]>
Commit | Line | Data |
---|---|---|
a2e62f8e | 1 | # An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh) |
319d49dd | 2 | |
5723fd11 | 3 | <img src="https://opencollective.com/acmesh/tiers/backers/badge.svg?label=backer&color=brightgreen" /> [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) |
99dc89c0 | 4 | - An ACME protocol client written purely in Shell (Unix shell) language. |
1bb90298 | 5 | - Full ACME protocol implementation. |
79a2bed6 | 6 | - Support ACME v1 and ACME v2 |
7 | - Support ACME v2 wildcard certs | |
1bb90298 AL |
8 | - Simple, powerful and very easy to use. You only need 3 minutes to learn it. |
9 | - Bash, dash and sh compatible. | |
2b45dba5 | 10 | - Simplest shell script for Let's Encrypt free certificate client. |
1bb90298 AL |
11 | - Purely written in Shell with no dependencies on python or the official Let's Encrypt client. |
12 | - Just one script to issue, renew and install your certificates automatically. | |
1f60d2bb | 13 | - DOES NOT require `root/sudoer` access. |
f3b43439 | 14 | - Docker friendly |
0f48b156 | 15 | - IPv6 support |
5d468f7c | 16 | - Cron job notifications for renewal or error etc. |
6c0ab5d2 | 17 | |
9cf65e31 | 18 | It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt. |
6c0ab5d2 | 19 | |
6cc11ffb | 20 | Wiki: https://github.com/Neilpang/acme.sh/wiki |
de9fd54e | 21 | |
f3b43439 | 22 | For Docker Fans: [acme.sh :two_hearts: Docker ](https://github.com/Neilpang/acme.sh/wiki/Run-acme.sh-in-docker) |
1bb90298 | 23 | |
08998032 | 24 | Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |
25 | ||
26 | ||
fe04faf6 | 27 | # [中文说明](https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E) |
28 | ||
bae50da7 | 29 | # Who: |
6f1c72f5 | 30 | - [FreeBSD.org](https://blog.crashed.org/letsencrypt-in-freebsd-org/) |
31 | - [ruby-china.org](https://ruby-china.org/topics/31983) | |
32 | - [Proxmox](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer)) | |
33 | - [pfsense](https://github.com/pfsense/FreeBSD-ports/pull/89) | |
34 | - [webfaction](https://community.webfaction.com/questions/19988/using-letsencrypt) | |
35 | - [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty) | |
36 | - [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709) | |
26c669e4 | 37 | - [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html) |
6f1c72f5 | 38 | - [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297) |
7ff52546 | 39 | - [archlinux](https://www.archlinux.org/packages/community/any/acme.sh) |
9cf65e31 | 40 | - [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient) |
a5c1c303 | 41 | - [CentOS Web Panel](http://centos-webpanel.com/) |
42 | - [lnmp.org](https://lnmp.org/) | |
63ec05a6 | 43 | - [more...](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials) |
1bb90298 AL |
44 | |
45 | # Tested OS | |
46 | ||
daf56504 | 47 | | NO | Status| Platform| |
48 | |----|-------|---------| | |
52f55641 | 49 | |1|[![](https://neilpang.github.io/acmetest/status/ubuntu-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Ubuntu |
50 | |2|[![](https://neilpang.github.io/acmetest/status/debian-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Debian | |
51 | |3|[![](https://neilpang.github.io/acmetest/status/centos-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|CentOS | |
52 | |4|[![](https://neilpang.github.io/acmetest/status/windows-cygwin.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Windows (cygwin with curl, openssl and crontab included) | |
53 | |5|[![](https://neilpang.github.io/acmetest/status/freebsd.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|FreeBSD | |
54 | |6|[![](https://neilpang.github.io/acmetest/status/pfsense.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|pfsense | |
