#compdef certbot # ------------------------------------------------------------------------------ # Copyright (c) 2025 Github zsh-users - https://github.com/zsh-users # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the # "Software"), to deal in the Software without restriction, including # without limitation the rights to use, copy, modify, merge, publish, # distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so, subject to # the following conditions: # # The above copyright notice and this permission notice shall be included # in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL # THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR # OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR # OTHER DEALINGS IN THE SOFTWARE. # ------------------------------------------------------------------------------ # Description # ----------- # # Completion script for certbot 5.1.0 (https://github.com/certbot/certbot) # # ------------------------------------------------------------------------------ # Authors # ------- # # * Shohei Yoshida (https://github.com/syohex) # # ------------------------------------------------------------------------------ _certbot() { typeset -A opt_args local context state line local curcontext="$curcontext" local ret=1 _arguments -C -A "-*" \ '(- *)'{-h,--help}'[Print help message]:topic:_certbot_help_topics' \ '(- *)--version[Print version and exit]' \ '1: :_certbot_subcommands' \ '*::arg:->args' \ && ret=0 case "$state" in (args) local -a opts=( '(- *)'{-h,--help}'[Show help message and exit]' '(-c --config)'{-c,--config}'[Path to config file]:config_file:_files' ) case $words[1] in (run|certonly|renew|enhance|certificates|delete|reconfigure) opts+=( '--cert-name[Certificate name to apply]:name' ) ;| (run|certonly|renew|reconfigure) opts+=( '--deploy-hook[Command to be run once for each successfully issued certificate]:hook' ) ;| (run|certonly|renew) opts+=( '(-q --quiet)'{-q,--quiet}'[Silence all output except errors]' '--required-profile[Request the given profile name from the ACME server]:profile' '--preferred-profile[Request the given profile name from the ACME server]:profile' '--preferred-chain[Set the preferred certificate chain]:chain' ) ;| (run|certonly|enhance|certificates) opts+=( '(-d --domains --domain)'{-d,--domains,--domain}'[Domain names to include]' ) ;| (run|certonly|enhance|register) opts+=( '--force-interactive[Force Certbot to be interactive even not in a terminal]' ) ;| (run|certonly|enhance) opts+=( '(-n --non-interactive --noninteractive)'{-n,--non-interactive,--noninteractive}'[Run without ever asking for user input]' ) ;| (run|certonly|register) opts+=( '--eab-kid[Key identifier for External Account Binding]:eab_kid' '--eab-hmac-key[HMAC key for External Account Binding]:eab_hmac_key' '--eab-hmac-alg[HMAC algorithm for External Account Binding(default: HS256)]:algorithm:(HS256 HS384 HS512)' ) ;| (run|certonly) opts+=( '(--keep-until-expiring --keep --reinstall)'{--keep-until-expiring,--keep,--reinstall}'[Always keep the existing one until it is due for renewal]' '--debug-challenges[After setting up challenges, wait for user input before submitting to CA]' '--issuance-timeout[How many seconds Certbot will wait for the server to issue a certificate]:seconds' '--apache[Obtain and install certificates using Apache]' '--nginx[Obtain and install certificates using Nginx]' ) ;| (certonly|renew|reconfigure) opts+=( '--run-deploy-hooks[run any applicable deploy hooks]' ) ;| (certonly|renew) opts+=( "--dry-run[Perform a test run against the Let's Encrypt staging server]" '--allow-subset-of-names[When performing domain validation, do not consider it a failure]' '--preferred-challenges[A sorted, comma delimited list of the preferred challenge]:challenges' ) ;| (run|revoke) opts+=( '(--test-cert --staging)'{--test-cert,--staging}"[Use the Let's Encrypt staging server to obtain or revoke test]" ) ;| (certonly|revoke) opts+=( '--cert-path[Path to where certificate is saved]:cert:_files' ) ;| (certonly|reconfigure) opts+=( '--webroot[Obtain certificates by placing files in a webroot directory]' ) ;| (certonly) opts+=( '--csr[Path to a Certificate Signing Request (CSR) in DER or PEM format]:csr:_files' '--standalone[Obtain certificates using a "standalone" webserver]' '--manual[Provide laborious manual instructions for obtaining a certificate]' '--dns-cloudflare[Obtain