]>
Commit | Line | Data |
---|---|---|
1 | # An ACME Shell script: acme.sh | |
2 | ||
3 | [![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml) | |
4 | [![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml) | |
5 | [![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml) | |
6 | [![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml) | |
7 | [![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml) | |
8 | [![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml) | |
9 | [![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml) | |
10 | [![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml) | |
11 | ||
12 | ||
13 | ![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg) | |
14 | ![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) | |
15 | ![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg) | |
16 | ||
17 | ||
18 | <a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> | |
19 | [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) | |
20 | [![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") | |
21 | [![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") | |
22 | ||
23 | ||
24 | ||
25 | - An ACME protocol client written purely in Shell (Unix shell) language. | |
26 | - Full ACME protocol implementation. | |
27 | - Support ECDSA certs | |
28 | - Support SAN and wildcard certs | |
29 | - Simple, powerful and very easy to use. You only need 3 minutes to learn it. | |
30 | - Bash, dash and sh compatible. | |
31 | - Purely written in Shell with no dependencies on python. | |
32 | - Just one script to issue, renew and install your certificates automatically. | |
33 | - DOES NOT require `root/sudoer` access. | |
34 | - Docker ready | |
35 | - IPv6 ready | |
36 | - Cron job notifications for renewal or error etc. | |
37 | ||
38 | It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates. | |
39 | ||
40 | Wiki: https://github.com/acmesh-official/acme.sh/wiki | |
41 | ||
42 | For Docker Fans: [acme.sh :two_hearts: Docker ](https://github.com/acmesh-official/acme.sh/wiki/Run-acme.sh-in-docker) | |
43 | ||
44 | Twitter: [@neilpangxa](https://twitter.com/neilpangxa) | |
45 | ||
46 | ||
47 | # [中文说明](https://github.com/acmesh-official/acme.sh/wiki/%E8%AF%B4%E6%98%8E) | |
48 | ||
49 | # Who: | |
50 | - [FreeBSD.org](https://blog.crashed.org/letsencrypt-in-freebsd-org/) | |
51 | - [ruby-china.org](https://ruby-china.org/topics/31983) | |
52 | - [Proxmox](https://pve.proxmox.com/wiki/Certificate_Management) | |
53 | - [pfsense](https://github.com/pfsense/FreeBSD-ports/pull/89) | |
54 | - [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty) | |
55 | - [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709) | |
56 | - [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html) | |
57 | - [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297) | |
58 | - [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient) | |
59 | - [CentOS Web Panel](https://control-webpanel.com) | |
60 | - [lnmp.org](https://lnmp.org/) | |
61 | - [more...](https://github.com/acmesh-official/acme.sh/wiki/Blogs-and-tutorials) | |
62 | ||
63 | # Tested OS | |
64 | ||
65 | | NO | Status| Platform| | |
66 | |----|-------|---------| | |
67 | |1|[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)|Mac OSX | |
68 | |2|[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)|Windows (cygwin with curl, openssl and crontab included) | |
69 | |3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)|FreeBSD | |
70 | |4|[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)|Solaris | |
71 | |5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)| Ubuntu | |
72 | |6|NA|pfsense | |
73 | |7|[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml)|OpenBSD | |
74 | |8|[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml)|NetBSD | |
75 | |9|[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml)|DragonFlyBSD | |
76 | |10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian | |
77 | |11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS | |
78 | |12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE | |
79 | |13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl) | |
80 | |14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux | |
81 | |15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora | |
82 | |16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux | |
