acme.sh
certify
Our great sponsors
acme.sh | certify | |
---|---|---|
276 | 41 | |
36,268 | 1,448 | |
1.8% | 1.0% | |
8.8 | 9.7 | |
6 days ago | 23 days ago | |
Shell | C# | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
acme.sh
-
Why Certificate Lifecycle Automation Matters
Huh, the environment variable thing was specifically aimed at acme.sh which rather arbitrarily changed the config value from ACMEDNS_UPDATE_URL to ACMEDNS_BASE_URL, never acknowledged this in a changelog and then silently failed after an automatic upgrade as recommended by the default install:
https://github.com/acmesh-official/acme.sh/commit/2ce145f359...
It's also cleared out my .account.conf files when run on the suggested cron.
I've started using updown which also monitors my TLS certs simply because I no longer trust the process to work as documented.
-
The Bureau of Meteorology website does not support connections via HTTPS
It depends on your provider though. I can tell from experience that with OVH and their API, it's been easy to set up the automatic renewal via DNS verification. Apparently, the official client has support for the DNS API of 159 providers: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
-
I made a tool for automatically updating the current and next (rollover) TLSA DNS records with acme.sh and the Cloudflare API
For the few people here that happen to run a self-hosted email server with acme.sh for TLS key/cert generation and Cloudflare for DNS management, I have made a tool that i personally use to get a perfect 100% score on Internet.nl's email test.
-
IT Pro Tuesday #276 - Cert Automation, Packet Analysis, Vim Cheatsheet & More
acme.sh is a lightweight Unix shell script for automatic issuance and renewal of free certificates in a Unix environment. It's compatible with Bash, dash, and sh; Docker/IPv6 ready; requires no external dependencies; and can issue, renew, and install certificates without the need for root or sudoer access. Thanks for this recommendation go to blitznogger.
-
Cannot install with mack-a's v2ray-agent script
Error troubleshooting: 1.Failed to obtain Github files, please wait for Github to recover and try, the recovery progress can be viewed at [https://www.githubstatus.com/] There is a bug in the 2.acme.sh script, see [https://github.com/acmesh-official/acme.sh] issues
My vps is located in Japan so there shouldn't be any trouble grabbing files from github and such but it obviously timed out every time the script tried to grab acme.sh's repository. Has anyone tried this script lately with success?
-
HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
you may wish to use certbot instead:
-
Caddy is the first and only web server to use HTTPS automatically and by default
like https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mo...
If DNS-01 is not an option or to complicated, this saves you from exposing a host to the internet for no good reason.
-
Where do you get/setup certificates from for your https/ssl?
Caddy where possible, and acme.sh or lego where not.
-
Internal Server Error when proxy host directs to router
The SSL certificate for my wildcard domain is currently managed by the acme.sh script running as a Docker container until the issue with NPM and Azure DNS certificate management is resolved.
certify
-
Google Pushing For 90 Day SSL/TLS Certificates - Time For Automation
I use certify the web for the rd gateway
-
How will you handle 90 day SSL expiration?
For Exchange and Remote Desktop Service we are using Certify The Web with Lets Encrypt. Works really well.
-
Ask HN: What are your “scratch own itch” projects?
It's worth doing! A few projects I've done:
I once needed a database of EV charging locations, but at the time(2011) there were no open databases, so I built https://openchargemap.org, that now serves millions of API queries per month for other apps and services
For another project, I recently wanted to control my guitar amp (a Positive Grid Spark) from my computer instead of using a mobile app, so I built https://soundshed.com which is both a bluetooth web app and an electron app you can install. It now has a few thousand users :)
And finally, another time I had some SSL certificates I needed to manage for another project (for the above mentioned https://openchargemap.org), so I built a GUI to manage and renew certificates on Windows. It's now a commercial app with hundreds of thousands of users and it's my full time job: https://certifytheweb.com
So yeah, worth doing!
- Who do you use for SSL Certificates?
-
LE proxy?
Would you be hosting this on Linux or Windows? I work on the https://certifytheweb.com app (as a convenient for instance) which can work as a central certificate renewal system, then you can choose to distribute certs in a variety of ways (push them to a secrets store such as Hashicorp vault of Azure KeyVault), then pull them periodically from your clients (and apply them to the services that need them). There is a linux version of this app in development which includes an API for pulling latest certs directly. You could achieve the same outcome with certbot and post request scripting hooks etc.
-
Certbot with occupied port 80
Note that since you're on windows anyway you could also get certs on windows (using https://certifytheweb.com etc) then copy then to WSL (you would add a Deploy to Generic Server task to export the certs as pem files etc and this could write out to the \\WSL$ share path).
-
Are there any solutions using a centralized validation server for Let's Encrypt
The software I develop https://certifytheweb.com does this to much the same degree, using DNS validation (http validation is supported for the same machine the app is running on, but not currently for remote servers). While it's currently aimed at Windows there is a Linux version in the works you could try out. It has a range of deployment tasks you can add (including things like SSH/SFTP deployment and remote scripting).
-
It's that time of the year again SSL
https://certifytheweb.com/ really made my Windows transition to LetsEncrypt easy. Now it's as efficient as acme.sh on linux with scripting after the cert is generated.
- Windows 10 - Lets Encrypt help pls
What are some alternatives?
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
dehydrated - letsencrypt/acme client implemented as a shell-script – just add water
win-acme - A simple ACME client for Windows (for use with Let's Encrypt et al.)
lego - Let's Encrypt/ACME client and library written in Go
pterodactyl-installer - :bird: Unofficial installation scripts for Pterodactyl Panel
docker - ⛴ Docker image of Nextcloud
Posh-ACME - PowerShell module and ACME client to create certificates from Let's Encrypt (or other ACME CA)
cfssl - CFSSL: Cloudflare's PKI and TLS toolkit
duckdns - Caddy module: dns.providers.duckdns
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.