How to issue a cert

neil edited this page May 17, 2018 · 18 revisions

1. Single domain:

1) Webroot mode:

If you already have a web server running, you should use webroot mode. you only need write access to the web root folder.

acme.sh  --issue  -d example.com  -w /home/wwwroot/example.com

2) Standalone mode:

If you don't have a web server, maybe you are on a smtp or ftp server, the 80 port is free. you can use standalone mode. acme.sh has a builtin standalone webserver, it can listen at 80 port to issue the cert.

acme.sh  --issue  -d example.com  --standalone

If you are using a non-standard 80 port behind a reverse proxy or load balancer , you can use --httpport to specify your port:

acme.sh  --issue  -d example.com  --standalone --httpport 88

3) DNS API mode:

Yes, if your nameservice provider has an api, we can use the api to automatically add the txt record for you. your cert will be automatically issued and renewed.

Cloud flare api:

export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export CF_Email="xxxx@sss.com"

acme.sh  --issue  -d example.com  --dns dns_cf

How to use dns api: https://github.com/Neilpang/acme.sh/tree/master/dnsapi

4) DNS manual mode:

See: https://github.com/Neilpang/acme.sh/wiki/DNS-manual-mode

5) DNS alias mode:

See: https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode

6) Apache mode:

If your website is running apache server, acme.sh can use apache server to issue cert. And acme.sh will restore your apache conf after the cert is issued, don't worry.

acme.sh  --issue  -d example.com  --apache

7) Nginx mode:

If your website is running nginx server, acme.sh can use nginx server to issue cert. And acme.sh will restore your nginx conf after the cert is issued, don't worry.

acme.sh  --issue  -d example.com  --nginx

2. Multiple domains, SAN mode

Issue a single cert including multiple domains. All the domains use the same validation method:

1) Webroot mode:

You must point example.com and www.example.com to the same web root folder /home/wwwroot/example.com

acme.sh  --issue  -d example.com  -w /home/wwwroot/example.com   -d www.example.com

2) Standalone mode:

acme.sh  --issue  -d example.com  --standalone  -d www.example.com 

3) Dns api mode:

Cloud flare api:

export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export CF_Email="xxxx@example.com"

acme.sh  --issue  -d example.com  --dns dns_cf  -d www.example.com

4) Dns manual mode:

acme.sh  --issue  -d example.com  --dns  -d www.example.com

3. Multiple domains, SAN mode, Hybrid mode

Issue a single cert including multiple domains. Each domain uses a different validation method.

acme.sh  --issue  \
-d aa.com  -w /home/wwwroot/aa.com \
-d bb.com  --dns dns_cf \
-d cc.com  --apache \
-d dd.com  -w /home/wwwroot/dd.com
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.