Store plugins are responsible for storing issued certificates in their permanent location(s).

CertificateStore

Default plugin, saves certificates to the Windows Certificate store. The store that should be used can be configured in settings.config. By default no store is configured, which triggers the following behaviour: If the WebHosting store exists (Windows 2012+ with IIS) then it's used. Otherwise the machine-level My store (better known as Personal) is used. The global default can be modified using settings.config.

The default when creating a new certificate can be overridden with the --certificatestore command line parameter and that setting is saved for future renewals. On renewal, --certificatestore is ignored and the setting saved in the JSON parameter 'StoreName' is used or, if not set at the certificate creation time, the settings.config followed by the default behaviour is used.

--store certificatestore [--certificatestore My] [--keepexisting]

CentralSsl

Designed for the Central Certificate Store introduced in Windows 2012. Creates a separate copy of the .pfx file for each hostname and places it in the path provided by the --centralsslstore parameter, or the DefaultCentralSslStore setting in the config file. Using this store also triggers any created or updated IIS bindings to get the CentralSSL flag.

--store centralssl [--centralsslstore C:\CentralSSL\] [--pfxpassword *****]

PemFiles

Designed for Apache, nginx and other web servers. Exports a .pem file for the certificate and private key and places them in the path provided by the --pemfilespath parameter, or the DefaultPemFilesPath setting in the config file.

--store pemfiles [--pemfilespath C:\Certificates\]

Multiple

More than one plugin can run by choosing them in order of execution.

• Unattended --store certificatestore,pemfiles