ACME (acme.sh) Free SSL Certificate
ACME (acme.sh) is a shell script for generating LetsEncrypt SSL certificate. acme.sh is written in bash, so it works on any Linux server without special requirements. For getting SSL, another popular option is to use certbot.
- https://github.com/acmesh-official/acme.sh
- acme.sh list all SSL certificates
- acme.sh SSL using manual DNS method
To install, run
1 2 3 4 5 |
cd /usr/local/src git clone https://github.com/acmesh-official/acme.sh.git cd ./acme.sh ./acme.sh --install -m admin@serverok.in source ~/.bashrc |
When you install, it will set a daily cronjob for auto SSL renewal. You can see it with “crontab -l” command.
Set acme.sh to use LetsEncrypt SSL (Defaul is ZeroSSL)
1 |
acme.sh --set-default-ca --server letsencrypt |
Set to ZeroSSL, run
1 |
acme.sh --set-default-ca --server zerossl |
To issue an SSL certificate, run
1 |
acme.sh --issue -d example.com -d www.example.com -w /home/example.com/html/ |
Standalone mode (nginx)
1 |
acme.sh --issue -d example.com --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" |
Using non-standard port
1 |
acme.sh --issue -d example.com --standalone --httpport 88 |
For more ways to issue SSL certificates, see
https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
Install SSL Certificate
To install the SSL certificate, run
1 2 3 4 |
acme.sh --install-cert -d DOMAIN_NAME \ --fullchain-file /etc/ssl/DOMAIN_NAME.crt \ --key-file /etc/ssl/DOMAIN_NAME.key \ --reloadcmd "systemctl restart nginx" |
For Apache
1 2 3 4 5 |
acme.sh --install-cert -d DOMAIN_NAME \ --cert-file /etc/ssl/DOMAIN_NAME.crt \ --key-file /etc/ssl/DOMAIN_NAME.key \ --fullchain-file /etc/ssl/DOMAIN_NAME.ca \ --reloadcmd "service apache2 force-reload" |
If you use Apache, replace “service nginx force-reload” with “service apache2 force-reload”. For CentOS/RHEL, use httpd instead of apache2.
You can find how to enable SSL on Nginx server at Configure Nginx Server with SSL, For Apache web server, see Configure Apache Webserver with SSL
See LetsEncrypt