Search
varnish-controller7    cli    vcli    vcli_certificates
Varnish Controller 7 Changelog Version 7 Known Issues Upgrading Migrate Installation Previous Versions Versioning License Features System Overview Demo Concepts Agent Maintenance File Router Traffic Router Health VCL RoutingRules Git Tag Files Domain Certificates Roles VCLGroup Rolling Upgrades ACME API Logs Private/Shared Config/ConfigSets Authentication System Admin Regular Users Identity Provider Multi-Factor Authentication Impersonation Sessions Examples Authorization Organization Account Permission Examples CLI CLI Examples CLI Manual User Interface API API examples Invalidations Integrations Monitoring Varnish Statistics Installation Quickstart NATS PostgreSQL Brainz API-GW Agents Routers Containers Identity Provider VCLI Graphical User Interface Mapped Ports Routing Plugins gRPC Troubleshooting Examples Deploying VCL files Change a VCL file Purging multiple paths Banning paths Using Labels Certificates HTTP Routing Routing Decisions Score-based Routing Private Agents Multiple Regions OIDC - Microsoft Entra (Azure AD) Drain Traffic Config/ConfigSet Maintenance File Organizations Controller-UI security settings

vcli certificates

Handle certificates

Synopsis

Handle TLS certificates, such as listing, add, delete or update.

Examples:

vcli certificate list
vcli certificate ls -f id=1
vcli certificate ls -f name="MyCertificate*"
vcli certificate delete 1
vcli certificate inspect 1

# Certificate type database
vcli certificate database add mycert --cert /path/to/concatenated.pem --all-sans
vcli certificate database add mycert --cert /path/to/certificate.pem --key /path/to/private-key.pem
vcli certificate database update 1 --name newname
vcli certificate database update 1 --cert /path/to/concatenated.pem
vcli certificate database update 1 --cert /path/to/certificate.pem --key /path/to/private-key.pem --all-sans

# Certificate type disk
vcli certificate disk add mycert --cert /path/on/server/to/concatenated.pem
vcli certificate disk add mycert --cert /path/on/server/to/certificate.pem --key /path/on/server/to/private-key.pem
vcli certificate disk update 1 --name newname
vcli certificate disk update 1 --cert /path/on/server/to/certificate.pem --key /path/on/server/to/private-key.pem

# Certificate type ACME
vcli certificate acme add mycert --account <acme-account-id> --fqdn <fqdn-for-cert-generation> --fqdn <second-fqdn> --http
vcli certificate acme add mycert --account 1 --fqdn *.example.com --dns
vcli certificate acme update 1 --name newname
vcli certificate acme update 1 --http --dns
vcli certificate acme retry 1
vcli certificate acme revoke 1 --reason 0

Options for certificate storage:

disk: Only the paths to the certificate and/or private key are stored in the database.

database: The certificate and private key are stored in the database and distributed to the Varnish servers upon deployment. The certificate can’t be read after it has been stored.

acme: The certificate is automatically created and renewed via the ACME protocol. After it has been created it is handled like a database certificate type.

Options

  -h, --help   help for certificates

Options inherited from parent commands

  -c, --config string   configuration file for the CLI (default ~/.vcli.yml)
                        Could also be set via VARNISH_CONTROLLER_CLI_CONFIG=/path/to/config.yml
      --csv             Output the response table as CSV format.
  -j, --json            Output the response table as JSON format.

SEE ALSO

Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart
Packages
Docker
Varnish Otel
News
Workspace overflow in HTTP/1 lingering sessions
Varnish Controller 7.5.0
Varnish Otel 2.4.0
Denial Of Service in shared VCL deployments
Workspace overflow in HTTP/2 sessions
News archive
Cookie Settings Privacy Policy Contact Us Press Branding
®Varnish Software, Wallingatan 12, 111 60 Stockholm, Organization nr. 556805-6203