Skip to content

Installation and Usage of ACME.sh

Install

curl https://get.acme.sh | sh -s email=admin@homelabber.net

DNS-01 Challenge Setup

DNS token will be saved and used ONLY for the specific domain that was originally used with issue command

source: https://github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf

export CF_Token='cf-token'
export CF_Zone_ID='dns-zone-id'
acme.sh --issue --dns dns_cf -d sub1.domain.name -d sub2.domain.net

Renewal

No Action needed: CRON job is created automatically after installation and will run every day to check and renew

Hook, Deploy or Install

Only required once, after than all settings are remembered and applied if a certificate is renewed source: https://github.com/acmesh-official/acme.sh/issues/3784

Built-in Docker deploy

DID NOT WORK AS EXPECTED

source: https://github.com/acmesh-official/acme.sh/wiki/deploy-to-docker-containers

Install argument for docker

  • best to provide full paths
  • this is assuming docker-compose is used and all files are in nginx folder
acme.sh --install-cert -d proxy-01.homelablocal.net --key-file nginx/ssl/privkey.pem --fullchain-file nginx/ssl/full.pem --reloadcmd "cd ~/nginx && docker compose down && docker compose up -d"

Default SSL Certs

you may need to have some sort of cert file when nginx starts and before deploy hook is used openssl req -x509 -newkey rsa:4096 -keyout privkey.pem -out full.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname"