digitalist.global // October 05 2016

acme.sh – simplified setup of SSL certificates

acme.sh is a a script that could make it easier for you to setup SSL-certificates for your server. It uses Let’s encrypt certificates and has a bunch of options to simplify usage – even more than certbot.

If you are new to Let’s encrypt certificates – it is an open source solution to create SSL-certifcates for your servers. And SSL certificates are used to protect your users.

acme.sh installs a a script with some nifty options, like creating the certificates locally for use on your remote server, which is a perfect match for most of our hosting options – the use of varnish, nginx and apache in combination can make it a real pain to setup Let’s encrypt certificates.

Install acme.sh localy.

Run acme.sh script like:
acme.sh --issue --dns -d mysite.com

After that you get an output like
Add the following TXT record:
Domain: '_acme-challenge.mysite.com'
TXT value: '4f6c31aea2c544fc8565-8cec3d1242b7'
Please be aware that you prepend _acme-challenge. before your domain
so the resulting subdomain will be: _acme-challenge.mysite.com
Please add the TXT records to the domains, and retry again.

Then add the txt-record to your DNS-provider.

After you have done that you could just wait for a while, or run a tool like dig to see when the DNS is updated, like:
dig -t txt _acme-challenge.mysite.com

When you see you new TXT-entry, you run:
acme.sh --renew -d mysite.com

And if everything goes well, your certificates are created locally and you could then upload them to your server.

There are a lot of options while using acme.sh or certbot – and there are a bunch of other tools that use Let’s encrypt to make your sites safer, and make your users data private, and it is all open source, and free, as in beer.

 

More from digitalist.global