Introduction
Let’s Encrypt is a free, automated, and open certificate authority (CA), run by the Internet Security Research Group (ISRG). It is a great alternative to commercial SSL providers, such as Comodo and DigiCert. Acme.sh is a shell script that makes it easy to create and manage your SSL certificates.
In this blog post, we will show you how to create Let’s Encrypt SSL certificates with acme.sh on Linux.
Warnhat you’ll need
Before you create your SSL certificates, it is important to understand the following warnings:
- The validity of an SSL certificate is limited to 90 days. However, you can renew your certificate before it expires.
- If you lose your private key, you will not be able to decrypt any data that was encrypted with the corresponding public key
How to get acme.sh ?
You can get acme.sh from the following URL:
- GitHub: https://github.com/acmesh-official/acme.sh
- Linuxbrew: https://formulae.brew.sh/formula/acme
Creating a Let’s Encrypt SSL Certificate with acme.sh
Now that you understand the warnings, let’s create our SSL certificate. We will use the “webroot” method, which is the simplest and most common method.
First, create a folder to store your SSL certificates. We will use /ssl-certs:
mkdir /ssl-certs
cd /ssl-certs
Next, download acme.sh and copy it to the /ssl-certs folder:
git clone https://github.com/acmesh-official/acme.sh.git .
After the download is complete, change to the /ssl-certs/acme.sh folder and run the following command:
./acme.sh --install
Now that acme.sh is installed, we can create our SSL certificate. We will create a certificate for the domain example.com. Replace “example.com” with your own domain name.
./acme.sh --issue -d example.com -w /var/lib/nginx/html
The “-w” parameter tells acme.sh where to find the webroot folder for your domain. In this case, we are using the Nginx web server, so the webroot folder is /var/lib/nginx/html. If you are using a different web server, please check the documentation for your web server to find the correct webroot folder.
After a few seconds, you should see the following message:
Domain example.com is ready to be used with SSL/TLS
Congratulations! You have successfully created a Let’s Encrypt SSL certificate for your domain.
Renewing a Let’s Encrypt SSL Certificate with acme.sh
Your SSL certificate will expire after 90 days. To renew your certificate, run the following command:
./acme.sh --renew -d example.com -w /var/lib/nginx/html
You should see the following message:
Certificate for domain example.com has been renewed
That’s it! You have successfully renewed your Let’s Encrypt SSL certificate.
Conclusion
In this blog post, we have shown you how to create a Let’s Encrypt SSL certificate with acme.sh on Linux. We have also shown you how to renew your SSL certificate. Acme.sh is a great tool for creating and managing your SSL certificates. Thanks for reading!
- create Let's Encrypt SSL certificates with acme.sh on Linux
- Let's Encrypt is a free, automated, and open certificate authority (CA) that issues SSL/TLS certificates
- Acme.sh is a shell script that makes it easy to create and manage your SSL certificates
- The validity of an SSL certificate is limited to 90 days
Leave a comment
Your email address will not be published. Required fields are marked *