From July 1, 2018, Chrome shows all sites that do not use SSL certificates as "not secure", while sites with SSL certificates receive a boost in weight ranking. In fact, it is easy to issue, install, and renew an SSL/TLS certificate. All needed are a virtual private server (VPS) and a domain name pointing to this server's IP. In this article, I'm going to show how to acquire an SSL cert using acme.
First, we need to install
acme.sh and create a symlink using
curl https://get.acme.sh | sh ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
Then, register an account using your email.
acme.sh --register-account -m [email protected]
Here comes the selection of the cert authority. The default cert authority changed from Let's Encrypt to ZeroSSL after the acquisition of acme, which has been criticized by many. The cert authority can be change as follows.
# change to buypass acme.sh --set-default-ca --server buypass # change to letsencrypt acme.sh --set-default-ca --server letsencrypt
Next, let's issue the SSL cert. The
yourdomain.com in the follows should be replaced with your domain name.
acme.sh --issue -d yourdomain.com -k ec-256 --webroot /var/www/html # specify a port acme.sh --issue -d yourdomain.com -k ec-256 --webroot /var/www/html --tlsport 14514
Finally, install the cert into the specified dir as follows. The
file_dir in the follows should be replaced with your specified dir.
acme.sh --install-cert -d yourdomain.com --ecc \ --key-file file_dir/server.key \ --fullchain-file file_dir/server.crt \ --reloadcmd "systemctl force-reload nginx"
acme.sh renews the cert automatically every 60 days. If you want to renew it manually or check the expired date of your cert, run as follows.
By HTTPS protocol, communication with this domain name is secured. However, it can only be used for a single subdomain. In the future, I will explain how to obtain a Wildcard SSL Certificate to secure multiple subdomain names (hosts) under the same base domain.
Update: The article about how to issue a wildcard cert has been uploaded here.