acme.sh is a handy command line client for managing and using SSL certificates provided by Let’s Encrypt.
This howto is tested on:
- Debian 8.0 Jessie
- Debian 9.0 Stretch
- Debian 10.0 buster
- Ubuntu 17.10 Artful Aardvark
This howto is tested with theses versions of acme.sh:
- 2.3.2
- 2.7.4
- 2.8.5
Settings
Provide an email address, used for creating a Let’s Encrypt account:
email="firstname.lastname@domain.com"
Choose the user for witch the software is installed:
softwareUser="root"
Installation
Detect if sudo is available (“command” is used if not):
cmdProxy='command'
command type -f 'sudo' &>'/dev/null' && cmdProxy='sudo'
Environment preparation
Install the software’s requisites:
${cmdProxy} apt-get install netcat sudo
Setup
Install the software:
command wget -O - 'https://get.acme.sh' \
| sudo -u "${softwareUser}" --login sh
Configure the Let’s Encrypt account’s email address:
sudo -u "${softwareUser}" sed -i \
-e "s/#*ACCOUNT_EMAIL=.*$/ACCOUNT_EMAIL='${email}'/" \
~${softwareUser}"/.acme.sh/account.conf"
Install the automatic upgrading task:
sudo -u "${softwareUser}" --login \
bash -c 'source "${HOME}/.acme.sh/acme.sh.env" && ${HOME}/.acme.sh/acme.sh --upgrade --auto-upgrade'
Bibliography
- Network Security with OpenSSL: Cryptography for Secure Communications.
- Implementing SSL / TLS Using Cryptography and PKI.
- Serious Cryptography: A Practical Introduction to Modern Encryption.
Thanks
- Thanks to Neil (en) for acme.sh (en).
- Thanks to Frédéric Liétart (fr) for Let’s Encrypt et acme.sh sous Debian avec Nginx (fr).
0 Comments