kandi background
Explore Kits

acme.sh | A pure Unix shell script implementing ACME client protocol | TLS library

 by   acmesh-official Shell Version: 3.0.2 License: GPL-3.0

 by   acmesh-official Shell Version: 3.0.2 License: GPL-3.0

Download this library from

kandi X-RAY | acme.sh Summary

acme.sh is a Shell library typically used in Security, TLS applications. acme.sh has no bugs, it has no vulnerabilities, it has a Strong Copyleft License and it has medium support. You can download it from GitHub.
It's probably the easiest & smartest shell script to automatically issue & renew the free certificates. For Docker Fans: acme.sh :two_hearts: Docker.
Support
Support
Quality
Quality
Security
Security
License
License
Reuse
Reuse

kandi-support Support

  • acme.sh has a medium active ecosystem.
  • It has 25259 star(s) with 3473 fork(s). There are 487 watchers for this library.
  • There were 2 major release(s) in the last 12 months.
  • There are 687 open issues and 1600 have been closed. On average issues are closed in 9 days. There are 153 open pull requests and 0 closed requests.
  • It has a neutral sentiment in the developer community.
  • The latest version of acme.sh is 3.0.2
acme.sh Support
Best in #TLS
Average in #TLS
acme.sh Support
Best in #TLS
Average in #TLS

quality kandi Quality

  • acme.sh has 0 bugs and 0 code smells.
acme.sh Quality
Best in #TLS
Average in #TLS
acme.sh Quality
Best in #TLS
Average in #TLS

securitySecurity

  • acme.sh has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
  • acme.sh code analysis shows 0 unresolved vulnerabilities.
  • There are 0 security hotspots that need review.
acme.sh Security
Best in #TLS
Average in #TLS
acme.sh Security
Best in #TLS
Average in #TLS

license License

  • acme.sh is licensed under the GPL-3.0 License. This license is Strong Copyleft.
  • Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.
acme.sh License
Best in #TLS
Average in #TLS
acme.sh License
Best in #TLS
Average in #TLS

buildReuse

  • acme.sh releases are available to install and integrate.
  • Installation instructions, examples and code snippets are available.
acme.sh Reuse
Best in #TLS
Average in #TLS
acme.sh Reuse
Best in #TLS
Average in #TLS
Top functions reviewed by kandi - BETA

Coming Soon for all Libraries!

Currently covering the most popular Java, JavaScript and Python libraries. See a SAMPLE HERE.
kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.

acme.sh Key Features

An ACME protocol client written purely in Shell (Unix shell) language.

Full ACME protocol implementation.

Support ECDSA certs

Support SAN and wildcard certs

Simple, powerful and very easy to use. You only need 3 minutes to learn it.

Bash, dash and sh compatible.

Purely written in Shell with no dependencies on python.

Just one script to issue, renew and install your certificates automatically.

DOES NOT require root/sudoer access.

Docker ready

IPv6 ready

Cron job notifications for renewal or error etc.

1. Install online

copy iconCopydownload iconDownload
curl https://get.acme.sh | sh -s email=my@example.com

2. Or, Install from git

copy iconCopydownload iconDownload
git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m my@example.com

2. Just issue a cert

copy iconCopydownload iconDownload
acme.sh --issue -d example.com -w /home/wwwroot/example.com

3. Install the cert to Apache/Nginx etc.

copy iconCopydownload iconDownload
acme.sh --install-cert -d example.com \
--cert-file      /path/to/certfile/in/apache/cert.pem  \
--key-file       /path/to/keyfile/in/apache/key.pem  \
--fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \
--reloadcmd     "service apache2 force-reload"

4. Use Standalone server to issue cert

copy iconCopydownload iconDownload
acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com

5. Use Standalone ssl server to issue cert

copy iconCopydownload iconDownload
acme.sh --issue --alpn -d example.com -d www.example.com -d cp.example.com

6. Use Apache mode

copy iconCopydownload iconDownload
acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com

7. Use Nginx mode

copy iconCopydownload iconDownload
acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com

9. Use DNS manual mode:

copy iconCopydownload iconDownload
acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com

Single domain ECC certificate

copy iconCopydownload iconDownload
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256

SAN multi domain ECC certificate

copy iconCopydownload iconDownload
acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256

11. Issue Wildcard certificates

copy iconCopydownload iconDownload
acme.sh  --issue -d example.com  -d '*.example.com'  --dns dns_cf

12. How to renew the certs

copy iconCopydownload iconDownload
acme.sh --renew -d example.com --force

13. How to stop cert renewal

copy iconCopydownload iconDownload
acme.sh --remove -d example.com [--ecc]

14. How to upgrade

copy iconCopydownload iconDownload
acme.sh --upgrade

Yaws basic auth letsencrypt

copy iconCopydownload iconDownload
{allow, all}.