55 | |7|[![](https://neilpang.github.io/acmetest/status/opensuse-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|openSUSE | |
56 | |8|[![](https://neilpang.github.io/acmetest/status/alpine-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Alpine Linux (with curl) | |
57 | |9|[![](https://neilpang.github.io/acmetest/status/base-archlinux.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Archlinux | |
58 | |10|[![](https://neilpang.github.io/acmetest/status/fedora-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|fedora | |
59 | |11|[![](https://neilpang.github.io/acmetest/status/kalilinux-kali-linux-docker.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Kali Linux | |
60 | |12|[![](https://neilpang.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Oracle Linux | |
61 | |13|[![](https://neilpang.github.io/acmetest/status/proxmox.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Proxmox https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration#Let.27s_Encrypt_using_acme.sh | |
63c6a3b0 | 62 | |14|-----| Cloud Linux https://github.com/Neilpang/le/issues/111 |
52f55641 | 63 | |15|[![](https://neilpang.github.io/acmetest/status/openbsd.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|OpenBSD |
64 | |16|[![](https://neilpang.github.io/acmetest/status/mageia.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Mageia | |
3ad08e95 | 65 | |17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/Neilpang/acme.sh/wiki/How-to-run-on-OpenWRT) |
52f55641 | 66 | |18|[![](https://neilpang.github.io/acmetest/status/solaris.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|SunOS/Solaris |
67 | |19|[![](https://neilpang.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Gentoo Linux | |
b28a3db3 | 68 | |20|[![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)|Mac OSX |
6c0ab5d2 | 69 | |
aa66dfff | 70 | For all build statuses, check our [weekly build project](https://github.com/Neilpang/acmetest): |
6c0ab5d2 | 71 | |
6cc11ffb | 72 | https://github.com/Neilpang/acmetest |
07f4ec4f | 73 | |
c4094c68 | 74 | # Supported CA |
75 | ||
76 | - Letsencrypt.org CA(default) | |
77 | - [BuyPass.com CA](https://github.com/Neilpang/acme.sh/wiki/BuyPass.com-CA) | |
693d692a | 78 | - [Pebble strict Mode](https://github.com/letsencrypt/pebble) |
2b45dba5 | 79 | |
1bb90298 | 80 | # Supported modes |
2c75b3fd | 81 | |
1bb90298 AL |
82 | - Webroot mode |
83 | - Standalone mode | |
c9baca79 | 84 | - Standalone tls-alpn mode |
1bb90298 | 85 | - Apache mode |
d5865989 | 86 | - Nginx mode |
1bb90298 | 87 | - DNS mode |
875625b1 | 88 | - [DNS alias mode](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode) |
7c488b59 | 89 | - [Stateless mode](https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode) |
2b45dba5 | 90 | |
e8cce73a | 91 | |
df1c9d88 | 92 | # 1. How to install |
6c0ab5d2 | 93 | |
1bb90298 | 94 | ### 1. Install online |
6c0ab5d2 | 95 | |
5bdad844 | 96 | Check this project: https://github.com/Neilpang/get.acme.sh |
b0515cf8 | 97 | |
2b45dba5 | 98 | ```bash |
99dc89c0 | 99 | curl https://get.acme.sh | sh |
90dda23f | 100 | ``` |
101 | ||
102 | Or: | |
2b45dba5 SF |
103 | |
104 | ```bash | |
99dc89c0 | 105 | wget -O - https://get.acme.sh | sh |
90dda23f | 106 | ``` |
107 | ||
108 | ||
1bb90298 | 109 | ### 2. Or, Install from git |
2b45dba5 | 110 | |
1bb90298 | 111 | Clone this project and launch installation: |
2b45dba5 SF |
112 | |
113 | ```bash | |
6cc11ffb | 114 | git clone https://github.com/Neilpang/acme.sh.git |
2b45dba5 | 115 | cd ./acme.sh |
6cc11ffb | 116 | ./acme.sh --install |
6c0ab5d2 | 117 | ``` |
90dda23f | 118 | |
2b45dba5 SF |
