Science & Technology

How to Create Let’s Encrypt SSL Certificate Using acme.sh on Linux

Issuing and installing an SSL certificate is not difficult, especially if tools like acme.sh are available. Jack Wallen will show you how to install and use this handy script.

Image: Getty Images / iStockphoto

Installing an SSL certificate is not difficult, but it is a process that every Linux administrator must perform at some point in their career. One of the most common ways to get and install an SSL certificate on Linux is to use Let’s Encrypt, a certificate authority that offers free, automated SSL and TLS certificates. And Let’s Encrypt isn’t hard to use at all.

look: Security Incident Response Policy (TechRepublic Premium)

But there is an easier way. It’s a method with no dependencies or requirements. The acme.sh script is written in a shell and supports more DNS providers than other similar clients. This means that you can get an SSL / TLS certificate faster and easier.

I will show you how to get and use acme.sh on Linux. This allows you to get started with SSL without any hassle.

Things necessary

To use acme.sh, you need a running instance of Linux (acme.sh works with almost all flavors of Linux available, regardless of distribution). This should be the server where you want to install the SSL certificate (otherwise you will have to move the SSL certificate).

that’s it. Let’s get this working.

How to get acme.sh

There are several ways to install the acme.sh script on your Linux machine. I’ll show you how to do this using curl or wget. The curl command is:

curl https://get.acme.sh | sh

The wget command is:

wget -O - https://get.acme.sh | sh

After running one of the commands, you need to get the .bashrc using the following command:

source ~/.bashrc

To verify the installation, issue the following command:

acme.sh --version

You can see that the version of the installed script is printed. Finally, enable automatic upgrades for the acme.sh script using the following command:

acme.sh --upgrade --auto-upgrade

How to issue an SSL certificate with acme.sh

Then issue an SSL certificate on a single domain web server. Use the example.com domain for illustration. The command for this is:

acme.sh --issue -d example.com --webroot /var/www/example.com

Of course, change example.com to the domain of the server and / var / www /example.com to the document root. If the server has multiple domains associated with it (mail, FTP, www, etc.), you can issue the following command:

acme.sh --issue -d example.com -d www.example.com -d mail.example.com -d ftp.example.com --webroot /var/www/example.com --keylength LENGTH

Where LENGTH is one of the following values ​​for keylength:

  • 2048 (default)
  • 3072
  • 4096
  • 8192
  • ec-256
  • ec-384

You can also issue an SSL certificate in standalone mode (if you do not have a web server) using the following command:

acme.sh --issue -d example.com --standalone

Again, replace example.com with your domain.

How to copy the certificate to the appropriate location on your local storage

Once these certificates are issued, you need to install them in the appropriate location on your web server. Suppose you are using Apache as your web server and the certificate location is / etc / ssl / certs. To do this, issue the following command:

acme.sh --install-cert --domain example.com --cert-file /etc/ssl/certs/cert.pem --key-file /etc/ssl/certs/keyfile/key.pem --fullchain-file /etc/ssl/certs/fullchain/fullchain.pem --reloadcmd "sudo systemctl reload apache2.service"

Be sure to change the domain example.com.

How to renew a certificate

As you know, the SSL certificate will expire. To renew these certificates with acme.sh, issue the following command:

acme.sh --renew -d example.com --force

Be sure to change the domain example.com.

That’s all there is to issuing and installing an SSL certificate using acme.sh on Linux. Not only is this tool a bit easier to use than Let’s Encrypt, but it’s also a bit more universal, so it can be installed on almost any Linux distribution.

See also

How to Create Let’s Encrypt SSL Certificate Using acme.sh on Linux

https://www.techrepublic.com/article/how-to-create-lets-encrypt-ssl-certificates-with-acme-sh-on-linux/#ftag=RSS56d97e7 How to Create Let’s Encrypt SSL Certificate Using acme.sh on Linux

Back to top button