acme.sh

A pure Unix shell script implementing ACME client protocol (by acmesh-official)

Acme.sh Alternatives

Similar projects and alternatives to acme.sh

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better acme.sh alternative or higher similarity.

Suggest an alternative to acme.sh

Reviews and mentions

Posts with mentions or reviews of acme.sh. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-09-02.
  • Is there anyway to use Let's Encrypt without port forwarding 80?
    reddit.com/r/synology | 2021-09-02
    I largely relied on this website: https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide. In the process I ran into several issues and had to figure out corrections. Also, this site only provided automation from within the NAS. I did not want to risk messing up the configurations inside the NAS, so I set it up on the pi instead.
    reddit.com/r/synology | 2021-09-02
    I recently set up Let's Encrypt certificates on Synology using acme.sh running on a pi. Here are my notes. I am still a couple weeks before the certificates can be renewed (within one month before expiration) so I haven't verified the automated renewal yet, but I hope it will run with no problem. Let me know if this helps.
    reddit.com/r/synology | 2021-09-02
    I use acme.sh on my Synology. https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide
    reddit.com/r/synology | 2021-09-02
    There is a guide somewhere out there on how to set it up directly on Synology. I just looked for it again but couldn't. I remember you have to set up ssh on Synology, ssh in as root, create a few folders here and there, install acme.sh, configure the appropriate folder/file privileges, etc. It may be a simpler solution, but I felt much more at ease with messing with the pi.
  • How do you manage TLS certificates for containers?
    reddit.com/r/Proxmox | 2021-08-31
    Noob here... Currently I'm looking at running acme (https://github.com/acmesh-official/acme.sh) inside each container so it has an auto-renewing tls certificate.
  • Let's Encrypt and Cisco ASA VPN
    reddit.com/r/Cisco | 2021-08-27
  • Help - Split-horizon Web application
    Okay I don't want to be a pain in the ass but dns verification is a completely new world to me. I used acme.sh on my backend and followed the guide you sent me., everything is fine and went smoothly (also I am using cloudflare). Do I need to generate a letsencrypt cert on the backend or anything like that? Do I need to generate any certs on the frontend?
  • https without reverse proxy
  • DNS alias mode (2020)
  • Hacker News top posts: Aug 22, 2021
    Let's Encrypt ACME DNS alias mode\ (25 comments)
  • Let's Encrypt ACME DNS alias mode
    news.ycombinator.com | 2021-08-21
  • Another free CA as an alternative to Let's Encrypt
    news.ycombinator.com | 2021-08-20
    > If you want to use the www auth you need to allow outbound connections to any IP

    Only for the time period when you're requesting the cert though: it does not have to be open to the entire Internet 24/7. While this not satisfy your personal / particular level of security concern, it is something. Using the dehydrated client as an example, the web server could be started and stopped (or the host's firewall rules altered) in the startup_hook() / exit_hook() functions, or the deploy_challenge() / clean_challenge() functions:

    * https://github.com/dehydrated-io/dehydrated/blob/master/docs...

    > otherwise you have the DNS option which means giving the server access to modify the DNS records which is also unsafe should the box get compromised.

    Are you aware of LE/ACME's "DNS alias" mode?

    * https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mo...

    * https://www.eff.org/deeplinks/2018/02/technical-deep-dive-se...

    Let us say you with to get a cert for foo.example.com. Letting an ACME client change the value of that could be a risk as you state. So what you can do is create a CNAME _acme-challenge.foo.example.com, and point that elsewhere, like _acme-challenge.foo.dnsauth.example.com. You then allow the ACME client to alter (just) the TXT records of _acme-challenge.foo.dnsauth.

    People have ever written simple DNS server that allow for updating of records via a RESTful API, so you can server just the (e.g.) dnsauth sub-domain from it:

    * https://github.com/joohoi/acme-dns

    There's also a CLI utility that can handle access the APIs of several dozen DNS companies so you don't have to roll your own:

    * https://github.com/AnalogJ/lexicon

    news.ycombinator.com | 2021-08-20
    This is what I do as well. I have set up acme.sh[1] on a Raspberry Pi on my home network, which isn't accessible from the outside. It is triggered every night by a systemd timer and renews (using the DNS challenge) and deploys all expiring certificates.

    [1] https://github.com/acmesh-official/acme.sh

  • NameCheap Let's Encrypt SSL wildcard.
    reddit.com/r/NameCheap | 2021-08-05
    use this client https://github.com/acmesh-official/acme.sh in DNS mode valdiation. You will need an API to access namecheap dns(in your profile dashboard)

Stats

Basic acme.sh repo stats
58
23,630
9.4
3 days ago

acmesh-official/acme.sh is an open source project licensed under GNU General Public License v3.0 only which is an OSI approved license.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
Find remote jobs at our new job board 99remotejobs.com. There are 25 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.