119 | You `don't have to be root` then, although `it is recommended`. |
120 | ||
1bb90298 | 121 | Advanced Installation: https://github.com/Neilpang/acme.sh/wiki/How-to-install |
d9ded9f3 | 122 | |
2b45dba5 | 123 | The installer will perform 3 actions: |
7a894c4c | 124 | |
1bb90298 AL |
125 | 1. Create and copy `acme.sh` to your home dir (`$HOME`): `~/.acme.sh/`. |
126 | All certs will be placed in this folder too. | |
127 | 2. Create alias for: `acme.sh=~/.acme.sh/acme.sh`. | |
128 | 3. Create daily cron job to check and renew the certs if needed. | |
2b45dba5 SF |
129 | |
130 | Cron entry example: | |
131 | ||
132 | ```bash | |
133 | 0 0 * * * "/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null | |
134 | ``` | |
acc1e53a | 135 | |
1bb90298 AL |
136 | After the installation, you must close the current terminal and reopen it to make the alias take effect. |
137 | ||
138 | Ok, you are ready to issue certs now. | |
acc1e53a | 139 | |
6c0ab5d2 | 140 | Show help message: |
2b45dba5 | 141 | |
e27dfbb0 | 142 | ```sh |
39c8f79f | 143 | root@v1:~# acme.sh -h |
6c0ab5d2 | 144 | ``` |
1bb90298 AL |
145 | |
146 | # 2. Just issue a cert | |
2400e41f | 147 | |
2b45dba5 | 148 | **Example 1:** Single domain. |
2400e41f | 149 | |
2b45dba5 | 150 | ```bash |
caa2e45a | 151 | acme.sh --issue -d example.com -w /home/wwwroot/example.com |
6c0ab5d2 | 152 | ``` |
2b45dba5 | 153 | |
4c38fec3 | 154 | or: |
155 | ||
156 | ```bash | |
157 | acme.sh --issue -d example.com -w /home/username/public_html | |
158 | ``` | |
159 | ||
160 | or: | |
161 | ||
162 | ```bash | |
163 | acme.sh --issue -d example.com -w /var/www/html | |
164 | ``` | |
165 | ||
2b45dba5 SF |
166 | **Example 2:** Multiple domains in the same cert. |
167 | ||
168 | ```bash | |
1bb90298 | 169 | acme.sh --issue -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com |
6c0ab5d2 | 170 | ``` |
2400e41f | 171 | |
4c38fec3 | 172 | The parameter `/home/wwwroot/example.com` or `/home/username/public_html` or `/var/www/html` is the web root folder where you host your website files. You **MUST** have `write access` to this folder. |
6c0ab5d2 | 173 | |
1bb90298 AL |
174 | Second argument **"example.com"** is the main domain you want to issue the cert for. |
175 | You must have at least one domain there. | |
6c0ab5d2 | 176 | |
caa2e45a | 177 | You must point and bind all the domains to the same webroot dir: `/home/wwwroot/example.com`. |
6c0ab5d2 | 178 | |
e27dfbb0 | 179 | The certs will be placed in `~/.acme.sh/example.com/` |
6c0ab5d2 | 180 | |
e27dfbb0 | 181 | The certs will be renewed automatically every **60** days. |
6c0ab5d2 | 182 | |
6cc11ffb | 183 | More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert |
a63b05a9 | 184 | |
185 | ||
e27dfbb0 | 186 | # 3. Install the cert to Apache/Nginx etc. |
a63b05a9 | 187 | |
e27dfbb0 | 188 | After the cert is generated, you probably want to install/copy the cert to your Apache/Nginx or other servers. |
1bb90298 | 189 | You **MUST** use this command to copy the certs to the target files, **DO NOT** use the certs files in **~/.acme.sh/** folder, they are for internal use only, the folder structure may change in the future. |
2b45dba5 | 190 | |
1bb90298 | 191 | **Apache** example: |
2b45dba5 | 192 | ```bash |
cd9c3a79 | 193 | acme.sh --install-cert -d example.com \ |
5c539af7 | 194 | --cert-file /path/to/certfile/in/apache/cert.pem \ |
195 | --key-file /path/to/keyfile/in/apache/key.pem \ | |
196 | --fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \ | |
4743171b | 197 | --reloadcmd "service apache2 force-reload" |
3c33cdfa | 198 | ``` |
199 | ||
1bb90298 | 200 | **Nginx** example: |
3c33cdfa | 201 | ```bash |