Why can't write certificate.crt with acme?

copy iconCopydownload iconDownload
acme.sh --register-account -m yyyy@yahoo.com
acme.sh --issue --dns dns_cf -d  domain.com
 acme.sh --issue --dns dns_cf -d  domain.com --server letsencrypt
-----------------------
acme.sh --register-account -m yyyy@yahoo.com
acme.sh --issue --dns dns_cf -d  domain.com
 acme.sh --issue --dns dns_cf -d  domain.com --server letsencrypt
-----------------------
acme.sh --register-account -m yyyy@yahoo.com
acme.sh --issue --dns dns_cf -d  domain.com
 acme.sh --issue --dns dns_cf -d  domain.com --server letsencrypt

Docker rootless Error: you need to share your Docker host socket with a volume at /var/run/docker.sock

copy iconCopydownload iconDownload
    - "/var/run/docker.sock:/var/run/docker.sock:ro"
   - "unix://$XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro"
-----------------------
    - "/var/run/docker.sock:/var/run/docker.sock:ro"
   - "unix://$XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro"

how to get into directory ~/.acme.sh/'*.domain.com' in bash script

copy iconCopydownload iconDownload
$ mkdir -p ~/.acme.sh/*.domain.com
$ cd .acme.sh/\*.domain.com/
$ pwd
/home/allan/.acme.sh/*.domain.com

How to rewrite url /id/slug (WordPress) to just slug (Ghost) in Nginx?

copy iconCopydownload iconDownload
rewrite ^/\d+(/.*)$ $1 redirect;
rewrite "^/\d{1,4}(/.*)$" $1 redirect;
-----------------------
rewrite ^/\d+(/.*)$ $1 redirect;
rewrite "^/\d{1,4}(/.*)$" $1 redirect;

Community Discussions

Trending Discussions on acme.sh
  • Different domain with different phpmyadmin service and the "same port" problem (nginx reverse proxy, docker)
  • Azure DNS - Terraform - Ignore TXT Value
  • Yaws basic auth letsencrypt
  • Include Letsencrypt Root certificate in Azure Application Gateway
  • Problem running acme-companion when setting up nginx-proxy
  • Installed GHOST on NGINX server and I broke it's ssl config file now NGINX won't restart
  • Why can't write certificate.crt with acme?
  • Docker rootless Error: you need to share your Docker host socket with a volume at /var/run/docker.sock
  • Postfix not using given ssl certificate
  • how to get into directory ~/.acme.sh/'*.domain.com' in bash script
Trending Discussions on acme.sh

QUESTION

Different domain with different phpmyadmin service and the "same port" problem (nginx reverse proxy, docker)

Asked 2022-Mar-20 at 12:09

I have a VPS with nginx-proxy container, and I create some wordpress website with phpmyadmin service. If I want to create another site with this definition I got "same port" problem. Ok, I can change the port to 2998 and it works fine but I need to add a new open port to my VPS. I don't want to add or change the port for each site.

Now:

  • example-a.com:2999 -> example-a phpmyadmin login page
  • examlpe-b.com:2998 -> example-b phpymadmin login page

Is there a way to direct me to the appropriate container by domain address?

  • example-a.com:2999 -> example-a phpmyadmin login page
  • examlpe-b.com:2999 -> example-b phpymadmin login page

My nginx proxy definition

networks:
  nginx-proxy:
    external: false
    name: nginx-reverse-proxy
  default:
    name: nginx-reverse-proxy-default

version: '2'
services:

  nginx-proxy:
    build:
      context: .nginx-proxy
      dockerfile: Dockerfile
    container_name: nginx-proxy
    ports:
      - 80:80
      - 443:443
    restart: always
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - .nginx-proxy/certs:/etc/nginx/certs:ro
      - .nginx-proxy/vhost.d:/etc/nginx/vhost.d
      - .nginx-proxy/dhparam:/etc/nginx/dhparam
      - /usr/share/nginx/html
    networks:
      - nginx-proxy

  nginx-proxy-acme:
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    restart: always
    volumes_from:
     - nginx-proxy
    volumes:
     - /var/run/docker.sock:/var/run/docker.sock:ro
     - .nginx-proxy/certs:/etc/nginx/certs:rw
     - .nginx-proxy-acme/acme:/etc/acme.sh

