Installation Process
To install acme.sh:
wget -O - https://get.acme.sh | sh -s email=admin@domain.com
source ~/.bash_profile
The installation performs these actions:
- Creates a directory at ~/.acme.sh/
- Sets up a shell alias for easy access
- Configures a cron job for automatic certificate renewal
Certificate Authority Selection
Switch between different CA providers:
# Use Let's Encrypt (recommended)
acme.sh --set-default-ca --server letsencrypt
# Use other providers
acme.sh --set-default-ca --server buypass
acme.sh --set-default-ca --server zerossl
Certificate Generation Methods
HTTP Verification
For web servers:
# Apache
acme.sh --issue -d domain.com --apache
# Nginx
acme.sh --issue -d domain.com --nginx
# Standalone mode
acme.sh --issue -d domain.com --standalone
DNS Verification
For DNS-based verification:
# Manual DNS mode
acme.sh --issue --dns -d domain.com --manual
# Automatic DNS (Cloudflare example)
export CF_Key="your_api_key"
export CF_Email="admin@domain.com"
acme.sh --issue -d domain.com --dns dns_cf
Certificate Instalaltion
Properly install certificates to web servers:
# For Apache
acme.sh --install-cert -d domain.com \
--cert-file /path/to/cert.pem \
--key-file /path/to/key.pem \
--reloadcmd "systemctl restart apache2"
# For Nginx
acme.sh --install-cert -d domain.com \
--key-file /etc/nginx/ssl/key.pem \
--fullchain-file /etc/nginx/ssl/cert.pem \
--reloadcmd "systemctl restart nginx"
Certificate Management
View certificate information:
acme.sh --info -d domain.com
Manual renewal:
acme.sh --renew -d domain.com
Troubleshooting
For debugging:
acme.sh --issue -d domain.com --debug 2
When behind a proxy:
export http_proxy="socks5://proxy:port"
export https_proxy="socks5://proxy:port"