cd9c3a79 | 202 | acme.sh --install-cert -d example.com \ |
5c539af7 | 203 | --key-file /path/to/keyfile/in/nginx/key.pem \ |
204 | --fullchain-file /path/to/fullchain/nginx/cert.pem \ | |
4743171b | 205 | --reloadcmd "service nginx force-reload" |
6c0ab5d2 | 206 | ``` |
7a894c4c | 207 | |
a63b05a9 | 208 | Only the domain is required, all the other parameters are optional. |
209 | ||
e27dfbb0 | 210 | The ownership and permission info of existing files are preserved. You can pre-create the files to define the ownership and permission. |
fe600441 | 211 | |
e27dfbb0 | 212 | Install/copy the cert/key to the production Apache or Nginx path. |
1bb90298 | 213 | |
61852447 | 214 | The cert will be renewed every **60** days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: `service apache2 force-reload` or `service nginx force-reload`. |
7a894c4c | 215 | |
6c0ab5d2 | 216 | |
58f75313 | 217 | **Please take care: The reloadcmd is very important. The cert can be automatically renewed, but, without a correct 'reloadcmd' the cert may not be flushed to your server(like nginx or apache), then your website will not be able to show renewed cert in 60 days.** |
bae50da7 | 218 | |
df1c9d88 | 219 | # 4. Use Standalone server to issue cert |
6c0ab5d2 | 220 | |
1bb90298 | 221 | **(requires you to be root/sudoer or have permission to listen on port 80 (TCP))** |
072290f2 | 222 | |
1bb90298 | 223 | Port `80` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again. |
2b45dba5 SF |
224 | |
225 | ```bash | |
caa2e45a | 226 | acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com |
072290f2 N |
227 | ``` |
228 | ||
6cc11ffb | 229 | More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert |
a63b05a9 | 230 | |
c9baca79 | 231 | # 5. Use Standalone ssl server to issue cert |
e22bcf7c | 232 | |
c9baca79 | 233 | **(requires you to be root/sudoer or have permission to listen on port 443 (TCP))** |
234 | ||
235 | Port `443` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again. | |
236 | ||
237 | ```bash | |
238 | acme.sh --issue --alpn -d example.com -d www.example.com -d cp.example.com | |
239 | ``` | |
240 | ||
241 | More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert | |
242 | ||
243 | ||
244 | # 6. Use Apache mode | |
2b45dba5 | 245 | |
1bb90298 | 246 | **(requires you to be root/sudoer, since it is required to interact with Apache server)** |
2b45dba5 | 247 | |
1bb90298 | 248 | If you are running a web server, Apache or Nginx, it is recommended to use the `Webroot mode`. |
a63b05a9 | 249 | |
d5865989 | 250 | Particularly, if you are running an Apache server, you can use Apache mode instead. This mode doesn't write any files to your web root folder. |
2c75b3fd | 251 | |
1bb90298 | 252 | Just set string "apache" as the second argument and it will force use of apache plugin automatically. |
2c75b3fd | 253 | |
e27dfbb0 | 254 | ```sh |
1bb90298 | 255 | acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com |
2c75b3fd | 256 | ``` |
a63b05a9 | 257 | |
84d80e93 | 258 | **This apache mode is only to issue the cert, it will not change your apache config files. |
d5865989 | 259 | You will need to configure your website config files to use the cert by yourself. |
260 | We don't want to mess your apache server, don't worry.** | |
261 | ||
6cc11ffb | 262 | More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert |
2c75b3fd | 263 | |
c9baca79 | 264 | # 7. Use Nginx mode |
1bb90298 | 265 | |
9d725af6 | 266 | **(requires you to be root/sudoer, since it is required to interact with Nginx server)** |
267 | ||
268 | If you are running a web server, Apache or Nginx, it is recommended to use the `Webroot mode`. | |
269 | ||
