Certificate Settings¶
Certificate entries have the following settings:
- Name:
A short name for the certificate
- Description:
A longer string describing the certificate
- Status:
Whether or not this entry is active
- Active:
This entry will be processed manually and by the Cron job (General Settings)
- Disabled:
This entry will be ignored
- Acme Account:
The account key ACME will use when requesting the certificate (see Generate an Account Key)
- Private Key:
The key length of the private key for this certificate. May be either RSA or ECDSA in several pre-defined sizes. Select Custom to manually enter a private key generated elsewhere
2048-bit RSA is an acceptable default choice, but larger keys are more secure
- OCSP Must Staple:
When set, ACME will configure the certificate request for OCSP Stapling
Warning
Do not enable this option unless all consumers of the certificate support OCSP Stapling.
- Domain SAN List:
A list of all domain names which will be included in this certificate as Subject Alternative Name (SAN) entries.
Note
A certificate can contain up to 100 SAN entries, and they can use the same or different update methods. Each SAN must be individually validated by Let’s Encrypt before a certificate will be issued.
- Mode:
Whether or not this SAN is active in the certificate
- Domain Name:
The domain name for a SAN entry in this certificate (e.g.
www.example.com
)- Method:
The method used by ACME to validate ownership of this domain. Method settings are described in (Validation Methods)
Click Add for additional SAN entries
DNS Providers also have some common settings which appear for all types:
- DNS Alias:
An alternative domain name used by the validation process. Instead of updating the DNS record for Domain Name directly, the package uses this domain name is used instead. See DNS Alias Mode for details.
- DNS Alias Mode:
When set, controls whether or not the DNS alias mode used is Challenge Alias (Unchecked, Default) or Domain Alias (Checked). See DNS Alias Mode for details.
- DNS-Sleep:
The amount of time the ACME validation process will wait after making DNS changes before attempting to validate. Some DNS services take a few minutes to propagate entries after making backend changes.
The default settings are typically sufficient, but slower providers may require a longer sleep time.
- Actions List:
Commands to run after the package renews a certificate.
- Mode:
Whether or not this action is active
- Command:
Full path to command and arguments, service name, or name of script
- Method:
Defines how the Command is executed by the package
- Shell Command:
The Command is a full path to a shell command and its arguments
- PHP Command Script:
The Command value is run as PHP code
- Restart Local Service:
The name of a local service to restart
- Restart Remote Service:
The name of a remote service to restart via XMLRPC. This utilizes the system XMLRPC sync configuration
The GUI includes several examples of common actions
- Certificate Renewal After:
When the package will attempt a renewal for the certificate. Default is
60
days (2 months). Certificates are valid for a maximum of90
days.