83 | |17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux | |
84 | |18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia | |
85 | |19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux | |
86 | |10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux | |
87 | |11|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 | |
88 | |22|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) | |
89 | |23|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) | |
90 | ||
91 | ||
92 | Check our [testing project](https://github.com/acmesh-official/acmetest): | |
93 | ||
94 | https://github.com/acmesh-official/acmetest | |
95 | ||
96 | # Supported CA | |
97 | ||
98 | - [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)(default) | |
99 | - Letsencrypt.org CA | |
100 | - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA) | |
101 | - [SSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA) | |
102 | - [Google.com Public CA](https://github.com/acmesh-official/acme.sh/wiki/Google-Public-CA) | |
103 | - [Pebble strict Mode](https://github.com/letsencrypt/pebble) | |
104 | - Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA | |
105 | ||
106 | # Supported modes | |
107 | ||
108 | - Webroot mode | |
109 | - Standalone mode | |
110 | - Standalone tls-alpn mode | |
111 | - Apache mode | |
112 | - Nginx mode | |
113 | - DNS mode | |
114 | - [DNS alias mode](https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode) | |
115 | - [Stateless mode](https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode) | |
116 | ||
117 | ||
118 | # 1. How to install | |
119 | ||
120 | ### 1. Install online | |
121 | ||
122 | Check this project: https://github.com/acmesh-official/get.acme.sh | |
123 | ||
124 | ```bash | |
125 | curl https://get.acme.sh | sh -s email=my@example.com | |
126 | ``` | |
127 | ||
128 | Or: | |
129 | ||
130 | ```bash | |
131 | wget -O - https://get.acme.sh | sh -s email=my@example.com | |
132 | ``` | |
133 | ||
134 | ||
135 | ### 2. Or, Install from git | |
136 | ||
137 | Clone this project and launch installation: | |
138 | ||
139 | ```bash | |
140 | git clone https://github.com/acmesh-official/acme.sh.git | |
141 | cd ./acme.sh | |
142 | ./acme.sh --install -m my@example.com | |
143 | ``` | |
144 | ||
145 | You `don't have to be root` then, although `it is recommended`. | |
146 | ||
147 | Advanced Installation: https://github.com/acmesh-official/acme.sh/wiki/How-to-install | |
148 | ||
149 | The installer will perform 3 actions: | |
150 | ||
151 | 1. Create and copy `acme.sh` to your home dir (`$HOME`): `~/.acme.sh/`. | |
152 | All certs will be placed in this folder too. | |
153 | 2. Create alias for: `acme.sh=~/.acme.sh/acme.sh`. | |
154 | 3. Create daily cron job to check and renew the certs if needed. | |
155 | ||
156 | Cron entry example: | |
157 | ||
158 | ```bash | |
159 | 0 0 * * * "/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null | |
160 | ``` | |
161 | ||
162 | After the installation, you must close the current terminal and reopen it to make the alias take effect. | |
163 | ||
164 | Ok, you are ready to issue certs now. | |
165 | ||
166 | Show help message: | |
167 | ||
168 | ```sh | |
169 | root@v1:~# acme.sh -h | |
170 | ``` | |
171 | ||
172 | # 2. Just issue a cert | |
173 | ||
174 | **Example 1:** Single domain. | |
175 | ||
176 | ```bash | |
177 | acme.sh --issue -d example.com -w /home/wwwroot/example.com | |
178 | ``` | |
179 | ||
180 | or: | |
181 | ||
182 | ```bash | |
183 | acme.sh --issue -d example.com -w /home/username/public_html | |
184 | ``` | |
185 | ||
186 | or: | |
187 | ||
188 | ```bash | |
189 | acme.sh --issue -d example.com -w /var/www/html | |
190 | ``` | |
191 | ||
192 | **Example 2:** Multiple domains in the same cert. | |
193 | ||
194 | ```bash | |
195 | acme.sh --issue -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com | |
196 | ``` | |
197 | ||
198 | The parameter `/home/wwwroot/example.com` or `/home/username/public_html` or `/var/www/html` is the web root folder where you host your website files. You **MUST** have `write access` to this folder. | |
199 | ||
200 | Second argument **"example.com"** is the main domain you want to issue the cert for. | |
201 | You must have at least one domain there. | |
202 | ||
203 | You must point and bind all the domains to the same webroot dir: `/home/wwwroot/example.com`. | |
