HOME » Documents » KUSANAGI 9 Commands » ssl



Manages SSL settings.


kusanagi ssl --email saya@example.com kusanagi_html


Certificate Issuance/Configuration

[--email "email address" | --cert "certificate file" --key "key file"]

When "--email" is specified, the Let's Encrypt's SSL certificate will be issued using the specified Email address.
After the Let’s Encrypt’s SSL certificate is successfully issued, automatic SSL certificate renewal will also be enabled.
"--email" cannot be used simultaneously with "--cert" and "--key".
If "--cert" and "--key" are specified, the specified certificate file and key file will be copied and set as the SSL certificate.
"--cert" and "--key" must be set at the same time.
"--cert" and "--key" cannot be used at the same time as "--email".

HTTPS Redirect Settings

[--https {redirect|noredirect}]

Sets up a 301 redirect from HTTP to HTTPS.
The "--https redirect" enables sending of a 301 header that instructs a permanent redirect.
"--https noredirect" disables sending of the 301 header that instructs permanent redirection.

HSTS Settings

[--hsts {on|off}]

Enables HSTS (HTTP Strict Transport Security) settings.
"--hsts on" enables HSTS.
"--hsts off" disables HSTS.
When setting "--hsts on", we recommend that you register your domain name on the HSTS Preload List registration site.

Let's Encrypt Certificate Auto-renewal Settings

[--auto {on|off}]

Enables/disables automatic renewal of Let's Encrypt certificates.
"--auto on" enables automatic certificate renewal for Let’s Encrypt.
"--auto off" disables automatic certificate renewal for Let’s Encrypt.

SSL Certificate Transparency Options Settings

[--ct {on|off}]

Enables/disables the SSL Certificate Transparency option.
"--ct on" enables the SSL Certificate Transparency option.
"--ct off" disables the SSL Certificate Transparency option.

Configuration of SSL Certificate, SCT Generation and Registration to the Log Server

[--no-register | --noregister]

* Can only be specified when the SSL certificate transparency option is enabled ("--ct on").

Default: Not specified (Generates an SCT (Signed Certificate Time-stamp) of the SSL certificate and registers it to the log server)

If either "--no-register" or "--noregister" are specified, the SCT of the SSL certificate will not be generated and registered to the log server.

Profile Name


Default: The current directory profile

If "profile" is specified, the host name of the specified profile will be processed.
However, if the current directory is not a profile, an error will occur.