02.api.letsencrypt.org/directory`` on the command line as +well. For more information about the layout of the ``/etc/letsencrypt`` directory, see :ref:`where-certs`. diff --git a/docs/using.rst b/docs/using.rst index f26ec2563..a40532998 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -837,6 +837,27 @@ Example usage for DNS-01 (Cloudflare API v4) (for example purposes only, do not .. _lock-files: +Changing the ACME Server +======================== + +By default, Certbot uses Let's Encrypt's initial production server at +https://acme-v01.api.letsencrypt.org/. You can tell Certbot to use a +different CA by providing ``--server`` on the command line or in a +:ref:`configuration file ` with the URL of the server's +ACME directory. For example, if you would like to use Let's Encrypt's +new ACMEv2 server, you would add ``--server +https://acme-v02.api.letsencrypt.org/directory`` to the command line. +Certbot will automatically select which version of the ACME protocol to +use based on the contents served at the provided URL. + +If you use ``--server`` to specify an ACME CA that implements a newer +version of the spec, you may be able to obtain a certificate for a +wildcard domain. Some CAs (such as Let's Encrypt) require that domain +validation for wildcard domains must be done through modifications to +DNS records which means that the dns-01_ challenge type must be used. To +see a list of Certbot plugins that support this challenge type and how +to use them, see plugins_. + Lock Files ==========