acme.sh

Acme.sh is an automatic ACME client. It handles key creation, CSR signing, ACME request, challenge handling, order finalization, key / cert installation, and automatic renew.

Use Let's Encrypt

% acme.sh --server letsencrypt

Use CloudFlare DNS API

#!/bin/sh
set -e
export CF_Token=""
export CF_Account_ID=""
export CF_Zone_ID=""
exec acme.sh --server letsencrypt --home /var/lib/acme/.acme.sh/ --dns dns_cf "$@"

sudoers(5) rule to allow sudo reload hook

acme ALL=(root) NOPASSWD: /usr/local/sbin/acmereload

---

Last update: November 5, 2023
Created: November 5, 2023