Generating Free SSL Certificates Using acme.sh with ACME Protocol

Installation Process

To install acme.sh:

wget -O - https://get.acme.sh | sh -s email=admin@domain.com
source ~/.bash_profile

The installation performs these actions:

  • Creates a directory at ~/.acme.sh/
  • Sets up a shell alias for easy access
  • Configures a cron job for automatic certificate renewal

Certificate Authority Selection

Switch between different CA providers:

# Use Let's Encrypt (recommended)
acme.sh --set-default-ca --server letsencrypt

# Use other providers
acme.sh --set-default-ca --server buypass
acme.sh --set-default-ca --server zerossl

Certificate Generation Methods

HTTP Verification

For web servers:

# Apache
acme.sh --issue -d domain.com --apache

# Nginx
acme.sh --issue -d domain.com --nginx

# Standalone mode
acme.sh --issue -d domain.com --standalone

DNS Verification

For DNS-based verification:

# Manual DNS mode
acme.sh --issue --dns -d domain.com --manual

# Automatic DNS (Cloudflare example)
export CF_Key="your_api_key"
export CF_Email="admin@domain.com"
acme.sh --issue -d domain.com --dns dns_cf

Certificate Instalaltion

Properly install certificates to web servers:

# For Apache
acme.sh --install-cert -d domain.com \
  --cert-file /path/to/cert.pem \
  --key-file /path/to/key.pem \
  --reloadcmd "systemctl restart apache2"

# For Nginx
acme.sh --install-cert -d domain.com \
  --key-file /etc/nginx/ssl/key.pem \
  --fullchain-file /etc/nginx/ssl/cert.pem \
  --reloadcmd "systemctl restart nginx"

Certificate Management

View certificate information:

acme.sh --info -d domain.com

Manual renewal:

acme.sh --renew -d domain.com

Troubleshooting

For debugging:

acme.sh --issue -d domain.com --debug 2

When behind a proxy:

export http_proxy="socks5://proxy:port"
export https_proxy="socks5://proxy:port"

Tags: acme.sh ssl Let's Encrypt HTTPS certificate authority

Posted on Sun, 05 Jul 2026 16:40:33 +0000 by nipsilanti