-
-
Notifications
You must be signed in to change notification settings - Fork 5.1k
How to issue a cert
If you already have a web server running, you should use webroot mode. you only need write access to the web root folder.
acme.sh --issue -d example.com -w /home/wwwroot/example.com
If you don't have a web server, maybe you are on a smtp or ftp server, the 80 port is free. you can use standalone mode. acme.sh has a builtin standalone webserver, it can listen at 80 port to issue the cert.
acme.sh --issue -d example.com --standalone
If you are using a non-standard 80
port behind a reverse proxy or load balancer , you can use --httpport
to specify your port:
acme.sh --issue -d example.com --standalone --httpport 88
If you don't have a web server, maybe you are on a smtp or ftp server, the 443
port is free. you can use standalone tls alpn mode.
acme.sh has a builtin standalone tls webserver, it can listen at 443 port to issue the cert.
acme.sh --issue -d example.com --alpn
If you are using a non-standard 443
port behind a reverse proxy or load balancer , you can use --tlsport
to specify your port:
acme.sh --issue -d example.com --alpn --tlsport 8443
Yes, if your nameservice provider has an api, we can use the api to automatically add the txt record for you. your cert will be automatically issued and renewed.
Cloudflare api:
export CF_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Email="[email protected]"
acme.sh --issue -d example.com --dns dns_cf
How to use dns api: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
See: https://github.com/acmesh-official/acme.sh/wiki/DNS-manual-mode
See: https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
If your website is running apache server, acme.sh can use apache server to issue cert. And acme.sh will restore your apache conf after the cert is issued, don't worry.
acme.sh --issue -d example.com --apache
If your website is running nginx server, acme.sh can use nginx server to issue cert. And acme.sh will restore your nginx conf after the cert is issued, don't worry.
acme.sh --issue -d example.com --nginx
Sometimes, nginx conf file can not be found automatically, you can specify one:
acme.sh --issue -d example.com --nginx /etc/nginx/nginx.conf
You can also specify the website conf:
acme.sh --issue -d example.com --nginx /etc/nginx/conf.d/example.com.conf
Issue a single cert including multiple domains. All the domains use the same validation method:
You must point example.com
and www.example.com
to the same web root folder /home/wwwroot/example.com
acme.sh --issue -d example.com -w /home/wwwroot/example.com -d www.example.com
acme.sh --issue -d example.com --standalone -d www.example.com
Cloud flare api:
export CF_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Email="[email protected]"
acme.sh --issue -d example.com --dns dns_cf -d www.example.com
acme.sh --issue -d example.com --dns -d www.example.com
Issue a single cert including multiple domains. Each domain uses a different validation method.
acme.sh --issue \
-d aa.com -w /home/wwwroot/aa.com \
-d bb.com --dns dns_cf \
-d cc.com --apache \
-d dd.com -w /home/wwwroot/dd.com
acme.sh --issue \
-d aa.com --dns dns_dp \
-d bb.com --dns dns_cf \
-d cc.com --dns dns_ns
Buy me a beer, Donate to acme.sh if it saves your time. Your donation makes acme.sh better: https://donate.acme.sh/
如果 acme.sh 帮你节省了时间,请考虑赏我一杯啤酒🍺, 捐助: https://donate.acme.sh/ 你的支持将会使得 acme.sh 越来越好. 感谢