204 | ||
205 | The certs will be placed in `~/.acme.sh/example.com/` | |
206 | ||
207 | The certs will be renewed automatically every **60** days. | |
208 | ||
209 | More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert | |
210 | ||
211 | ||
212 | # 3. Install the cert to Apache/Nginx etc. | |
213 | ||
214 | After the cert is generated, you probably want to install/copy the cert to your Apache/Nginx or other servers. | |
215 | You **MUST** use this command to copy the certs to the target files, **DO NOT** use the certs files in **~/.acme.sh/** folder, they are for internal use only, the folder structure may change in the future. | |
216 | ||
217 | **Apache** example: | |
218 | ```bash | |
219 | acme.sh --install-cert -d example.com \ | |
220 | --cert-file /path/to/certfile/in/apache/cert.pem \ | |
221 | --key-file /path/to/keyfile/in/apache/key.pem \ | |
222 | --fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \ | |
223 | --reloadcmd "service apache2 force-reload" | |
224 | ``` | |
225 | ||
226 | **Nginx** example: | |
227 | ```bash | |
228 | acme.sh --install-cert -d example.com \ | |
229 | --key-file /path/to/keyfile/in/nginx/key.pem \ | |
230 | --fullchain-file /path/to/fullchain/nginx/cert.pem \ | |
231 | --reloadcmd "service nginx force-reload" | |
232 | ``` | |
233 | ||
234 | Only the domain is required, all the other parameters are optional. | |
235 | ||
236 | The ownership and permission info of existing files are preserved. You can pre-create the files to define the ownership and permission. | |
237 | ||
238 | Install/copy the cert/key to the production Apache or Nginx path. | |
239 | ||
240 | The cert will be renewed every **60** days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: `service apache2 force-reload` or `service nginx force-reload`. | |
241 | ||
242 | ||
243 | **Please take care: The reloadcmd is very important. The cert can be automatically renewed, but, without a correct 'reloadcmd' the cert may not be flushed to your server(like nginx or apache), then your website will not be able to show renewed cert in 60 days.** | |
244 | ||
245 | # 4. Use Standalone server to issue cert | |
246 | ||
247 | **(requires you to be root/sudoer or have permission to listen on port 80 (TCP))** | |
248 | ||
249 | Port `80` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again. | |
250 | ||
251 | ```bash | |
252 | acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com | |
253 | ``` | |
254 | ||
255 | More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert | |
256 | ||
257 | # 5. Use Standalone ssl server to issue cert | |
258 | ||
259 | **(requires you to be root/sudoer or have permission to listen on port 443 (TCP))** | |
260 | ||
261 | Port `443` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again. | |
262 | ||
263 | ```bash | |
264 | acme.sh --issue --alpn -d example.com -d www.example.com -d cp.example.com | |
265 | ``` | |
266 | ||
267 | More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert | |
268 | ||
269 | ||
270 | # 6. Use Apache mode | |
271 | ||
272 | **(requires you to be root/sudoer, since it is required to interact with Apache server)** | |
273 | ||
274 | If you are running a web server, it is recommended to use the `Webroot mode`. | |
275 | ||
276 | Particularly, if you are running an Apache server, you can use Apache mode instead. This mode doesn't write any files to your web root folder. | |
277 | ||
278 | Just set string "apache" as the second argument and it will force use of apache plugin automatically. | |
279 | ||
280 | ```sh | |
281 | acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com | |
282 | ``` | |
283 | ||
284 | **This apache mode is only to issue the cert, it will not change your apache config files. | |
285 | You will need to configure your website config files to use the cert by yourself. | |
286 | We don't want to mess with your apache server, don't worry.** | |
287 | ||
288 | More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert | |
289 | ||
290 | # 7. Use Nginx mode | |
291 | ||
292 | **(requires you to be root/sudoer, since it is required to interact with Nginx server)** | |
293 | ||
294 | If you are running a web server, it is recommended to use the `Webroot mode`. | |
295 | ||
296 | Particularly, if you are running an nginx server, you can use nginx mode instead. This mode doesn't write any files to your web root folder. | |
