Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time


dehydrated uses the file domains.txt as configuration for which certificates should be requested.

The file should have the following format:

This states that there are the following certificates:

  • without any alternative names
  • with an alternative name of
  • with the alternative names: and


You can define an alias for your certificate which will (instead of the primary domain) be used as the directory name under your CERTDIR and for a per-certificate lookup. This is done using the > character. This allows multiple certificates with identical sets of domains but different configuration to exist.

Here is an example of using an alias called certalias for creating the certificate for with alternative names and The certificate will be stored in the directory certalias under your CERTDIR. > certalias

This allows to set per certificates options. The options you can change are explained in Per Certificate Config.

If you want to create different certificate types for the same domain you can use:

*  > star_service_example_org_rsa
*  > star_service_example_org_ecdsa

Then add a config file certs/star_service_example_org_rsa/config with the value


or respectively



Support for wildcards was added by the ACME v2 protocol.

Certificates with a wildcard domain as the first (or only) name require an alias to be set. Aliases can't start with *..

For example to create the wildcard for * your domains.txt could use the alias method like this:

* > star_service_example_com

This creates a wildcard certificate for only * and will store it in the directory star_service_example_com under your CERTDIR. As a note this certificate will NOT be valid for but only for * So it would, for example, be valid for

Another way to create it is using alternative names. For example your domains.txt could do this: * *

This creates two certificates one for with an alternative name of * and a second certificate for with an alternative name of *

Note: The first certificate is valid for both and for * which can be a useful way to create wildcard certificates.