And this is my wordpress site definition

version: "3.9"

volumes:
  database_volume: {}

x-logging:
  &default-logging
  driver: json-file
  options:
    max-size: '1m'
    max-file: '3'
    
services:

  web:
    build:
      context: ./.docker
      dockerfile: Dockerfile_web
    container_name: test_web
    ports:
      - '3000:80'
    volumes:
      - ./wp:/var/www
    depends_on:
      - database
      - php
    restart: always
    logging: *default-logging

  database:
    image: mariadb:latest
    container_name: test_database
    environment:
      MYSQL_USER: wp
      MYSQL_PASSWORD: wp
      MYSQL_DATABASE: wp
      MYSQL_ROOT_PASSWORD: wp
    volumes:
      - ./database_volume:/var/lib/mysql
    expose:
      - 3306
    restart: always
    logging: *default-logging
  
  php:
    build:
      context: ./.docker
      dockerfile: Dockerfile_php
    container_name: test_php
    working_dir: /var/www/
    volumes:
      - ./wordpress:/var/www
    restart: always
    logging: *default-logging
  
  phpmyadmin:
    image: phpmyadmin/phpmyadmin
    container_name: test_phpmyadmin
    links:
      - database:db
    ports:
      - '2999:80'
    restart: always
    logging: *default-logging

ANSWER

Answered 2022-Mar-07 at 12:49

What you want is not possible, but you probably don't actually want it. It becomes clear once you think through what you want to configure, and what would happen if a user would go to either URL:

  • you have configured example-a.com to point to your IP
  • you have configured example-b.com to point to your IP
  • you have configured your nginx-proxy container to listen on ports 80 and 443
  • you want to configure your WordPress containers to both listen on port 2999
  • you, or rather the acme-companion, have configured your nginx container to forward HTTP requests that ask for host example-a.com to go to the container for example A with port 2999, and requests that ask for example-b.com to go to container B with port 2999

Now, you can see right away that you have two things attempting to listen on the same network interface with port 2999 - that doesn't work, and it can't, because who would handle picking up incoming requests before the request is parsed to find out which host it wanted ? Container A can't accept the request and, if it's meant for B, hand the request over - A doesn't know about B.

So if you think about a user sending a request to example-a.com:2999, what really happens is that a request goes to <yourip>:2999, just like if a user goes to example-b.com:2999, it will end up going to <yourip>:2999.

How can that problem be solved ? By having a third container C that accepts user requests, looks into the request, and based on whether they wanted container A or B, hands the request over to A or B.

Here is the great thing: you already have that! Container C is really your nginx container, which is listening on port 80/443. So if your users go to example-a.com without providing a port, it will go to 80 or 443 (depending on whether they used http or https). Then, nginx will analyze the request, and send it to the correct container. For this, it doesn't really matter what port A and B listen on, because to the outside world, it looks like they are listening on 80/443.

So the real answer is that while you can't combine custom ports with virtual hosts and use the same port for multiple containers (other than 80/443), you don't actually NEED custom ports in the first place! If you just configure your containers with the default ports, users can use both https://example-a.com and https://example-b.com and it will 'just work'™

Source https://stackoverflow.com/questions/70625820

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install acme.sh

Check this project: https://github.com/acmesh-official/get.acme.sh.
Clone this project and launch installation:. You don't have to be root then, although it is recommended.
Create and copy acme.sh to your home dir ($HOME): ~/.acme.sh/. All certs will be placed in this folder too.
Create alias for: acme.sh=~/.acme.sh/acme.sh.
Create daily cron job to check and renew the certs if needed.
After the cert is generated, you probably want to install/copy the cert to your Apache/Nginx or other servers. You MUST use this command to copy the certs to the target files, DO NOT use the certs files in ~/.acme.sh/ folder, they are for internal use only, the folder structure may change in the future. Only the domain is required, all the other parameters are optional. The ownership and permission info of existing files are preserved. You can pre-create the files to define the ownership and permission. Install/copy the cert/key to the production Apache or Nginx path. The cert will be renewed every 60 days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: service apache2 force-reload or service nginx force-reload.

Support

ZeroSSL.com CA(default)Letsencrypt.org CABuyPass.com CASSL.com CAPebble strict ModeAny other RFC8555-compliant CA

DOWNLOAD this Library from

Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

  • © 2022 Open Weaver Inc.