297 | ||
298 | Just set string "nginx" as the second argument. | |
299 | ||
300 | It will configure nginx server automatically to verify the domain and then restore the nginx config to the original version. | |
301 | ||
302 | So, the config is not changed. | |
303 | ||
304 | ```sh | |
305 | acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com | |
306 | ``` | |
307 | ||
308 | **This nginx mode is only to issue the cert, it will not change your nginx config files. | |
309 | You will need to configure your website config files to use the cert by yourself. | |
310 | We don't want to mess with your nginx server, don't worry.** | |
311 | ||
312 | More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert | |
313 | ||
314 | # 8. Automatic DNS API integration | |
315 | ||
316 | If your DNS provider supports API access, we can use that API to automatically issue the certs. | |
317 | ||
318 | You don't have to do anything manually! | |
319 | ||
320 | ### Currently acme.sh supports most of the dns providers: | |
321 | ||
322 | https://github.com/acmesh-official/acme.sh/wiki/dnsapi | |
323 | ||
324 | # 9. Use DNS manual mode: | |
325 | ||
326 | See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode first. | |
327 | ||
328 | If your dns provider doesn't support any api access, you can add the txt record by hand. | |
329 | ||
330 | ```bash | |
331 | acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com | |
332 | ``` | |
333 | ||
334 | You should get an output like below: | |
335 | ||
336 | ```sh | |
337 | Add the following txt record: | |
338 | Domain:_acme-challenge.example.com | |
339 | Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c | |
340 | ||
341 | Add the following txt record: | |
342 | Domain:_acme-challenge.www.example.com | |
343 | Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | |
344 | ||
345 | Please add those txt records to the domains. Waiting for the dns to take effect. | |
346 | ``` | |
347 | ||
348 | Then just rerun with `renew` argument: | |
349 | ||
350 | ```bash | |
351 | acme.sh --renew -d example.com | |
352 | ``` | |
353 | ||
354 | Ok, it's done. | |
355 | ||
356 | **Take care, this is dns manual mode, it can not be renewed automatically. you will have to add a new txt record to your domain by your hand when you renew your cert.** | |
357 | ||
358 | **Please use dns api mode instead.** | |
359 | ||
360 | # 10. Issue ECC certificates | |
361 | ||
362 | Just set the `keylength` parameter with a prefix `ec-`. | |
363 | ||
364 | For example: | |
365 | ||
366 | ### Single domain ECC certificate | |
367 | ||
368 | ```bash | |
369 | acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256 | |
370 | ``` | |
371 | ||
372 | ### SAN multi domain ECC certificate | |
373 | ||
374 | ```bash | |
375 | acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256 | |
376 | ``` | |
377 | ||
378 | Please look at the `keylength` parameter above. | |
379 | ||
380 | Valid values are: | |
381 | ||
382 | 1. **ec-256 (prime256v1, "ECDSA P-256", which is the default key type)** | |
383 | 2. **ec-384 (secp384r1, "ECDSA P-384")** | |
384 | 3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)** | |
385 | 4. **2048 (RSA2048)** | |
386 | 5. **3072 (RSA3072)** | |
387 | 6. **4096 (RSA4096)** | |
388 | ||
389 | ||
390 | # 11. Issue Wildcard certificates | |
391 | ||
392 | It's simple, just give a wildcard domain as the `-d` parameter. | |
393 | ||
394 | ```sh | |
395 | acme.sh --issue -d example.com -d '*.example.com' --dns dns_cf | |
396 | ``` | |
397 | ||
398 | ||
399 | ||
400 | # 12. How to renew the certs | |
401 | ||
402 | No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days. | |
403 | ||
404 | However, you can also force to renew a cert: | |
405 | ||
406 | ```sh | |
407 | acme.sh --renew -d example.com --force | |
408 | ``` | |
409 | ||
410 | or, for ECC cert: | |
411 | ||
412 | ```sh | |
413 | acme.sh --renew -d example.com --force --ecc | |
414 | ``` | |
415 | ||
416 | ||
417 | # 13. How to stop cert renewal | |
418 | ||
419 | To stop renewal of a cert, you can execute the following to remove the cert from the renewal list: | |
420 | ||
421 | ```sh | |
422 | acme.sh --remove -d example.com [--ecc] | |
423 | ``` | |
424 | ||
425 | The cert/key file is not removed from the disk. | |
426 | ||
