Skip to content

Commit

Permalink
Merge pull request #1239 from Neilpang/dev
Browse files Browse the repository at this point in the history
sync
  • Loading branch information
neil authored Feb 5, 2018
2 parents 3e10152 + e27dfbb commit 7128d79
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 63 deletions.
135 changes: 73 additions & 62 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ Ok, you are ready to issue certs now.

Show help message:

```
```sh
root@v1:~# acme.sh -h
```

Expand Down Expand Up @@ -166,16 +166,16 @@ You must have at least one domain there.

You must point and bind all the domains to the same webroot dir: `/home/wwwroot/example.com`.

Generated/issued certs will be placed in `~/.acme.sh/example.com/`
The certs will be placed in `~/.acme.sh/example.com/`

The issued cert will be renewed automatically every **60** days.
The certs will be renewed automatically every **60** days.

More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert


# 3. Install the issued cert to Apache/Nginx etc.
# 3. Install the cert to Apache/Nginx etc.

After you issue a cert, you probably want to install/copy the cert to your Apache/Nginx or other servers.
After the cert is generated, you probably want to install/copy the cert to your Apache/Nginx or other servers.
You **MUST** use this command to copy the certs to the target files, **DO NOT** use the certs files in **~/.acme.sh/** folder, they are for internal use only, the folder structure may change in the future.

**Apache** example:
Expand All @@ -197,9 +197,9 @@ acme.sh --install-cert -d example.com \

Only the domain is required, all the other parameters are optional.

The ownership and permission info of existing files are preserved. You may want to precreate the files to have defined ownership and permission.
The ownership and permission info of existing files are preserved. You can pre-create the files to define the ownership and permission.

Install/copy the issued cert/key to the production Apache or Nginx path.
Install/copy the cert/key to the production Apache or Nginx path.

The cert will be renewed every **60** days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: `service apache2 force-reload` or `service nginx force-reload`.

Expand Down Expand Up @@ -242,7 +242,7 @@ Particularly, if you are running an Apache server, you should use Apache mode in

Just set string "apache" as the second argument and it will force use of apache plugin automatically.

```
```sh
acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com
```

Expand All @@ -262,47 +262,13 @@ It will configure nginx server automatically to verify the domain and then resto

So, the config is not changed.

```
```sh
acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com
```

More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert

# 8. Use DNS mode:

Support the `dns-01` challenge.

```bash
acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com
```

You should get an output like below:

```
Add the following txt record:
Domain:_acme-challenge.example.com
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c
Add the following txt record:
Domain:_acme-challenge.www.example.com
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Please add those txt records to the domains. Waiting for the dns to take effect.
```

Then just rerun with `renew` argument:

```bash
acme.sh --renew -d example.com
```

Ok, it's finished.

**Take care, this is dns manual mode, it can not be renewed automatically. you will have to add a new txt record to your domain by your hand when you renew your cert.**

**Please use dns api mode instead.**

# 9. Automatic DNS API integration
# 8. Automatic DNS API integration

If your DNS provider supports API access, we can use that API to automatically issue the certs.

Expand Down Expand Up @@ -362,6 +328,39 @@ If your DNS provider is not on the supported list above, you can write your own

For more details: [How to use DNS API](dnsapi)

# 9. Use DNS manual mode:

If your dns provider doesn't support any api access, you will have to add the txt record by your hand.

```bash
acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com
```

You should get an output like below:

```sh
Add the following txt record:
Domain:_acme-challenge.example.com
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c

Add the following txt record:
Domain:_acme-challenge.www.example.com
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Please add those txt records to the domains. Waiting for the dns to take effect.
```

Then just rerun with `renew` argument:

```bash
acme.sh --renew -d example.com
```

Ok, it's done.

**Take care, this is dns manual mode, it can not be renewed automatically. you will have to add a new txt record to your domain by your hand when you renew your cert.**

**Please use dns api mode instead.**

# 10. Issue ECC certificates

Expand Down Expand Up @@ -394,79 +393,91 @@ Valid values are:
3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)**


# 11. How to renew the issued certs

No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
# 11. Issue Wildcard certificates

However, you can also force to renew any cert:
It's simple, just give a wildcard domain as the `-d` parameter.

```sh
acme.sh --issue -d example.com -d *.example.com --dns dns_cf
```



# 12. How to renew the certs

No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.

However, you can also force to renew a cert:

```sh
acme.sh --renew -d example.com --force
```

or, for ECC cert:

```
```sh
acme.sh --renew -d example.com --force --ecc
```


# 12. How to stop cert renewal
# 13. How to stop cert renewal

To stop renewal of a cert, you can execute:
To stop renewal of a cert, you can execute the following to remove the cert from the renewal list:

```
```sh
acme.sh --remove -d example.com [--ecc]
```

or remove the respective directory (e.g. `~/.acme.sh/example.com`).
The cert/key file is not removed from the disk.

You can remove the respective directory (e.g. `~/.acme.sh/example.com`) by yourself.

# 13. How to upgrade `acme.sh`

# 14. How to upgrade `acme.sh`

acme.sh is in constant development, so it's strongly recommended to use the latest code.

You can update acme.sh to the latest code:

```
```sh
acme.sh --upgrade
```

You can also enable auto upgrade:

```
```sh
acme.sh --upgrade --auto-upgrade
```

Then **acme.sh** will be kept up to date automatically.

Disable auto upgrade:

```
```sh
acme.sh --upgrade --auto-upgrade 0
```


# 14. Issue a cert from an existing CSR
# 15. Issue a cert from an existing CSR

https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR


# 15. Under the Hood
# 16. Under the Hood

Speak ACME language using shell, directly to "Let's Encrypt".

TODO:


# 16. Acknowledgments
# 17. Acknowledgments

1. Acme-tiny: https://github.com/diafygi/acme-tiny
2. ACME protocol: https://github.com/ietf-wg-acme/acme
3. Certbot: https://github.com/certbot/certbot


# 17. License & Others
# 18. License & Others

License is GPLv3

Expand All @@ -475,7 +486,7 @@ Please Star and Fork me.
[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome.


# 18. Donate
# 19. Donate
Your donation makes **acme.sh** better:

1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)
Expand Down
2 changes: 1 addition & 1 deletion acme.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5152,7 +5152,7 @@ install() {
#Modify shebang
if _exists bash; then
_info "Good, bash is found, so change the shebang to use bash as preferred."
_shebang='#!'"$(env bash -c "command -v bash")"
_shebang='#!'"$(bash -c "command -v bash")"
_setShebang "$LE_WORKING_DIR/$PROJECT_ENTRY" "$_shebang"
for subf in $_SUB_FOLDERS; do
if [ -d "$LE_WORKING_DIR/$subf" ]; then
Expand Down

0 comments on commit 7128d79

Please sign in to comment.