Issuing and installing SSL certificates doesn't person to beryllium a challenge, particularly erstwhile determination are tools similar acme.sh available. Jack Wallen shows you however to instal and usage this useful script.
Installing SSL certificates isn't difficult, but it's a process each Linux head volition person to instrumentality connected astatine immoderate constituent successful their career. One of the much fashionable methods of getting and installing SSL certificates connected Linux is by mode of Let's Encrypt, which is simply a certificate authorization that offers free, automated SSL and TLS certificates. And Let's Encrypt isn't astatine each challenging to use.
SEE: Security incidental effect policy (TechRepublic Premium)
But there's an adjacent easier way, 1 that doesn't person immoderate dependencies oregon requirements. The acme.sh publication is written successful Shell and supports much DNS providers than different akin clients. This means you tin get your SSL/TLS certificates faster and easier.
I'm going to amusement you however to get and usage acme.sh connected Linux, truthful you tin commencement moving with SSL without immoderate hassle.
What you'll request
To get moving with acme.sh, you'll request a moving lawsuit of Linux (the organisation doesn't matter, arsenic acme.sh should enactment connected conscionable astir each spirit of Linux available). This volition preferably beryllium the server you privation to instal the SSL certificates onto (otherwise you'd upwind up having to determination them).
That's it. Let's get this up and running.
How to get acme.sh
There are respective ways to get the acme.sh publication installed connected your Linux machine. I'll amusement you however to bash truthful utilizing either curl oregon wget. The curl bid is:
curl https://get.acme.sh | shThe wget bid is:
wget -O - https://get.acme.sh | shAfter you tally either command, you request to root your .bashrc with:
source ~/.bashrcTo verify the installation, contented the command:
acme.sh --versionYou should spot the mentation of the installed publication printed out. Finally, alteration auto-upgrade of the acme.sh publication with the command:
acme.sh --upgrade --auto-upgradeHow to contented an SSL certificate with acme.sh
And present we'll contented an SSL certificate connected a web server for a azygous domain. We'll usage the example.com domain to illustrate. The bid for this is:
acme.sh --issue -d example.com --webroot /var/www/example.comObviously, you'll alteration example.com to the domain of your server arsenic good arsenic alteration /var/www/example.com to the papers root. If you person aggregate domains associated with that server (such arsenic for mail, FTP and www), you could contented the command:
acme.sh --issue -d example.com -d www.example.com -d mail.example.com -d ftp.example.com --webroot /var/www/example.com --keylength LENGTHWhere LENGTH is 1 of the pursuing values for keylength:
- 2048 (default)
- 3072
- 4096
- 8192
- ec-256
- ec-384
You could besides contented an SSL certificate successful standalone mode (if you don't person a webserver) with the command:
acme.sh --issue -d example.com --standaloneAgain, regenerate example.com with your domain.
How to transcript the certificates to the due determination successful section retention
With those certificates issued, you'll past request to instal them successful the due determination for your web server. Let's accidental you're utilizing Apache arsenic the webserver and the determination for your certificates is /etc/ssl/certs. For this, you'd contented the command:
acme.sh --install-cert --domain example.com --cert-file /etc/ssl/certs/cert.pem --key-file /etc/ssl/certs/keyfile/key.pem --fullchain-file /etc/ssl/certs/fullchain/fullchain.pem --reloadcmd "sudo systemctl reload apache2.service"Make definite to alteration retired example.com for your domain.
How to renew your certificate
As you know, SSL certificates expire. To renew those certificates with acme.sh, you'd contented the command:
acme.sh --renew -d example.com --forceMake definite to alteration retired example.com for your domain.
And that's each determination is to issuing and installing SSL certificates with acme.sh connected Linux. You'll astir apt find this instrumentality a spot easier to usage than Let's Encrypt, positive it's a spot much universal, truthful it tin beryllium installed connected astir immoderate Linux distribution.
Cybersecurity Insider Newsletter
Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays
Sign up todayAlso spot
- Cybersecurity: Don't blasted employees—make them consciousness similar portion of the solution (TechRepublic)
- The information and privateness down IBM's Digital Health Pass (TechRepublic)
- How to go a cybersecurity pro: A cheat sheet (TechRepublic)
- Security threats connected the horizon: What IT pro's request to cognize (free PDF) (TechRepublic)
- Checklist: Securing integer information (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)