Use acme.sh to manage letsencrypt certificates

Fri, Dec 22, 2023

Installation

curl https://get.acme.sh | sh -s email=[email protected]
source ~/.bashrc

Issue a cert

# Cloudflare
export CF_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Zone_ID="xxxxxxxxxx"

acme.sh --issue --dns dns_cf -d blahblaho.com -d '*.blahblaho.com' --keylength ec-256 --server letsencrypt

# fingerprint
openssl x509 -noout -fingerprint -sha256 -in ~/.acme.sh/blahblaho.com_ecc/fullchain.cer

# export pkcs12 file
acme.sh --to-pkcs12 -d blahblaho.com --password 123456 --ecc

Currently acme.sh supports most of the dns providers:

https://github.com/acmesh-official/acme.sh/wiki/dnsapi

Install the cert

mkdir -p /usr/local/share/ssl
acme.sh --install-cert -d blahblaho.com \
  --cert-file /usr/local/share/ssl/blahblaho.com.pem \
  --key-file /usr/local/share/ssl/blahblaho.com.key \
  --fullchain-file /usr/local/share/ssl/fullchain.pem \
  --ca-file /usr/local/share/ssl/ca.pem \
  --reloadcmd "systemctl force-reload nginx"

Remove a cert

acme.sh --remove -d blahblaho.com