SearchHandle certificates
Handle TLS certificates, such as listing, add, delete or update.
Examples:
certificate list
certificate ls -f id=1
certificate ls -f name="MyCertificate*"
certificate delete 1
certificate inspect 1
# Certificate type database
certificate database add mycert --cert /path/to/concatenated.pem --all-sans
certificate database add mycert --cert /path/to/certificate.pem --key /path/to/private-key.pem
certificate database update 1 --name newname
certificate database update 1 --cert /path/to/concatenated.pem
certificate database update 1 --cert /path/to/certificate.pem --key /path/to/private-key.pem --all-sans
# Certificate type disk
certificate disk add mycert --cert /path/on/server/to/concatenated.pem
certificate disk add mycert --cert /path/on/server/to/certificate.pem --key /path/on/server/to/private-key.pem
certificate disk update 1 --name newname
certificate disk update 1 --cert /path/on/server/to/certificate.pem --key /path/on/server/to/private-key.pem
# Certificate type ACME
certificate acme add mycert --account <acme-account-id> --fqdn <fqdn-for-cert-generation> --fqdn <second-fqdn> --http
certificate acme add mycert --account 1 --fqdn *.example.com --dns
certificate acme update 1 --name newname
certificate acme update 1 --http --dns
certificate acme retry 1
Options for certificate storage:
disk:
Only the paths to the certificate and/or private key are stored in
the database.
database:
The certificate and private key are stored in the database and distributed
to the Varnish servers upon deployment. The certificate can't be read after
it has been stored.
acme:
The certificate is automatically created and renewed via the ACME protocol.
After it has been created it is handled like a database certificate type.
-h, --help help for certificates
-c, --config string configuration file for the CLI (default ~/.vcli.yml)
Could also be set via VARNISH_CONTROLLER_CLI_CONFIG=/path/to/config.yml
--csv Output the response table as CSV format.
-j, --json Output the response table as JSON format.