Ready for Next
GitHub

Process of applying for an SSL certificate using acme.sh and installing it on a server with an existing LNMP environment deployed

Process of applying for an SSL certificate using acme.sh and installing it on a server with an existing LNMP environment deployed
// 2 min read DevOps

1. ACME Client Implementations 1.1 Install Online curl https://get.acme.sh | sh -s email=my@example.com 1.2 Or install from Git git clone https://github.com/acmesh-official/acme.sh.git cd ./acme.sh ./acme.sh –install -m my@example.com The installer will perform 3 actions: Create and copy acme.sh to your home directory ($HOME): ~/.acme.sh/. All certificates will also be stored in this directory. Create an alias: acme.sh=~/.acme.sh/acme.sh. Create […]

1. ACME Client Implementations

1.1 Install Online

curl https://get.acme.sh | sh -s email=my@example.com

1.2 Or install from Git

git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m my@example.com

The installer will perform 3 actions:

  • Create and copy acme.sh to your home directory ($HOME): ~/.acme.sh/. All certificates will also be stored in this directory.
  • Create an alias: acme.sh=~/.acme.sh/acme.sh.
  • Create a daily cron job to automatically check and renew certificates when needed.

2. Apply for a Certificate

2.1 Domain Validation (HTTP Method)

Before running the following command, make sure that port 80 on your server is not being used by other programs. If it is (for example, Nginx), temporarily stop it (lnmp nginx stop). You also need to add an A record in Cloudflare DNS beforehand (if the domain points to an internal network bound via DDNS, add a CNAME record pointing to the secondary domain provided by the DDNS service provider). You may enable Cloudflare CDN (CDN does not affect HTTP-based validation):

acme.sh --issue --standalone -d yourdomain.com -d www.yourdomain.com -k ec-256

The certificates obtained by this script will be stored in:

~/.acme.sh/yourdomain.com_ecc

2.2 Install the Certificate to the Virtual Host

First, start Nginx:

lnmp nginx start

Then add a virtual host:

lnmp vhost add

At this step, when prompted to choose the type of certificate, select use your own certificate, and provide the following paths for the certificate and key:

/root/.acme.sh/yourdomain.com_ecc/yourdomain.com.cer
/root/.acme.sh/yourdomain.com_ecc/yourdomain.com.key

Other settings such as database configuration and URL rewriting are the same as the standard process and will not be repeated here.

3. Certificate Renewal

The issued certificate is valid for 90 days. The script automatically renews the certificate every 60 days (this interval may be shortened in the future). The renewal process is fully automatic. You can also manually force a certificate renewal using the following command:

acme.sh --renew -d yourdomain.com --force --ecc