From July 1, 2018, Chrome shows all sites that do not use SSL certificates as "not secure", while sites with SSL certificates receive a boost in weight ranking. In fact, it is easy to issue, install, and renew an SSL/TLS certificate. All needed are a virtual private server (VPS) and a domain name pointing to this server's IP. In this article, I'm going to show how to acquire an SSL cert using acme.

Acquire the cert

First, we need to install and create a symlink using ln.

curl | sh
ln -s  /root/ /usr/local/bin/

Then, register an account using your email. --register-account -m [email protected]

Here comes the selection of the cert authority. The default cert authority changed from Let's Encrypt to ZeroSSL after the acquisition of acme, which has been criticized by many. The cert authority can be change as follows.

# change to buypass --set-default-ca --server buypass
# change to letsencrypt --set-default-ca --server letsencrypt

Next, let's issue the SSL cert. The in the follows should be replaced with your domain name.  --issue -d -k ec-256 --webroot /var/www/html
# specify a port  --issue -d -k ec-256 --webroot /var/www/html --tlsport 14514

Finally, install the cert into the specified dir as follows. The file_dir in the follows should be replaced with your specified dir. --install-cert -d --ecc \
--key-file       file_dir/server.key \
--fullchain-file file_dir/server.crt \
--reloadcmd      "systemctl force-reload nginx"

Renew the cert renews the cert automatically every 60 days. If you want to renew it manually or check the expired date of your cert, run as follows. --cron


By HTTPS protocol, communication with this domain name is secured. However, it can only be used for a single subdomain. In the future, I will explain how to obtain a Wildcard SSL Certificate to secure multiple subdomain names (hosts) under the same base domain.

Update: The article about how to issue a wildcard cert has been uploaded here.