270 | Particularly, if you are running an nginx server, you can use nginx mode instead. This mode doesn't write any files to your web root folder. | |
271 | ||
272 | Just set string "nginx" as the second argument. | |
273 | ||
274 | It will configure nginx server automatically to verify the domain and then restore the nginx config to the original version. | |
275 | ||
276 | So, the config is not changed. | |
277 | ||
e27dfbb0 | 278 | ```sh |
9d725af6 | 279 | acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com |
280 | ``` | |
281 | ||
84d80e93 | 282 | **This nginx mode is only to issue the cert, it will not change your nginx config files. |
d5865989 | 283 | You will need to configure your website config files to use the cert by yourself. |
c1f52299 | 284 | We don't want to mess your nginx server, don't worry.** |
d5865989 | 285 | |
9d725af6 | 286 | More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert |
287 | ||
c9baca79 | 288 | # 8. Automatic DNS API integration |
a947dbc6 | 289 | |
1bb90298 | 290 | If your DNS provider supports API access, we can use that API to automatically issue the certs. |
6c0ab5d2 | 291 | |
1bb90298 | 292 | You don't have to do anything manually! |
ab497961 | 293 | |
236acbd6 | 294 | ### Currently acme.sh supports most of the dns providers: |
295 | ||
296 | https://github.com/Neilpang/acme.sh/wiki/dnsapi | |
ab497961 | 297 | |
c9baca79 | 298 | # 9. Use DNS manual mode: |
e27dfbb0 | 299 | |
46ac97a3 | 300 | See: https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode first. |
301 | ||
d5865989 | 302 | If your dns provider doesn't support any api access, you can add the txt record by your hand. |
e27dfbb0 | 303 | |
304 | ```bash | |
305 | acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com | |
306 | ``` | |
307 | ||
308 | You should get an output like below: | |
309 | ||
310 | ```sh | |
311 | Add the following txt record: | |
312 | Domain:_acme-challenge.example.com | |
313 | Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c | |
314 | ||
315 | Add the following txt record: | |
316 | Domain:_acme-challenge.www.example.com | |
317 | Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | |
318 | ||
319 | Please add those txt records to the domains. Waiting for the dns to take effect. | |
320 | ``` | |
321 | ||
322 | Then just rerun with `renew` argument: | |
323 | ||
324 | ```bash | |
325 | acme.sh --renew -d example.com | |
326 | ``` | |
327 | ||
328 | Ok, it's done. | |
329 | ||
330 | **Take care, this is dns manual mode, it can not be renewed automatically. you will have to add a new txt record to your domain by your hand when you renew your cert.** | |
331 | ||
332 | **Please use dns api mode instead.** | |
ab497961 | 333 | |
c9baca79 | 334 | # 10. Issue ECC certificates |
2b45dba5 | 335 | |
1bb90298 | 336 | `Let's Encrypt` can now issue **ECDSA** certificates. |
2b45dba5 | 337 | |
1bb90298 | 338 | And we support them too! |
1add47a6 | 339 | |
d5865989 | 340 | Just set the `keylength` parameter with a prefix `ec-`. |
2b45dba5 | 341 | |
1add47a6 | 342 | For example: |
9e6c4208 | 343 | |
bcbecff6 | 344 | ### Single domain ECC certificate |
9e6c4208 | 345 | |
2b45dba5 | 346 | ```bash |
1bb90298 | 347 | acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256 |
1add47a6 | 348 | ``` |
2b45dba5 | 349 | |
1bb90298 | 350 | ### SAN multi domain ECC certificate |
2b45dba5 SF |
351 | |
352 | ```bash | |
1bb90298 | 353 | acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256 |
9e6c4208 N |
354 | ``` |
355 | ||
d5865989 | 356 | Please look at the `keylength` parameter above. |
1add47a6 | 357 | |
358 | Valid values are: | |
359 | ||
2b45dba5 SF |
360 | 1. **ec-256 (prime256v1, "ECDSA P-256")** |
