Let's Encrypt is a non-profit Certificate Authority (CA) run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. Its goal is to make all websites secure using HTTPS.
acme.sh is a Shell script that let's you request SSL certificates from different Certificate Authorities (CAs). At the moment I am writing this blog post,
acme.sh supports the following CAs:
ZeroSSL is the default CA.
In order to request a Let's Encrypt certificate, one can pass the
--server letsencrypt directive to change the CA. The default CA can also be changed by issuing:
acme.sh --set-default-ca --server letsencrypt
Let's Encrypt has IPv6 support. However, you can pass
--listen-v6 to specify whether to use IPv4 or IPv6 to listen.
acme.sh --server letsencrypt --issue --listen-v4 -d sysadmin-journal.com -w /srv/www/sysadmin-journal.com
The above command lets you request a certificate through the Let's Encrypt CA, using the webroot method. In this method, a verification file is created in the webroot path, inside the
Once verification is complete, the file is removed and the certificate, the intermediary certificate and the key are deposited at
git clone https://github.com/acmesh-official/acme.sh.git cd acme.sh ./acme.sh --install -m firstname.lastname@example.org
The above will create the
.acme.sh directory in your home directory. Hence, the script will be available as
~./acme.sh/acme.sh. Else, you could also simply clone the project in the
/opt directory and create a symlink to the script