acme.sh
For acme.sh, we provide a wrapper script. This is only a short manual, for a more detailed documentation see the official acme.sh documentation.
Before you start
The following explanations assume that you placed the netdb_config.ini from NETVS at either
$USER/.config/netdb_client.ini
or in the working directory where the ACME client is run from.
An example for the config file can
be found in the netdb-client repository
For other options to pass the API token (via environment variable or command line argument),
please consult the help of the acme4netvs hooks with -h
.
Warning
If you are still testing certificate requests via ACME, please always use the staging endpoint of Lets Encrypt. This will generate certificates that are not trusted by browsers, but will not trigger any rate limits of the production endpoint. If you trigger rate limiting, this might affect other users at KIT negatively. Be nice 🙂
Installation / Account-Registration
For installation of acme.sh and registration of your letsencrypt account please refer to the official guide.
Setup
You have to install the wrapper script to a path where acme.sh
searches for it. Place the dns_acme4netvs.sh
script inside the ~/.acme.sh/
or ~/.acme.sh/dnsapi/
folder of the user
which runs acme.sh
or create a symlink to it from one of the aforementioned folders.
Note
Since v3, acme.sh
uses Zerossl as the default Certificate Authority (CA). Use --server letsencrypt
to explicitly select Let’s Encrypt.
Warning
acme.sh
is currently broken on plattforms like FreeBSD which ship a restricted sh
shell instead of symlinking sh
to bash
(like most Linux distributions). For an easy fix install bash
and change the very first line in acme.sh
accordingly (substitute sh
for bash
).