ssl

ssl

Manages SSL settings.

Example

kusanagi ssl --email saya@example.com kusanagi_html

Options

Certificate Issuance/Configuration

[--email "email address" | --cert "certificate file" --key "key file"]

When "--email" is specified, the Let's Encrypt's SSL certificate will be issued using the specified Email address.
After the Let’s Encrypt’s SSL certificate is successfully issued, automatic SSL certificate renewal will also be enabled.
"--email" cannot be used simultaneously with "--cert" and "--key".
If "--cert" and "--key" are specified, the specified certificate file and key file will be copied and set as the SSL certificate.
"--cert" and "--key" must be set at the same time.
"--cert" and "--key" cannot be used at the same time as "--email".

HTTPS Redirect Settings

[--https {redirect|noredirect}]

Sets up a 301 redirect from HTTP to HTTPS.
The "--https redirect" enables sending of a 301 header that instructs a permanent redirect.
"--https noredirect" disables sending of the 301 header that instructs permanent redirection.

HSTS Settings

[--hsts {on|off}]

Enables HSTS (HTTP Strict Transport Security) settings.
"--hsts on" enables HSTS.
"--hsts off" disables HSTS.
When setting "--hsts on", we recommend that you register your domain name on the HSTS Preload List registration site.

Let's Encrypt Certificate Auto-renewal Settings

[--auto {on|off}]

Enables/disables automatic renewal of Let's Encrypt certificates.
"--auto on" enables automatic certificate renewal for Let’s Encrypt.
"--auto off" disables automatic certificate renewal for Let’s Encrypt.

SSL Certificate Transparency Options Settings

Discontinued options
[--ct {on|off} (discontinued as of 9.6.3)]

Enables/disables the SSL Certificate Transparency option.
"--ct on" enables the SSL Certificate Transparency option.
"--ct off" disables the SSL Certificate Transparency option.

Configuration of SSL Certificate, SCT Generation and Registration to the Log Server

Discontinued options
[--no-register (discontinued as of 9.6.3) | --noregister (discontinued as of 9.6.3)]

* Can only be specified when the SSL certificate transparency option is enabled ("--ct on").

Default: Not specified (Generates an SCT (Signed Certificate Time-stamp) of the SSL certificate and registers it to the log server)

If either "--no-register" or "--noregister" are specified, the SCT of the SSL certificate will not be generated and registered to the log server.

Profile Name

[profile]

Default: The current directory profile

If "profile" is specified, the host name of the specified profile will be processed.
However, if the current directory is not a profile, an error will occur.

KUSANAGI Open Source Licenses | KUSANAGI Business Edition, Premium Edition, Security Edition End-User License Agreement

KUSANAGI Logo and Mascots | Privacy Policy | Vulnerability Disclosure Policy | Contact US

© 2015 - 2025 Prime Strategy Co., Ltd. All rights reserved

KUSANAGI
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.