website
acme.sh
Our great sponsors
website | acme.sh | |
---|---|---|
232 | 276 | |
814 | 36,065 | |
1.2% | 2.5% | |
8.7 | 8.8 | |
6 days ago | 1 day ago | |
HTML | Shell | |
Mozilla Public License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
website
-
AWS Lightsail Java Server Setup Memo
Install Certbot Certbot is a CLI that helps to obtain and maintain Let's Encrypt cert.
-
CapRover : Dumb name, awesome tool
Let's Encrypt. CapRover automatically configures each service with nginx. SSL certificates (on multiple domains too) are just the click of a button.
-
Deploying a secured Node.js Application on AWS EC2 Instance from scratch (Detailed Guide)
Today, you will learn how to deploy your node.js project to the internet via an Amazon Web Services EC2 Instance at little or no cost. You will learn how to create an AWS EC2 Instance and work in Amazon Linux 2, create and manage services with SYSTEMD, use NGINX as a reverse proxy and obtain an SSL certificate from Let's Encrypt to ensure your website is secure via HTTPS protocol. So let’s get to it and deploy your project to your EC2 Instance.
-
Tech giants are hijacking the internet
Luckily you can get the https easily. I’ve been using https://letsencrypt.org/ to get it encrypted. Was fast and free. No real barrier just a bunch of setup.
- OpenBSD acme-client で Let's Encrypt 証明書を取得する
-
Joomla! 4.3 on OpenBSD 7.3: Install
It is able to get them via requests to Let's Encrypt with acme-client. (See: How to conifugre OpenBSD acme-client).
- OpenBSD httpd 7.3: Web サーバー
-
Implementing TLS in Kubernetes
When implementing TLS for a production system, you should consider using a public certificate from a trusted CA, such as Let's Encrypt. While this requires that you have access to your site domain, you can implement additional configurations, such as using a load balancer service to expose your application or managing multiple certificates through a certificate manager like cert-manager. The advantages of exposing your application through a load balancer include improved availability, scalability, and resilience. And using a certificate manager makes the provisioning and management of your cluster certificates effortless in the future.
-
Manually Starting ACME Certificate Renewal
Tried adding WAN2 (not connected), saving, then removing and saving but nothing happened. Ran a packet sniffer destined to 172.65.32.248 (letsencrypt.org) but nothing came up. Verified sniffer was capturing packets by pinging the address and was able to see those packets in the sniffer.
Without making any other changes to the firewall, waited about 10 minutes and tried running the CLI commands to regenerate the client config and restart the ACME service but yet again, no traffic was seen coming from the Fortigate to letsencrypt.org.
acme.sh
-
Why Certificate Lifecycle Automation Matters
Huh, the environment variable thing was specifically aimed at acme.sh which rather arbitrarily changed the config value from ACMEDNS_UPDATE_URL to ACMEDNS_BASE_URL, never acknowledged this in a changelog and then silently failed after an automatic upgrade as recommended by the default install:
https://github.com/acmesh-official/acme.sh/commit/2ce145f359...
It's also cleared out my .account.conf files when run on the suggested cron.
I've started using updown which also monitors my TLS certs simply because I no longer trust the process to work as documented.
-
The Bureau of Meteorology website does not support connections via HTTPS
It depends on your provider though. I can tell from experience that with OVH and their API, it's been easy to set up the automatic renewal via DNS verification. Apparently, the official client has support for the DNS API of 159 providers: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
-
I made a tool for automatically updating the current and next (rollover) TLSA DNS records with acme.sh and the Cloudflare API
For the few people here that happen to run a self-hosted email server with acme.sh for TLS key/cert generation and Cloudflare for DNS management, I have made a tool that i personally use to get a perfect 100% score on Internet.nl's email test.
-
IT Pro Tuesday #276 - Cert Automation, Packet Analysis, Vim Cheatsheet & More
acme.sh is a lightweight Unix shell script for automatic issuance and renewal of free certificates in a Unix environment. It's compatible with Bash, dash, and sh; Docker/IPv6 ready; requires no external dependencies; and can issue, renew, and install certificates without the need for root or sudoer access. Thanks for this recommendation go to blitznogger.
-
Cannot install with mack-a's v2ray-agent script
Error troubleshooting: 1.Failed to obtain Github files, please wait for Github to recover and try, the recovery progress can be viewed at [https://www.githubstatus.com/] There is a bug in the 2.acme.sh script, see [https://github.com/acmesh-official/acme.sh] issues
My vps is located in Japan so there shouldn't be any trouble grabbing files from github and such but it obviously timed out every time the script tried to grab acme.sh's repository. Has anyone tried this script lately with success?
-
HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
you may wish to use certbot instead:
-
Caddy is the first and only web server to use HTTPS automatically and by default
like https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mo...
If DNS-01 is not an option or to complicated, this saves you from exposing a host to the internet for no good reason.
-
Where do you get/setup certificates from for your https/ssl?
Caddy where possible, and acme.sh or lego where not.
-
Internal Server Error when proxy host directs to router
The SSL certificate for my wildcard domain is currently managed by the acme.sh script running as a Docker container until the issue with NPM and Azure DNS certificate management is resolved.
What are some alternatives?
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
dehydrated - letsencrypt/acme client implemented as a shell-script – just add water
lego - Let's Encrypt/ACME client and library written in Go
pterodactyl-installer - :bird: Unofficial installation scripts for Pterodactyl Panel
docker - ⛴ Docker image of Nextcloud
duckdns - Caddy module: dns.providers.duckdns
cfssl - CFSSL: Cloudflare's PKI and TLS toolkit
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
certify - Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com
OpenSSL - TLS/SSL and crypto library
Intranet-Lets-Encrypt-Certification - Guide to setting up a Let's Encrypt SSL certificate for a non-public facing server.