acme.sh

From ArchWiki
Jump to navigation Jump to search

acme.sh is an ACME client written in Shell which has full ACME protocol implementation, supports IPv6, wildcard certs.

Installation

Install the acme.sh package, and socat if you want to use the Standalone mode.

Usage

There is no manual page. The documentation is at the site.

$ acme.sh --help

output a long, about 125 lines, of help text.

There are three steps involved:

  1. Requesting a certificate to be issued.
  2. Installing the issued certificate, to make it useful.
  3. Maintaining the certificate over time.

Issuing a new cert

You can specify any domain by -d.

Use specifying webroot method:

$ acme.sh --issue -d example.com -d www.example.com -d cp.example.com -d '*.example.com' -w /home/wwwroot/example.com

or, use standslone mode by adding --standalone if you got socat installed and no web server is running:

$ acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com

or use Nginx mode:

$ acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com

or use DNS mode(see offical wiki for more):

$ acme.sh --issue -d example.com -d '*.example.com' --dns dns_he

See more examples here.

Install the cert to Apache/Nginx etc

Nginx:

$ acme.sh --install-cert -d example.com --key-file '/path/to/keyfile/in/nginx/example.key' --fullchain-file '/path/to/fullchain/nginx/example.cer' --reloadcmd "systemctl force-reload nginx"

Apache:

$ acme.sh --install-cert -d example.com --cert-file '/path/to/certfile/in/apache/example.cer' --key-file '/path/to/keyfile/in/apache/example.key' --fullchain-file '/path/to/fullchain/certfile/apache/example.fullchain.cer' --reloadcmd "systemctl force-reload nginx apache2"

Maintaining a cert

The certs will be renewed automatically every 60 days.

See also

  • home page and wiki page for the documentation.
  • acme.sh acknowledges acme-tiny. acme-tiny's author has several more acme related utilities at [1]. Those utilities are more basic, and the author goes into more thorough, more under the hood, explanations of what is going on, in order to show their usage.