wiki-grav/pages/02.linux/acme-sh/default.en.md

---
title: ACME.SH
visible: true
---

[toc]

## Getting ACME.SH

[shuser]

```sh
git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m [EMAIL]
```

[/shuser]

## First time ZeroSSL registration

[shuser]

```sh
.acme.sh/acme.sh --register-account -m [EMAIL]
```

[/shuser]

## Issue new certificate

Needs root to start a server on port 80

[shroot]

```sh
.acme.sh/acme.sh --issue --standalone -d [DOMAIN]
```

[/shroot]

## Issue new certificate with DNS API

> [Official Documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)

### Gandi

[shuser]

```sh
export GANDI_LIVEDNS_KEY="[API KEY]"
```

[/shuser]

[shuser]

```sh
.acme.sh/acme.sh --issue --dns dns_gandi_livedns -d [DOMAIN]
```

[/shuser]

## Install certificate

Make sure to create the `/etc/acme-sh/(url)` directory

[shuser]

```sh
export url=[URL] \
    && mkdir -p /etc/acme-sh/{$url} \
    && .acme.sh/acme.sh --install-cert -d $url \
        --key-file       /etc/acme-sh/{$url}/key.pem  \
        --fullchain-file /etc/acme-sh/{$url}/cert.pem \
        --reloadcmd     "sudo systemctl restart nginx"
```

[/shuser]

## Systems Service & Timer

`/etc/systemd/system/acme-sh.service`

```systemd
[Unit]
Description=Renew certificates using acme.sh
After=network-online.target

[Service]
Type=oneshot
ExecStart=(path to acme.sh) --cron --home (path to acme folder)
User=wiki

SuccessExitStatus=0 2
```

`/etc/systemd/system/acme.timer`

```systemd
[Unit]
Description=Daily renewal of certificates

[Timer]
OnCalendar=daily
RandomizedDelaySec=1h
Persistent=true

[Install]
WantedBy=timers.target
```

Enable timer
[shroot]

```sh
systemctl enable --now acme-sh.timer
```

[/shroot]
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`---`
			`title: ACME.SH`
Make all pages visible. Use alphabetic sorting 2022-11-19 15:25:20 +01:00			`visible: true`
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`---`

(Grav GitSync) Automatic Commit from RealStickman 2022-06-06 18:34:54 +02:00			`[toc]`
Add some language highlighting 2022-12-16 11:46:32 +01:00
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`## Getting ACME.SH`
Add some language highlighting 2022-12-16 11:46:32 +01:00
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[shuser]`

Add some language highlighting 2022-12-16 11:46:32 +01:00			```sh
Reformat page 2023-02-19 15:15:17 +01:00			`git clone https://github.com/acmesh-official/acme.sh.git`
			`cd ./acme.sh`
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`./acme.sh --install -m [EMAIL]`
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			```

Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[/shuser]`

(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`## First time ZeroSSL registration`
Add some language highlighting 2022-12-16 11:46:32 +01:00
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[shuser]`

Reformat page 2023-02-19 15:15:17 +01:00			```sh
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`.acme.sh/acme.sh --register-account -m [EMAIL]`
Reformat page 2023-02-19 15:15:17 +01:00			```
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[/shuser]`

(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`## Issue new certificate`
Add some language highlighting 2022-12-16 11:46:32 +01:00
Reformat page 2023-02-19 15:15:17 +01:00			`Needs root to start a server on port 80`

Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[shroot]`

Reformat page 2023-02-19 15:15:17 +01:00			```sh
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`.acme.sh/acme.sh --issue --standalone -d [DOMAIN]`
Reformat page 2023-02-19 15:15:17 +01:00			```
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[/shroot]`

(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`## Issue new certificate with DNS API`
Add some language highlighting 2022-12-16 11:46:32 +01:00
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`> [Official Documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)`

			`### Gandi`

Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[shuser]`

Reformat page 2023-02-19 15:15:17 +01:00			```sh
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`export GANDI_LIVEDNS_KEY="[API KEY]"`
Reformat page 2023-02-19 15:15:17 +01:00			```
Add some language highlighting 2022-12-16 11:46:32 +01:00
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[/shuser]`

			`[shuser]`

Reformat page 2023-02-19 15:15:17 +01:00			```sh
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`.acme.sh/acme.sh --issue --dns dns_gandi_livedns -d [DOMAIN]`
Reformat page 2023-02-19 15:15:17 +01:00			```
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[/shuser]`

(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`## Install certificate`

Add some language highlighting 2022-12-16 11:46:32 +01:00			Make sure to create the `/etc/acme-sh/(url)` directory

Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[shuser]`

Add some language highlighting 2022-12-16 11:46:32 +01:00			```sh
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`export url=[URL] \`
Add mkdir command to acme.sh 2022-09-11 17:36:46 +02:00			`&& mkdir -p /etc/acme-sh/{$url} \`
			`&& .acme.sh/acme.sh --install-cert -d $url \`
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`--key-file /etc/acme-sh/{$url}/key.pem \`
			`--fullchain-file /etc/acme-sh/{$url}/cert.pem \`
			`--reloadcmd "sudo systemctl restart nginx"`
			```

Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[/shuser]`

(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`## Systems Service & Timer`
Add some language highlighting 2022-12-16 11:46:32 +01:00
			`/etc/systemd/system/acme-sh.service`

			```systemd
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`[Unit]`
			`Description=Renew certificates using acme.sh`
			`After=network-online.target`

			`[Service]`
			`Type=oneshot`
			`ExecStart=(path to acme.sh) --cron --home (path to acme folder)`
			`User=wiki`

			`SuccessExitStatus=0 2`
			```

Add some language highlighting 2022-12-16 11:46:32 +01:00			`/etc/systemd/system/acme.timer`

			```systemd
(Grav GitSync) Automatic Commit from RealStickman 2022-05-20 21:05:38 +02:00			`[Unit]`
			`Description=Daily renewal of certificates`

			`[Timer]`
			`OnCalendar=daily`
			`RandomizedDelaySec=1h`
			`Persistent=true`

			`[Install]`
			`WantedBy=timers.target`
			```

Reformat page 2023-02-19 15:15:17 +01:00			`Enable timer`
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00			`[shroot]`
Reformat page 2023-02-19 15:15:17 +01:00
			```sh
			`systemctl enable --now acme-sh.timer`
			```
Implement lots of shortcodes for shell commands 2023-06-02 19:25:19 +02:00
			`[/shroot]`