How to install ACME.SH certificates after they are generated?


#1

Hello, so getting a wildcard with acme.sh, that seemed pretty straightforward. But, now, I don’t know what to do next.

After the certificates are installed in the hidden directory in my folder, how do I install them to work with my web server? I did the --install-cert command, but it doesn’t seem like anything happened, and, all of my sub domains are “untrusted.”

sudo ./acme.sh --issue -d toursoft.co -d '*.toursoft.co' --apache --dns dns_cf
[Mon Apr  9 20:15:11 UTC 2018] Checking if there is an error in the apache config file before starting.
[Mon Apr  9 20:15:11 UTC 2018] OK
[Mon Apr  9 20:15:11 UTC 2018] JFYI, Config file /etc/apache2/apache2.conf is backuped to /home/tbadmin/.acme.sh/apache2.conf
[Mon Apr  9 20:15:11 UTC 2018] In case there is an error that can not be restored automatically, you may try restore it yourself.
[Mon Apr  9 20:15:11 UTC 2018] The backup file will be deleted on success, just forget it.
[Mon Apr  9 20:15:11 UTC 2018] Creating domain key
[Mon Apr  9 20:15:12 UTC 2018] The domain key is here: /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.key
[Mon Apr  9 20:15:12 UTC 2018] Multi domain='DNS:toursoft.co,DNS:*.toursoft.co'
[Mon Apr  9 20:15:12 UTC 2018] Getting domain auth token for each domain
[Mon Apr  9 20:15:12 UTC 2018] Getting webroot for domain='toursoft.co'
[Mon Apr  9 20:15:12 UTC 2018] Getting webroot for domain='*.toursoft.co'
[Mon Apr  9 20:15:12 UTC 2018] Verifying:toursoft.co
[Mon Apr  9 20:15:15 UTC 2018] Pending
[Mon Apr  9 20:15:17 UTC 2018] Pending
[Mon Apr  9 20:15:19 UTC 2018] Pending
[Mon Apr  9 20:15:21 UTC 2018] Pending
[Mon Apr  9 20:15:23 UTC 2018] Pending
[Mon Apr  9 20:15:26 UTC 2018] Pending
[Mon Apr  9 20:15:28 UTC 2018] Pending
[Mon Apr  9 20:15:30 UTC 2018] Pending
[Mon Apr  9 20:15:32 UTC 2018] Pending
[Mon Apr  9 20:15:34 UTC 2018] Success
[Mon Apr  9 20:15:34 UTC 2018] *.toursoft.co is already verified, skip dns-01.
[Mon Apr  9 20:15:35 UTC 2018] Verify finished, start to sign.
[Mon Apr  9 20:15:51 UTC 2018] Cert success.
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
[Mon Apr  9 20:15:51 UTC 2018] Your cert is in  /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.cer 
[Mon Apr  9 20:15:51 UTC 2018] Your cert key is in  /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.key 
[Mon Apr  9 20:15:51 UTC 2018] The intermediate CA cert is in  /home/tbadmin/.acme.sh/toursoft.co/ca.cer 
[Mon Apr  9 20:15:51 UTC 2018] And the full chain certs is there:  /home/tbadmin/.acme.sh/toursoft.co/fullchain.cer 

So now what do I do? I included --apache in the command and restarted apache, but I’m still getting the not secure error. Do I still have to manually type in --install-cert as a next step or manually move the certs even though I supplied the --apache flag?

I don’t see any changes that took place.


#2

Yes, I believe so. acme.sh has separate commands to issue and install certificates, and the install step just copies the files to specified locations and runs a specified reload command - it doesn’t automatically configure your webserver. The --apache option is just for using apache to answer the http-01 validation challenge.

From https://github.com/Neilpang/acme.sh#5-use-apache-mode -

This apache mode is only to issue the cert, it will not change your apache config files. You will need to configure your website config files to use the cert by yourself. We don’t want to mess your apache server, don’t worry.


#3

Ok, I did that with success, it seems

sudo ./acme.sh --install-cert -d toursoft.co --cert-file /etc/letsencrypt/live/toursoft.co/cert.pem --key-file /etc/letsencrypt/live/toursoft.co/privkey.pem --fullchain-file /etc/letsencrypt/live/toursoft.co/fullchain.pem --reloadcmd "sudo service apache2 force-reload"
[Wed Apr 11 23:17:21 UTC 2018] Installing cert to:/etc/letsencrypt/live/toursoft.co/cert.pem
[Wed Apr 11 23:17:21 UTC 2018] Installing key to:/etc/letsencrypt/live/toursoft.co/privkey.pem
[Wed Apr 11 23:17:21 UTC 2018] Installing full chain to:/etc/letsencrypt/live/toursoft.co/fullchain.pem
[Wed Apr 11 23:17:21 UTC 2018] Run reload cmd: sudo service apache2 force-reload
[Wed Apr 11 23:17:22 UTC 2018] Reload success

Before all of this I followed the instructions of ./acme.sh --install and I see the cron job. Looks like I’m done!

Thanks!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.