From ArchWiki

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Reason: This article needs some language and minor wiki syntax improvements (Discuss in is an ACME client written in Shell which has full ACME protocol implementation, supports IPv6, wildcard certs.


Install the package, and socat if you want to use the standalone mode.


The package does not provide its man pages, but a wiki page exists on the project's website. --help also outputs a long list of commands and parameters.

There are three steps involved:

  1. Requesting a certificate to be issued.
  2. Installing the issued certificate, to make it useful.
  3. Maintaining the certificate over time.

The first 2 steps are summarized at the bottom of, starting with the words "Requesting new Certificate Issuance with the ACME protocol".

Issuing a new cert

You can specify any domain by -d.

Tip: You might want to specify LetsEncrypt as your default CA, as uses ZeroSSL as its default CA effective from August 1st, 2021.

Use specifying webroot method:

$ --issue -d -d -d -d '*' -w /home/wwwroot/

or, use standslone mode by adding --standalone if you got socat installed and no web server is running:

$ --issue --standalone -d -d -d

or use Nginx mode:

$ --issue --nginx -d -d -d

or use DNS mode (see offical wiki for more):

$ --issue -d -d '*' --dns dns_he

See more examples here.

Install the cert to Apache/Nginx etc


$ --install-cert -d --key-file '/path/to/keyfile/in/nginx/example.key' --fullchain-file '/path/to/fullchain/nginx/example.cer' --reloadcmd "systemctl force-reload nginx"


$ --install-cert -d --cert-file '/path/to/certfile/in/apache/example.cer' --key-file '/path/to/keyfile/in/apache/example.key' --fullchain-file '/path/to/fullchain/certfile/apache/example.fullchain.cer' --reloadcmd "systemctl force-reload nginx apache2"

Maintaining a cert

The certs will be renewed automatically every 60 days.

See also

  • home page and wiki page for the documentation.
  • acknowledges acme-tiny. acme-tiny's author has several more acme related utilities at [1]. Those utilities are more basic, and the author goes into more thorough, more under the hood, explanations of what is going on, in order to show their usage.