8x48/acme.sh
1
0
Fork 0
mirror of https://github.com/acmesh-official/acme.sh.git synced 2026-05-18 11:53:56 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
Page: Home
Pages
ARI Actalis.com CA Blogs and tutorials BuyPass.com CA CA Change of default CA to ZeroSSL Code of conduct DNS API Dev Guide DNS API Structural Info description DNS API Test DNS alias mode DNS manual mode DNS persist mode Deploy ssl certs to apache server Deploy ssl certs to nginx Deploy ssl to SolusVM Donate list Enable acme.sh log Exit Codes Explicitly use DOH Google Public CA Google Trust Services CA Home How to debug acme.sh How to install How to issue a cert How to run on DD WRT with lighttpd How to run on OpenWrt How to use Amazon Route53 API How to use Azure DNS How to use OVH domain api How to use Oracle Cloud Infrastructure DNS How to use lexicon DNS API How to use on Solaris based operating sytsems How to use on embedded FreeBSD Install in China Install on Windows Install preparations Issue a cert from existing CSR OVH Success Options and Params Preferred Chain Profile selection Run acme.sh in docker SSL.com CA Server Simple guide to add TLS cert to cpanel Stateless Mode Synology NAS Guide Synology RT1900ac and RT2600ac install guide TLS ALPN without downtime Usage on Tomato routers Use DNS Exit DNS API Using pre hook post hook renew hook reloadcmd Using systemd units instead of cron Utilize multiple DNS API keys Validity ZeroSSL.com CA _Footer_ debug in VM deploy to docker containers deployhooks dnsapi dnsapi2 dnscheck dnssleep how about the private key access modes, chmod, or chown or umask ipcert notify openvpn2.4.7服务端和客户端使用注意 revokecert sudo tlsa next key 如何安装 说明
Clone
34
Home
neil edited this page 2026-05-01 15:12:07 +02:00
Table of Contents

zerossl.com

Welcome to the acme.sh wiki!

https://wiki.acme.sh

Here is the wiki page for acme.sh

What's new

  • 📡 ARI auto-renewal (RFC 9773) — acme.sh now follows the CA's renewalInfo endpoint automatically. No flag, no opt-in. Lets the CA shift renewals forward in case of an incident.
  • 📌 DNS persist mode — publish one TXT record once, renew forever without DNS API and without per-renewal manual edits. Implements draft-ietf-acme-dns-persist-01.

1. How to install

https://github.com/acmesh-official/acme.sh/wiki/How-to-install

Docker install: https://github.com/acmesh-official/acme.sh/wiki/Run-acme.sh-in-docker

2. How to use in Proxmox ?

After installation,

  1. Check if port 80 is opened on Proxmox host.

  2. Issue a cert:

/root/.acme.sh/acme.sh  --issue  --standalone  -d <DOMAIN>

After issuing, the cert will be automatically renewed (every ~30 days, or earlier if the CA's ARI endpoint advises so).

  1. Install the cert to Proxmox:
/root/.acme.sh/acme.sh  --installcert  -d <DOMAIN>  \
    --certpath /etc/pve/local/pveproxy-ssl.pem \
    --keypath /etc/pve/local/pveproxy-ssl.key  \
     --capath  /etc/pve/local/pveproxy-ssl.pem  \
      --reloadcmd  "systemctl restart pveproxy"

Ok, it's done. Open the link: https://<DOMAIN>:8006

3. How to get pkcs12(pfx) format:

After you issue the cert, you can use the toPkcs command to convert the cert to pkcs12(pfx) format

acme.sh  --toPkcs  -d <domain>  [--password pfx-password]

Important note: If you do not specify a password on the command line, OpenSSH itself will prompt you for one and the pkcs12(pfx) file will be generated. However, it will not be regenerated during certificate renewal. You must specify a non-blank password on the command line in order for acme.sh to regenerate the pkcs12(pfx) when renewing certificates.

4. How to run on Windows with Cygwin or git bash.

  1. Download cygwin installer: setup-x86.exe or setup-x86_64.exe from: https://cygwin.com/

  2. In the installer, select: Net: curl and Net: socat to install.

  3. After install finished, you can open the Cygwin window and use curl to install acme.shonline: https://github.com/acmesh-official/acme.sh/wiki#1-how-to-install

  4. A scheduler task will be installed in your Windows scheduler to renew your certs.

5. License

Copyright: acme.sh wiki contributors

License: GNU General Public License version 3 or any later version