Get a free Lets Encrypt certificate via acme.sh
We will use the acme.sh console utility to install the certificate. The official repository is located here: https://github.com/acmesh-official/acme.sh
Installation is very simple, use the command:
curl https://get.acme.sh | shNext, to get a certificate, use the command:
acme.sh --issue --server letsencrypt --keylength ec-256 -d example.com -w /home/user-name/example.comWhere: example.com и www.example.com – domains for which you need to install a certificate.
/home/wwwroot/example.com – path to the root directory of the site.
If we want to pass verification by DNS, the command will be as follows:
acme.sh --issue --server letsencrypt --keylength ec-256 --dns -d example.com --yes-I-know-dns-manual-mode-enough-go-ahead-pleaseIf your site is connected to CloudFlare, the utility can also work with it. Example:
Registering CloudFlare Key and Mail:
export CF_Key="9879871298918279783123"
export CF_Email="[email protected]"We are registering:
acme.sh --register-account -m "[email protected]"And get a certificate:
acme.sh --issue --server letsencrypt --keylength ec-256 --dns dns_cf -d example.comThe utility itself will add the necessary DNS records and issue a certificate.
To add auto-renewal of the certificate, run the command:
acme.sh --install-cert --ecc -d example.com --key-file /etc/nginx/ssl/example.com.key --fullchain-file /etc/nginx/ssl/example.com.crt --reloadcmd "service nginx force-reload"In this case, we put the key and certificate in the /etc/nginx/ssl/ folder in advance and specified the domain of the certificate to the command. Also, through the reloadcmd key, we indicated that after updating the certificate, we need to reload nginx to apply the changes.
Have a nice work.