Support this project with your organization. This project exists thanks to all the people who contribute.īecome a financial contributor and help us sustain our community. Speak ACME language using shell, directly to "Let's Encrypt". Port 80 (TCP) MUST be free to listen on, otherwise you will be prompted to free it and try again.Īcme.sh -upgrade -auto-upgrade 0 15. (requires you to be root/sudoer or have permission to listen on port 80 (TCP)) The cert can be automatically renewed, but, without a correct 'reloadcmd' the cert may not be flushed to your server(like nginx or apache), then your website will not be able to show renewed cert in 60 days. Please take care: The reloadcmd is very important. Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: service apache2 force-reload or service nginx force-reload. The cert will be renewed every 60 days by default (which is configurable). Install/copy the cert/key to the production Apache or Nginx path. You can pre-create the files to define the ownership and permission. The ownership and permission info of existing files are preserved. Only the domain is required, all the other parameters are optional. fullchain-file /path/to/fullchain/nginx/cert.pem \ key-file /path/to/keyfile/in/nginx/key.pem \ You MUST use this command to copy the certs to the target files, DO NOT use the certs files in ~/.acme.sh/ folder, they are for internal use only, the folder structure may change in the future. Install the cert to Apache/Nginx etc.Īfter the cert is generated, you probably want to install/copy the cert to your Apache/Nginx or other servers. The certs will be renewed automatically every 60 days. You must point and bind all the domains to the same webroot dir: /home/The certs will be placed in ~/.acme.sh// Second argument "" is the main domain you want to issue the cert for. The parameter /home/You MUST have write access to this folder. Version 4.x, 5.0, 5.1, version 5.2 and upĪcme.sh -issue -d -d -d cp. -w /home/wwwroot/ Windows (cygwin with curl, openssl and crontab included) It's probably the easiest
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |