How to install ACME.SH certificates after they are generated?

blue928 · April 11, 2018, 10:35pm

Hello, so getting a wildcard with acme.sh, that seemed pretty straightforward. But, now, I don’t know what to do next.

After the certificates are installed in the hidden directory in my folder, how do I install them to work with my web server? I did the --install-cert command, but it doesn’t seem like anything happened, and, all of my sub domains are “untrusted.”

sudo ./acme.sh --issue -d toursoft.co -d '*.toursoft.co' --apache --dns dns_cf
[Mon Apr  9 20:15:11 UTC 2018] Checking if there is an error in the apache config file before starting.
[Mon Apr  9 20:15:11 UTC 2018] OK
[Mon Apr  9 20:15:11 UTC 2018] JFYI, Config file /etc/apache2/apache2.conf is backuped to /home/tbadmin/.acme.sh/apache2.conf
[Mon Apr  9 20:15:11 UTC 2018] In case there is an error that can not be restored automatically, you may try restore it yourself.
[Mon Apr  9 20:15:11 UTC 2018] The backup file will be deleted on success, just forget it.
[Mon Apr  9 20:15:11 UTC 2018] Creating domain key
[Mon Apr  9 20:15:12 UTC 2018] The domain key is here: /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.key
[Mon Apr  9 20:15:12 UTC 2018] Multi domain='DNS:toursoft.co,DNS:*.toursoft.co'
[Mon Apr  9 20:15:12 UTC 2018] Getting domain auth token for each domain
[Mon Apr  9 20:15:12 UTC 2018] Getting webroot for domain='toursoft.co'
[Mon Apr  9 20:15:12 UTC 2018] Getting webroot for domain='*.toursoft.co'
[Mon Apr  9 20:15:12 UTC 2018] Verifying:toursoft.co
[Mon Apr  9 20:15:15 UTC 2018] Pending
[Mon Apr  9 20:15:17 UTC 2018] Pending
[Mon Apr  9 20:15:19 UTC 2018] Pending
[Mon Apr  9 20:15:21 UTC 2018] Pending
[Mon Apr  9 20:15:23 UTC 2018] Pending
[Mon Apr  9 20:15:26 UTC 2018] Pending
[Mon Apr  9 20:15:28 UTC 2018] Pending
[Mon Apr  9 20:15:30 UTC 2018] Pending
[Mon Apr  9 20:15:32 UTC 2018] Pending
[Mon Apr  9 20:15:34 UTC 2018] Success
[Mon Apr  9 20:15:34 UTC 2018] *.toursoft.co is already verified, skip dns-01.
[Mon Apr  9 20:15:35 UTC 2018] Verify finished, start to sign.
[Mon Apr  9 20:15:51 UTC 2018] Cert success.
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
[Mon Apr  9 20:15:51 UTC 2018] Your cert is in  /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.cer 
[Mon Apr  9 20:15:51 UTC 2018] Your cert key is in  /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.key 
[Mon Apr  9 20:15:51 UTC 2018] The intermediate CA cert is in  /home/tbadmin/.acme.sh/toursoft.co/ca.cer 
[Mon Apr  9 20:15:51 UTC 2018] And the full chain certs is there:  /home/tbadmin/.acme.sh/toursoft.co/fullchain.cer

So now what do I do? I included --apache in the command and restarted apache, but I’m still getting the not secure error. Do I still have to manually type in --install-cert as a next step or manually move the certs even though I supplied the --apache flag?

I don’t see any changes that took place.

jmorahan · April 11, 2018, 11:12pm

Yes, I believe so. acme.sh has separate commands to issue and install certificates, and the install step just copies the files to specified locations and runs a specified reload command - it doesn't automatically configure your webserver. The --apache option is just for using apache to answer the http-01 validation challenge.

From GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol -

This apache mode is only to issue the cert, it will not change your apache config files. You will need to configure your website config files to use the cert by yourself. We don't want to mess your apache server, don't worry.

blue928 · April 11, 2018, 11:47pm

Ok, I did that with success, it seems

sudo ./acme.sh --install-cert -d toursoft.co --cert-file /etc/letsencrypt/live/toursoft.co/cert.pem --key-file /etc/letsencrypt/live/toursoft.co/privkey.pem --fullchain-file /etc/letsencrypt/live/toursoft.co/fullchain.pem --reloadcmd "sudo service apache2 force-reload"
[Wed Apr 11 23:17:21 UTC 2018] Installing cert to:/etc/letsencrypt/live/toursoft.co/cert.pem
[Wed Apr 11 23:17:21 UTC 2018] Installing key to:/etc/letsencrypt/live/toursoft.co/privkey.pem
[Wed Apr 11 23:17:21 UTC 2018] Installing full chain to:/etc/letsencrypt/live/toursoft.co/fullchain.pem
[Wed Apr 11 23:17:21 UTC 2018] Run reload cmd: sudo service apache2 force-reload
[Wed Apr 11 23:17:22 UTC 2018] Reload success

Before all of this I followed the instructions of ./acme.sh --install and I see the cron job. Looks like I’m done!

Thanks!

system · May 11, 2018, 11:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Where can I find the location in Apache2 for cert, key, and chain? Help	7	3793	September 7, 2021
Copy ACME.SH Generated Certificate files to Apache Help	15	2339	February 28, 2021
Acme.sh can't get a certificate because the existing certificate is self signed Help	6	7707	March 17, 2017
Installed acme.sh certificate but browser still says it is out of date Help	10	1232	October 10, 2021
I need help with acme.sh Help	37	3029	September 12, 2021

How to install ACME.SH certificates after they are generated?

Related topics