• Command line arguments
• Settings.json
• Plugins
  • Source
    • IIS
    • Manual
    • CSR
  • Validation
    • HTTP validation
      • Self-hosting
      • Filesystem
      • FTP(S)
      • SFTP
      • WebDav
      • REST
    • DNS validation
      • acme-dns
      • Alibaba (Aliyun)
      • Azure (Microsoft)
      • Cloud DNS (Google)
      • Cloudflare
      • DigitalOcean
      • DNSEXIT
      • DNS Made Easy
      • Domainname.shop
      • Dreamhost
      • GoDaddy
      • Hetzner
      • InfoManiak
      • Linode (Akamai)
      • LuaDNS
      • Manual
      • NS1
      • RFC2136
      • Route53 (Amazon)
      • Script
      • Simply
      • Tencent
      • TransIP
    • TLS validation
      • Self-hosting
  • Order
    • Single
    • Host
    • Site
    • Domain
  • CSR
    • RSA
    • EC
  • Store
    • Azure KeyVault
    • Certificate Store
    • Central Certificate Store
    • .pem files (Apache etc.)
    • .pfx file
    • User Store
  • Installation
    • IIS bindings
    • Script

Validation plugins

A validation plugin is responsible for providing the ACME server with proof that you own the identifiers (host names) that you want to create a certificate for. The ACMEv2 protocol defines different challenge types, three of which are supported by win-acme, namely HTTP-01, DNS-01 and TLS-ALPN-01.

For wildcard identifiers, only DNS-01 validation is accepted by Let’s Encrypt.

Several other challenge types are not supported for various reasons:

• TLS-SNI-01/-02 - deprecated and removed
• PROOFOFPOSSESSION-01 - unknown

Default

By default, the self-hosting plugin is used. This can be changed in settings.json.