427 | You can remove the respective directory (e.g. `~/.acme.sh/example.com`) by yourself. | |
428 | ||
429 | ||
430 | # 14. How to upgrade `acme.sh` | |
431 | ||
432 | acme.sh is in constant development, so it's strongly recommended to use the latest code. | |
433 | ||
434 | You can update acme.sh to the latest code: | |
435 | ||
436 | ```sh | |
437 | acme.sh --upgrade | |
438 | ``` | |
439 | ||
440 | You can also enable auto upgrade: | |
441 | ||
442 | ```sh | |
443 | acme.sh --upgrade --auto-upgrade | |
444 | ``` | |
445 | ||
446 | Then **acme.sh** will be kept up to date automatically. | |
447 | ||
448 | Disable auto upgrade: | |
449 | ||
450 | ```sh | |
451 | acme.sh --upgrade --auto-upgrade 0 | |
452 | ``` | |
453 | ||
454 | ||
455 | # 15. Issue a cert from an existing CSR | |
456 | ||
457 | https://github.com/acmesh-official/acme.sh/wiki/Issue-a-cert-from-existing-CSR | |
458 | ||
459 | ||
460 | # 16. Send notifications in cronjob | |
461 | ||
462 | https://github.com/acmesh-official/acme.sh/wiki/notify | |
463 | ||
464 | ||
465 | # 17. Under the Hood | |
466 | ||
467 | Speak ACME language using shell, directly to "Let's Encrypt". | |
468 | ||
469 | TODO: | |
470 | ||
471 | ||
472 | # 18. Acknowledgments | |
473 | ||
474 | 1. Acme-tiny: https://github.com/diafygi/acme-tiny | |
475 | 2. ACME protocol: https://github.com/ietf-wg-acme/acme | |
476 | ||
477 | ||
478 | ## Contributors | |
479 | ||
480 | ### Code Contributors | |
481 | ||
482 | This project exists thanks to all the people who contribute. | |
483 | <a href="https://github.com/acmesh-official/acme.sh/graphs/contributors"><img src="https://opencollective.com/acmesh/contributors.svg?width=890&button=false" /></a> | |
484 | ||
485 | ### Financial Contributors | |
486 | ||
487 | Become a financial contributor and help us sustain our community. [[Contribute](https://opencollective.com/acmesh/contribute)] | |
488 | ||
489 | #### Individuals | |
490 | ||
491 | <a href="https://opencollective.com/acmesh"><img src="https://opencollective.com/acmesh/individuals.svg?width=890"></a> | |
492 | ||
493 | #### Organizations | |
494 | ||
495 | Support this project with your organization. Your logo will show up here with a link to your website. [[Contribute](https://opencollective.com/acmesh/contribute)] | |
496 | ||
497 | <a href="https://opencollective.com/acmesh/organization/0/website"><img src="https://opencollective.com/acmesh/organization/0/avatar.svg"></a> | |
498 | <a href="https://opencollective.com/acmesh/organization/1/website"><img src="https://opencollective.com/acmesh/organization/1/avatar.svg"></a> | |
499 | <a href="https://opencollective.com/acmesh/organization/2/website"><img src="https://opencollective.com/acmesh/organization/2/avatar.svg"></a> | |
500 | <a href="https://opencollective.com/acmesh/organization/3/website"><img src="https://opencollective.com/acmesh/organization/3/avatar.svg"></a> | |
501 | <a href="https://opencollective.com/acmesh/organization/4/website"><img src="https://opencollective.com/acmesh/organization/4/avatar.svg"></a> | |
502 | <a href="https://opencollective.com/acmesh/organization/5/website"><img src="https://opencollective.com/acmesh/organization/5/avatar.svg"></a> | |
503 | <a href="https://opencollective.com/acmesh/organization/6/website"><img src="https://opencollective.com/acmesh/organization/6/avatar.svg"></a> | |
504 | <a href="https://opencollective.com/acmesh/organization/7/website"><img src="https://opencollective.com/acmesh/organization/7/avatar.svg"></a> | |
505 | <a href="https://opencollective.com/acmesh/organization/8/website"><img src="https://opencollective.com/acmesh/organization/8/avatar.svg"></a> | |
506 | <a href="https://opencollective.com/acmesh/organization/9/website"><img src="https://opencollective.com/acmesh/organization/9/avatar.svg"></a> | |
507 | ||
508 | ||
509 | ||
510 | # 19. License & Others | |
511 | ||
512 | License is GPLv3 | |
513 | ||
514 | Please Star and Fork me. | |
515 | ||
516 | [Issues](https://github.com/acmesh-official/acme.sh/issues) and [pull requests](https://github.com/acmesh-official/acme.sh/pulls) are welcome. | |
517 | ||
518 | ||
519 | # 20. Donate | |
520 | Your donation makes **acme.sh** better: | |
521 | ||
522 | 1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/) | |
523 | ||
524 | [Donate List](https://github.com/acmesh-official/acme.sh/wiki/Donate-list) |