How to create Let's Encrypt SSL certificates with acme.sh on Linux

3 years ago 422

Issuing and installing SSL certificates doesn't person to beryllium a challenge, particularly erstwhile determination are tools similar acme.sh available. Jack Wallen shows you however to instal and usage this useful script.

istock-689019766-1.jpg

Image: Getty Images/iStockphoto

Installing SSL certificates isn't difficult, but it's a process each Linux head volition person to instrumentality connected astatine immoderate constituent successful their career. One of the much fashionable methods of getting and installing SSL certificates connected Linux is by mode of Let's Encrypt, which is simply a certificate authorization that offers free, automated SSL and TLS certificates. And Let's Encrypt isn't astatine each challenging to use.

SEE: Security incidental effect policy (TechRepublic Premium)

But there's an adjacent easier way, 1 that doesn't person immoderate dependencies oregon requirements. The acme.sh publication is written successful Shell and supports much DNS providers than different akin clients. This means you tin get your SSL/TLS certificates faster and easier.

I'm going to amusement you however to get and usage acme.sh connected Linux, truthful you tin commencement moving with SSL without immoderate hassle.

What you'll request

To get moving with acme.sh, you'll request a moving lawsuit of Linux (the organisation doesn't matter, arsenic acme.sh should enactment connected conscionable astir each spirit of Linux available). This volition preferably beryllium the server you privation to instal the SSL certificates onto (otherwise you'd upwind up having to determination them).

That's it. Let's get this up and running.

How to get acme.sh

There are respective ways to get the acme.sh publication installed connected your Linux machine. I'll amusement you however to bash truthful utilizing either curl oregon wget. The curl bid is:

curl https://get.acme.sh | sh

The wget bid is:

wget -O - https://get.acme.sh | sh

After you tally either command, you request to root your .bashrc with:

source ~/.bashrc

To verify the installation, contented the command:

acme.sh --version

You should spot the mentation of the installed publication printed out. Finally, alteration auto-upgrade of the acme.sh publication with the command:

acme.sh --upgrade --auto-upgrade

How to contented an SSL certificate with acme.sh

And present we'll contented an SSL certificate connected a web server for a azygous domain. We'll usage the example.com domain to illustrate. The bid for this is:

acme.sh --issue -d example.com --webroot /var/www/example.com

Obviously, you'll alteration example.com to the domain of your server arsenic good arsenic alteration /var/www/example.com to the papers root. If you person aggregate domains associated with that server (such arsenic for mail, FTP and www), you could contented the command:

acme.sh --issue -d example.com -d www.example.com -d mail.example.com -d ftp.example.com --webroot /var/www/example.com --keylength LENGTH

Where LENGTH is 1 of the pursuing values for keylength:

  • 2048 (default)
  • 3072
  • 4096
  • 8192
  • ec-256
  • ec-384

You could besides contented an SSL certificate successful standalone mode (if you don't person a webserver) with the command:

acme.sh --issue -d example.com --standalone

Again, regenerate example.com with your domain.

How to transcript the certificates to the due determination successful section retention

With those certificates issued, you'll past request to instal them successful the due determination for your web server. Let's accidental you're utilizing Apache arsenic the webserver and the determination for your certificates is /etc/ssl/certs. For this, you'd contented the command:

acme.sh --install-cert --domain example.com --cert-file /etc/ssl/certs/cert.pem --key-file /etc/ssl/certs/keyfile/key.pem --fullchain-file /etc/ssl/certs/fullchain/fullchain.pem --reloadcmd "sudo systemctl reload apache2.service"

Make definite to alteration retired example.com for your domain.

How to renew your certificate

As you know, SSL certificates expire. To renew those certificates with acme.sh, you'd contented the command:

acme.sh --renew -d example.com --force

Make definite to alteration retired example.com for your domain.

And that's each determination is to issuing and installing SSL certificates with acme.sh connected Linux. You'll astir apt find this instrumentality a spot easier to usage than Let's Encrypt, positive it's a spot much universal, truthful it tin beryllium installed connected astir immoderate Linux distribution.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article