361 | 2. **ec-384 (secp384r1, "ECDSA P-384")** | |
362 | 3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)** | |
1add47a6 | 363 | |
df1c9d88 | 364 | |
df1c9d88 | 365 | |
c9baca79 | 366 | # 11. Issue Wildcard certificates |
df1c9d88 | 367 | |
e27dfbb0 | 368 | It's simple, just give a wildcard domain as the `-d` parameter. |
df1c9d88 | 369 | |
e27dfbb0 | 370 | ```sh |
f2aa5c02 | 371 | acme.sh --issue -d example.com -d '*.example.com' --dns dns_cf |
df1c9d88 | 372 | ``` |
e27dfbb0 | 373 | |
374 | ||
375 | ||
c9baca79 | 376 | # 12. How to renew the certs |
e27dfbb0 | 377 | |
378 | No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days. | |
379 | ||
380 | However, you can also force to renew a cert: | |
381 | ||
382 | ```sh | |
1bb90298 | 383 | acme.sh --renew -d example.com --force |
df1c9d88 | 384 | ``` |
385 | ||
386 | or, for ECC cert: | |
1bb90298 | 387 | |
e27dfbb0 | 388 | ```sh |
1bb90298 | 389 | acme.sh --renew -d example.com --force --ecc |
df1c9d88 | 390 | ``` |
391 | ||
1bb90298 | 392 | |
c9baca79 | 393 | # 13. How to stop cert renewal |
a4964b90 | 394 | |
e27dfbb0 | 395 | To stop renewal of a cert, you can execute the following to remove the cert from the renewal list: |
a4964b90 | 396 | |
e27dfbb0 | 397 | ```sh |
a4964b90 FW |
398 | acme.sh --remove -d example.com [--ecc] |
399 | ``` | |
400 | ||
e27dfbb0 | 401 | The cert/key file is not removed from the disk. |
a4964b90 | 402 | |
e27dfbb0 | 403 | You can remove the respective directory (e.g. `~/.acme.sh/example.com`) by yourself. |
a4964b90 | 404 | |
e27dfbb0 | 405 | |
c9baca79 | 406 | # 14. How to upgrade `acme.sh` |
1bb90298 | 407 | |
329174b6 | 408 | acme.sh is in constant development, so it's strongly recommended to use the latest code. |
df1c9d88 | 409 | |
410 | You can update acme.sh to the latest code: | |
1bb90298 | 411 | |
e27dfbb0 | 412 | ```sh |
df1c9d88 | 413 | acme.sh --upgrade |
414 | ``` | |
415 | ||
1bb90298 AL |
416 | You can also enable auto upgrade: |
417 | ||
e27dfbb0 | 418 | ```sh |
1bb90298 | 419 | acme.sh --upgrade --auto-upgrade |
59649e9b | 420 | ``` |
1bb90298 AL |
421 | |
422 | Then **acme.sh** will be kept up to date automatically. | |
59649e9b | 423 | |
424 | Disable auto upgrade: | |
1bb90298 | 425 | |
e27dfbb0 | 426 | ```sh |
1bb90298 | 427 | acme.sh --upgrade --auto-upgrade 0 |
59649e9b | 428 | ``` |
429 | ||
1bb90298 | 430 | |
c9baca79 | 431 | # 15. Issue a cert from an existing CSR |
8371b030 | 432 | |
433 | https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR | |
434 | ||
435 | ||
5d468f7c | 436 | # 16. Send notifications in cronjob |
437 | ||
438 | https://github.com/Neilpang/acme.sh/wiki/notify | |
439 | ||
440 | ||
441 | # 17. Under the Hood | |
6c0ab5d2 | 442 | |
99dc89c0 | 443 | Speak ACME language using shell, directly to "Let's Encrypt". |
6c0ab5d2 N |
444 | |
445 | TODO: | |
446 | ||
1bb90298 | 447 | |
5d468f7c | 448 | # 18. Acknowledgments |
1bb90298 | 449 | |
63f04675 N |
450 | 1. Acme-tiny: https://github.com/diafygi/acme-tiny |
451 | 2. ACME protocol: https://github.com/ietf-wg-acme/acme | |
63f04675 | 452 | |
1bb90298 | 453 | |
5d468f7c | 454 | # 19. License & Others |
6c0ab5d2 N |
455 | |
456 | License is GPLv3 | |
457 | ||
1d06c947 | 458 | Please Star and Fork me. |
6c0ab5d2 | 459 | |
1bb90298 | 460 | [Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome. |
6c0ab5d2 N |
461 | |
462 | ||
5d468f7c | 463 | # 20. Donate |
cb6f6229 | 464 | Your donation makes **acme.sh** better: |
6c0ab5d2 | 465 | |
43d3b51b | 466 | 1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/) |
84d80e93 | 467 | |
1bb90298 | 468 | [Donate List](https://github.com/Neilpang/acme.sh/wiki/Donate-list) |