Use acme.sh to manage letsencrypt certificates

Installation

1
2


curl https://get.acme.sh | sh -s email=[email protected]
source ~/.bashrc

Issue a cert

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


# Cloudflare
export CF_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Zone_ID="xxxxxxxxxx"

acme.sh --issue --dns dns_cf -d blahba.com -d '*.blahba.com' --keylength ec-256 --server letsencrypt

# fingerprint
openssl x509 -noout -fingerprint -sha256 -in ~/.acme.sh/blahba.com_ecc/fullchain.cer

# export pkcs12 file
acme.sh --to-pkcs12 -d blahba.com --password 123456 --ecc

Currently acme.sh supports most of the dns providers:

https://github.com/acmesh-official/acme.sh/wiki/dnsapi

Install the cert

1
2
3
4
5
6
7


mkdir -p /usr/local/share/ssl
acme.sh --install-cert -d blahba.com \
  --cert-file /usr/local/share/ssl/blahba.com.pem \
  --key-file /usr/local/share/ssl/blahba.com.key \
  --fullchain-file /usr/local/share/ssl/fullchain.pem \
  --ca-file /usr/local/share/ssl/ca.pem \
  --reloadcmd "systemctl force-reload nginx"

Remove a cert

1

acme.sh --remove -d blahba.com