certificates using a Cloudflare DNS TXT record]' '--dns-digitalocean[Obtain certificates using a DigitalOcean DNS TXT record]' '--dns-dnsimple[Obtain certificates using a DNSimple DNS TXT record]' '--dns-dnsmadeeasy[Obtain certificates using a DNS Made Easy DNS TXT record]' '--dns-gehirn[Obtain certificates using a Gehirn DNS TXT record]' '--dns-google[Obtain certificates using a Google Cloud DNS TXT record]' '--dns-linode[Obtain certificates using a Linode DNS TXT record]' '--dns-luadns[Obtain certificates using a LuaDNS DNS TXT record]' '--dns-nsone[Obtain certificates using a NS1 DNS TXT record]' '--dns-ovh[Obtain certificates using a OVH DNS TXT record]' '--dns-rfc2136[Obtain certificates using a BIND DNS TXT record]' '--dns-route53[Obtain certificates using a Route53 DNS TXT record]' '--dns-sakuracloud[Obtain certificates using a Sakura Cloud DNS TXT record]' ) ;| (renew|reconfigure) opts+=( '--pre-hook[Command to be run before obtaining any certificates]:pre_hook' '--post-hook[Command to be run after attempting to obtain/renew certificates]:post_hook' ) ;| (renew) opts+=( '(--force-renewal --renew-by-default)'{--force-renewal,--renew-by-default}'[renew now regardless of whether it is near expiry]' '--disable-hook-validation[Disable command validation for hook commands]' "--no-directory-hooks[Disable running executables found in Certbot's hook directories]" '--disable-renew-updates[Disable automatic updates to your server configuration]' '--no-autorenew[Disable auto renewal of certificates]' ) ;| (enhance) opts+=( '--redirect[Automatically redirect all HTTP traffic to HTTPS]' '--hsts[Add Strict-Transport-Security header to every HTTP response]' '--uir[Add "Content-Security-Policy: upgrade-insecure-requests" header to every HTTP response]' '--auto-hsts[Gradually increasing max-age value for HTTP Strict Transport Security security header]' ) ;| (revoke) opts+=( '--reason[Specify reason for revoking certificates]:reason:(unspecified keycompromise affiliationchanged superseded cessationofoperation)' '(--delete-after-revoke --no-delete-after-revoke)--delete-after-revoke[Delete certificates after revoking them]' '(--delete-after-revoke --no-delete-after-revoke)--no-delete-after-revoke[Do not delete certificates after revoking them]' '--key-path[Path to private key for certificates instructions or revocation]:key_path:_files' ) ;| (reconfigure) opts+=( '(-a --authenticator)'{-a,--authenticator}'[Authenticator plugin name]:plugin' '(-i --installer)'{-i,--installer}'[Installer plugin name]:plugin' ) ;| (register|unregister|update_account) opts+=( '(-m --email)'{-m,--email}'[Email used for registration and recovery contact]:email') ;| (register|update_account) opts+=( '(--eff-email --no-eff-email)--eff-email[Share your e-mail address with EFF]' '(--eff-email --no-eff-email)--no-eff-email[Do not share your email address with EFF]' ) ;| (unregister) opts+=( '--account[Account ID to use]:account_id' ) ;| (show_account) opts+=( '--server[ACME Directory Resource URI]:server' ) ;| esac _arguments "$opts[@]" && ret=0 ;; esac return ret } (( $+functions[_certbot_subcommands] )) || _certbot_subcommands() { local -a commands=( "run:Obtain & install a certificate in your current webserver" "certonly:Obtain or renew a certificate, but do not install it" "renew:Renew all previously obtained certificates that are near" "enhance:Add security enhancements to your existing configuration" "certificates:Display information about certificates you have from Certbot" "revoke:Revoke a certificate (supply --cert-name or --cert-path)" "delete:Delete a certificate (supply --cert-name)" "reconfigure:Update a certificate's configuration (supply --cert-name)" "register:Create an ACME account" "unregister:Deactivate an ACME account" "update_account:Update an ACME account" "show_account:Display account details" ) _describe -t commands 'command' commands "$@" } (( $+functions[_certbot_help_topics] )) || _certbot_help_topics() { local -a topics=( # topics all automation commands paths security testing # subcommands run certonly renew enhance certificates revoke delete reconfigure register unregister update_account show_account # plugins nginx apache standalone webroot ) _values topics $topics } _certbot "$@" # Local Variables: # mode: Shell-Script # sh-indentation: 2 # indent-tabs-mode: nil # sh-basic-offset: 2 # End: # vim: ft=zsh sw=2 ts=2 et