Created
December 20, 2024 16:37
-
-
Save sirkirby/662581a73a2659acc7027f78da741eba to your computer and use it in GitHub Desktop.
Create let's encrypt wildcard cert through Cloudflare with acme.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl https://get.acme.sh | sh -s email=blog@chriskirby.net | |
| # Source the installed script (or restart your terminal) | |
| source ~/.bashrc # or source ~/.zshrc for macOS | |
| # Export Cloudflare API Token | |
| export CF_Token="your-cloudflare-api-token" | |
| # Optional: Add this to your ~/.bashrc or ~/.zshrc to make it permanent | |
| # Issue the certificate | |
| acme.sh --issue \ | |
| --dns dns_cf \ | |
| -d yourdomain.com \ | |
| -d *.yourdomain.com \ | |
| --keylength ec-384 \ # Use ECC certificate (recommended) | |
| --force # Only use --force if you need to regenerate existing cert | |
| # Install the certificate to your application directory | |
| # adjust the directory that best suts your setup | |
| mkdir -p ./yourdomain-cert | |
| acme.sh --install-cert -d yourdomain.com \ | |
| --ecc \ # Include if you used --keylength ec-384 | |
| --key-file ./yourdomain-cert/privkey.pem \ | |
| --fullchain-file ./yourdomain-cert/fullchain.pem \ | |
| --reloadcmd "chmod 600 ./yourdomain-cert/*" | |
| # A cron is created to automatically renew every 60 days | |
| # Optional: If you want to force renewal for testing | |
| acme.sh --renew -d yourdomain.com --force | |
| # To see certificate information | |
| acme.sh --info -d yourdomain.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment