digitalist.global // October 05 2016
acme.sh – simplified setup of SSL certificates
acme.sh is a a script that could make it easier for you to setup SSL-certificates for your server. It uses Let’s encrypt certificates and has a bunch of options to simplify usage – even more than certbot.
If you are new to Let’s encrypt certificates – it is an open source solution to create SSL-certifcates for your servers. And SSL certificates are used to protect your users.
acme.sh installs a a script with some nifty options, like creating the certificates locally for use on your remote server, which is a perfect match for most of our hosting options – the use of varnish, nginx and apache in combination can make it a real pain to setup Let’s encrypt certificates.
Install acme.sh localy.
Run acme.sh script like:
acme.sh --issue --dns -d mysite.com
After that you get an output like
Add the following TXT record:
TXT value: '4f6c31aea2c544fc8565-8cec3d1242b7'
Please be aware that you prepend _acme-challenge. before your domain
so the resulting subdomain will be: _acme-challenge.mysite.com
Please add the TXT records to the domains, and retry again.
Then add the txt-record to your DNS-provider.
After you have done that you could just wait for a while, or run a tool like dig to see when the DNS is updated, like:
dig -t txt _acme-challenge.mysite.com
When you see you new TXT-entry, you run:
acme.sh --renew -d mysite.com
And if everything goes well, your certificates are created locally and you could then upload them to your server.
There are a lot of options while using acme.sh or certbot – and there are a bunch of other tools that use Let’s encrypt to make your sites safer, and make your users data private, and it is all open source, and free, as in beer.