Overview

Some of the applications' settings can be updated in the app's settings or configuration file. the file is in the application root and is called settings.config. If this file is not present it will be automatically created on first run, copied from settings_default.config. This allows you to xcopy new releases without worrying about overwriting your previously customized settings.

FileDateFormat

Default: 'yyyy/M/d H:mm:ss'

A string that is used to format the date of the pfx file friendly name. Documentation for possibilities is available from Microsoft.

RSAKeyBits

Default: 3072

The key size to sign the certificate with. Minimum is 1024.

HostsPerPage

Default: 50

The number of hosts to display per page.

ClientName

Default: win-acme

The name of the client, which comes back in the scheduled task and the ConfigurationPath.

ConfigurationPath

Default: '' (empty)

Change the location where the program stores its (temporary) files. If not specified this resolves to %programdata%\[ClientName]\[BaseUri]

CertificatePath

Default: '' (empty)

The path where certificates and request files are stored. If not specified or invalid, this defaults to (ConfigurationPath)\Certificates. All directories and subdirectories in the specified path are created unless they already exist. If you are using a Central SSL Store, this can not be set to the same path.

RenewalDays

Default: 55

The number of days to renew a certificate after. Let's Encrypt certificates are currently for a max of 90 days so it is advised to not increase the days much. If you increase the days, please note that you will have less time to fix any issues if the certificate doesn't renew correctly.

DefaultCertificateStore

Default: '' (empty)

The certificate store to save the certificates in. If left empty, certificates will be installed either in the WebHosting store, or if that is not available, the My store (better known as Personal).

DefaultCentralSslStore

Default: '' (empty)

When using --store centralssl this path is used by default, saving you the effort from providing it manually. Filling this out makes the --centralsslstore parameter unnecessary in most cases. Renewals created with the default path will automatically change to any future default value, meaning this is also a good practice for maintainability.

DefaultCentralSslPfxPassword

Default: '' (empty)

When using --store centralssl this password is used by default for the pfx files, saving you the effort from providing it manually. Filling this out makes the --pfxpassword parameter unnecessary in most cases. Renewals created with the default password will automatically change to any future default value, meaning this is also a good practice for maintainability.

DefaultPemFilesPath

Default: '' (empty)

When using --store pemfiles this path is used by default, saving you the effort from providing it manually. Filling this out makes the --pemfilespath parameter unnecessary in most cases. Renewals created with the default path will automatically change to any future default value, meaning this is also a good practice for maintainability.

CleanupFolders

Default: True

If set to True, it will cleanup the folder structure and files it creates under the site for authorization.

PrivateKeyExportable

Default: False

If set to True, it will be possible to export the generated certificates from the certificate store, for example to move them to another server.

Proxy

Default: [System]

Configures a proxy server to use for communication with the ACME server. The default setting uses the system proxy. Passing an empty string will bypass the system proxy.

ProxyUsername

Default: '' (empty)

Username used to access the proxy server.

ProxyPassword

Default: '' (empty)

Password used to access the proxy server.

ScheduledTaskStartBoundary

Default: 09:00:00 (9:00 am)

Configures start time for the scheduled task.

ScheduledTaskExecutionTimeLimit

Default: 02:00:00 (2 hours)

Configures time after which the scheduled task will be terminated if it hangs for whatever reason.

ScheduledTaskRandomDelay

Default: 00:00:00

Configures random time to wait for starting the scheduled task.

EncryptConfig

Default: True

Uses Microsoft Data Protection API to encrypt sensitive parts of the configuration, e.g. passwords. This may be disabled to share the configuration across a cluster of machines.

DefaultBaseUri

Default: https://acme-v02.api.letsencrypt.org/

Default ACMEv2 endpoint to use when none is specified with the command line.

DefaultBaseUriTest

Default: https://acme-staging-v02.api.letsencrypt.org/

Default ACMEv2 endpoint to use when none is specified with the command line and the --test switch is activated.

DefaultBaseUriImport

Default: https://acme-v01.api.letsencrypt.org/

Default ACMEv1 endpoint to import renewal settings from.

SmtpServer

Default: '' (empty)

SMTP server to use for sending email notifications. Required to receive renewal failure notifications.

SmtpPort

Default: 25

SMTP server port number.

SmtpUser

Default: '' (empty)

User name for the SMTP server, in case of authenticated SMTP.

SmtpPassword

Default: '' (empty)

Password for the SMTP server, in case of authenticated SMTP.

SmtpSecure

Default: False (empty)

Change to True to enable SMTPS.

SmtpSenderName

Default: ``

Display name to use as the sender of notification emails. Defaults to the ClientName setting when empty.

SmtpSenderAddress

Default: '' (empty)

Email address to use as the sender of notification emails. Required to receive renewal failure notifications.

SmtpReceiverAddress

Default: '' (empty)

Email address to receive notification emails. Required to receive renewal failure notifications.

EmailOnSuccess

Default: False

Send an email notification when a certificate has been successfully renewed, as opposed to the default behavior that only send failure notifications. Only works if at least SmtpServer, SmtpSenderAddressand SmtpReceiverAddress have been configured.

DeleteStaleCacheFiles

Default: False

Automatically delete files older than 120 days from the CertificatePath folder. Running with default settings, these should only be long-expired certificates, generated for abandoned renewals. However we do advise caution.

DnsServer

Default: '' (empty)

When using DNS validation the program runs some preliminary checks to test if the validation record has been properly created. It will query one of the authoritative name servers registered for the domain and will use your systems DNS servers to find them. This setting can be used to choose a different name server to find the authoritative ones instead, e.g. if you are inside of an Active Directory Domain and need to use an outside perspective.

CertificateCacheDays

Default: 1 (empty)

When renewing or re-creating a previously requested certificate that has the exact same set of domain names, the program will used a cached version for this many days, to prevent users from running into rate limits while experimenting. Set this to a high value if you regularly re-request the same certificates, e.g. for a Continuous Deployment scenario.

LogPath

Default: `` (empty)

The path where log files for the past 31 days are stored. If not specified or invalid, this defaults to (ConfigurationPath)\Log.