-
-
Notifications
You must be signed in to change notification settings - Fork 5k
ZeroSSL.com CA
ZeroSSL doesn't have rate limits. One can issue unlimited TLS/SSL certificate valid for 90 days (ref).
Note: Since v3, acme.sh uses Zerossl as the default Certificate Authority (CA). Account registration (one-time) is required before one can issue new certs. See also: https://github.com/acmesh-official/acme.sh/wiki/Change-default-CA-to-ZeroSSL
acme.sh --register-account -m [email protected] --server zerosslAlternatively, if you sign up for a ZeroSSL account, bootstrap acme.sh with External Account Binding (EAB) credentials, like so:
- Generate your EAB credentials from https://app.zerossl.com/developer
- Register your EAB credentials.
acme.sh --register-account --server zerossl \
--eab-kid xxxxxxxxxxxx \
--eab-hmac-key xxxxxxxxxUsers with a ZeroSSL account can manage issued certificates from developer console.
Use Zerossl.com with --server zerossl:
acme.sh --server zerossl \
--issue -d example.com \
--dns dns_cfIf you don't want to specify --server zerossl every time you issue a cert, you can set zerossl as the default CA:
acme.sh --set-default-ca --server zerosslRead: https://github.com/acmesh-official/acme.sh/wiki/Server
Issue any cert from zerossl without having to specify --server:
acme.sh --issue -d example.com --dns dns_cfIf certificate issuance fails and you see something like this in the logs
[XYZ 18 09:50:07 -02 2020] Create new order error. Le_OrderFinalize not found.
{"type":"urn:ietf:params:acme:error:malformed","status":400,"detail":"A Key ID MUST be specified"}then, re-generate your EAB credentials (refer step #2) and re-run certificate issuance. See: acme.sh/issues/3310.
Buy me a beer, Donate to acme.sh if it saves your time. Your donation makes acme.sh better: https://donate.acme.sh/
如果 acme.sh 帮你节省了时间,请考虑赏我一杯啤酒🍺, 捐助: https://donate.acme.sh/ 你的支持将会使得 acme.sh 越来越好. 感谢