acme.sh is a handy command line client for managing and using SSL certificates provided by Let’s Encrypt.

This howto is tested on:

  • Debian 8.0 Jessie
  • Debian 9.0 Stretch
  • Debian 10.0 buster
  • Ubuntu 17.10 Artful Aardvark

This howto is tested with theses versions of acme.sh:

  • 2.3.2
  • 2.7.4
  • 2.8.5

Settings

Provide an email address, used for creating a Let’s Encrypt account:

email="firstname.lastname@domain.com"

Choose the user for witch the software is installed:

softwareUser="root"

Installation

Detect if sudo is available (“command” is used if not):

cmdProxy='command'
command type -f 'sudo' &>'/dev/null' && cmdProxy='sudo'

Environment preparation

Install the software’s requisites:

${cmdProxy} apt-get install netcat sudo

Setup

Install the software:

command wget -O - 'https://get.acme.sh' \
    | sudo -u "${softwareUser}" --login sh

Configure the Let’s Encrypt account’s email address:

sudo -u "${softwareUser}" sed -i \
    -e "s/#*ACCOUNT_EMAIL=.*$/ACCOUNT_EMAIL='${email}'/" \
  ~${softwareUser}"/.acme.sh/account.conf"

Install the automatic upgrading task:

sudo -u "${softwareUser}" --login \
    bash -c 'source "${HOME}/.acme.sh/acme.sh.env" && ${HOME}/.acme.sh/acme.sh --upgrade --auto-upgrade'

Bibliography

Thanks

Categories: Software

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.