-
Notifications
You must be signed in to change notification settings - Fork 8
Configuration file reference
The autoacme.exe and aasync.exe utilities will use file autoacme.json in the same folder unless specified otherwise with the /cfg:filename switch. This file contains both the configuration and database of managed hosts.
The file is usually created with autoacme initcfg command, which will guide you trough the process and set most of the values. Some options could be set only by editing the file though.
{
"EmailAddress": "[email protected]",
"SelfHostChallenge": false,
"SelfHostUrlPrefix": "http://+:80/Temporary_Listen_Addresses/AutoACME/",
"ChallengeFolder": "C:\\InetPub\\wwwroot\\AutoACME",
"PfxFolder": "C:\\CertStore\\PFX",
"PfxPassword": "topsecret",
"PemFolder": null,
"ServerUriV2": "https://acme-v02.api.letsencrypt.org/directory",
"ChallengeVerificationRetryCount": 10,
"ChallengeVerificationWaitSeconds": 5,
"RenewDaysBeforeExpiration": 30,
"PurgeDaysAfterExpiration": 30,
"AutoSaveConfigBackup": true,
"Hosts": [
{
"CommonName": "www.example.com",
"SerialNumber": "031E9C90C5205CE217A5E78AFC8A091562E9",
"Thumbprint": "7D2929188562565F7887E50C634759A0E5939C62",
"NotBefore": "2017-01-15T18:12:00+01:00",
"NotAfter": "2017-04-15T19:12:00+02:00"
},
{
"CommonName": "www.example.org",
"SerialNumber": "033324C4F7E46E89C6BC2680D17C884752A6",
"Thumbprint": "F79BAB02A73A0F8E7078383E256AD46A64AFC3F7",
"NotBefore": "2017-01-17T14:50:00+01:00",
"NotAfter": "2017-04-17T15:50:00+02:00"
}
]
}E-mail address used for communication with the certificate authority. Is used by CA for notification about certificate expiration etc.
The self-hosted mode controls whether the application shall temporarily act as HTTP server to host the challenge without writing a challenge file to disk. This mode does not require IIS to serve the challenge files.
When in self-hosted mode, this determines the URL to be used for the local HTTP server. To work correctly, the URL reservation needs to be registered appropriately (see add-urlacl for details).
By default, a URL below the default WCF URL is used so that no additional reservation is required on a default .NET install.
Folder where the challenge files are supposed to be placed when not running in self-hosted mode. Default C:\InetPub\wwwroot\AutoACME.
Please note: when writing JSON, the backslashes are to be doubled for escaping, ie. C:\\InetPub\\wwwroot\\AutoACME.
Folder where the resulting PFX files are stored. Default C:\CertStore\PFX. If set to null, no PFX files are generated. Typically, IIS Centralized Certificate Store is pointed to this folder.
Please note: when writing JSON, the backslashes are to be doubled for escaping, ie. C:\\CertStore\\PFX.
Password for additional protection of PFX files. Do not use valuable password here, as it's stored in plain text.
Folder where the resulting CRT and PEM files are stored, ie. C:\CertStore\PEM. If set to null, no CRT and PEM files are generated. Option to create CRT and PEM files is intended for server software without PFX support.
Please note: when writing JSON, the backslashes are to be doubled for escaping, ie. C:\\CertStore\\PEM.
The URI of the ACME server directory. Default is https://acme-v02.api.letsencrypt.org/directory, which is Let's Encrypt production endpoint.
Number of retries when asking for challenge verification. Default is 10.
Number of seconds to wait between the challenge verification attempts. Default is 5 seconds.
Number of days before expiration when certificates are going to be renewed. Default is 30 days.
Number of days after expiration when unrenewed certificates are deleted. Default is 30 days.
When set to true (default), old version of configuration file is saved with .old suffix (ie. autoacme.json.old).
You are not supposed to edit this part of file manually. It contains list of hosts managed by AutoACME. The hosts have the following properties:
-
CommonName- the common name (hostname) of certificate. -
SerialNumber- the certificate serial Number. -
Thumbprint- SHA-1 thumbprint of the certificate. -
NotBeforeandNotAfter- certificate validity periods.
Values stored in this collection are used to determine when the certificate should be renewed.