{"id":312,"date":"2025-07-16T10:54:27","date_gmt":"2025-07-16T17:54:27","guid":{"rendered":"https:\/\/www.cmsws.com\/blog\/?p=309"},"modified":"2025-07-16T10:54:27","modified_gmt":"2025-07-16T17:54:27","slug":"use-acme-sh-to-create-wildcard-certs-via-lets-encrypt","status":"publish","type":"post","link":"https:\/\/www.cmsws.com\/blog\/use-acme-sh-to-create-wildcard-certs-via-lets-encrypt\/","title":{"rendered":"Use acme.sh to create Wildcard certs via Let&#8217;s Encrypt"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Install_acmesh\"><\/span>Install acme.sh<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>On the server requesting the cert:<\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 ez-toc-wrap-right counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.cmsws.com\/blog\/use-acme-sh-to-create-wildcard-certs-via-lets-encrypt\/#Install_acmesh\" >Install acme.sh<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.cmsws.com\/blog\/use-acme-sh-to-create-wildcard-certs-via-lets-encrypt\/#Create_%E2%80%9Chook%E2%80%9D_scripts_for_the_acmesh_script\" >Create &#8220;hook&#8221; scripts for the acme.sh script<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.cmsws.com\/blog\/use-acme-sh-to-create-wildcard-certs-via-lets-encrypt\/#Issue_the_wildcard_cert_using_acmesh\" >Issue the wildcard cert using acme.sh<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.cmsws.com\/blog\/use-acme-sh-to-create-wildcard-certs-via-lets-encrypt\/#Install_the_cert_locally\" >Install the cert locally<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.cmsws.com\/blog\/use-acme-sh-to-create-wildcard-certs-via-lets-encrypt\/#Copy_cert_and_key_files_to_other_servers\" >Copy cert and key files to other servers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.cmsws.com\/blog\/use-acme-sh-to-create-wildcard-certs-via-lets-encrypt\/#Restart_services_to_load_new_SSL_cert\" >Restart services to load new SSL cert<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.cmsws.com\/blog\/use-acme-sh-to-create-wildcard-certs-via-lets-encrypt\/#systemd_systems\" >systemd systems<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.cmsws.com\/blog\/use-acme-sh-to-create-wildcard-certs-via-lets-encrypt\/#sysV_systems\" >sysV systems<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.cmsws.com\/blog\/use-acme-sh-to-create-wildcard-certs-via-lets-encrypt\/#BSD_systems\" >BSD systems<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<pre class=\"wp-block-code\"><code>curl https:\/\/get.acme.sh | sh<br>source ~\/.bashrc<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Create_%E2%80%9Chook%E2%80%9D_scripts_for_the_acmesh_script\"><\/span>Create &#8220;hook&#8221; scripts for the acme.sh script<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.cmsws.com\/blog\/create-tinydns-hook-script-for-use-with-acme-sh\/\" title=\"Create TinyDNS \u201chook\u201d script for use with acme.sh\">Example for TinyDNS on CentOS<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cmsws.com\/blog\/create-bind9-hook-script-for-use-with-acme-sh\/\" title=\"Create Bind9 \u201chook\u201d script for use with acme.sh\">Example for Bind9 on Debian 12<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Issue_the_wildcard_cert_using_acmesh\"><\/span>Issue the wildcard cert using acme.sh<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>acme.sh --issue --dns dns_tinydns -d '*.example.com' --server letsencrypt || {\n    echo \"Could not generate cert\"\n    exit 1\n}<\/code><\/pre>\n\n\n\n<p>Check here to see if the SSL we renewed.<br>If it was renewed, continue on with the rest of this process<br>If it was NOT renewed, go ahead and stop here<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Install_the_cert_locally\"><\/span>Install the cert locally<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>acme.sh --install-cert -d '*.example.com' \\\n  --key-file \/etc\/ssl\/private\/example.com.key \\\n  --cert-file \/etc\/ssl\/certs\/example.com.crt \\\n  --fullchain-file \/etc\/ssl\/certs\/example.com_fullchain.crt || {\n    echo \"Could not copy certificate files to destination\"\n    exit 1\n}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Copy_cert_and_key_files_to_other_servers\"><\/span>Copy cert and key files to other servers<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>scp \/etc\/ssl\/private\/example.com.key root@zabbix.example.com:\/etc\/ssl\/private\/ || {\n}\nscp \/etc\/ssl\/certs\/example.com.crt root@zabbix.example.com:\/etc\/ssl\/certs\/ || {\n}\nscp \/etc\/ssl\/certs\/example.com_fullchain.crt root@zabbix.example.com:\/etc\/ssl\/certs\/ || {\n}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Restart_services_to_load_new_SSL_cert\"><\/span>Restart services to load new SSL cert<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"systemd_systems\"><\/span>systemd systems<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh root@fs.example.com 'systemctl restart apache2'\nssh root@zabbix.example.com 'systemctl restart apache2'<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"sysV_systems\"><\/span>sysV systems<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh root@fs.example.com 'service apache2 restart'\nssh root@zabbix.example.com 'service apache2 restart'<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"BSD_systems\"><\/span>BSD systems<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh root@fs.example.com 'rcctl restart apache2'\nssh root@zabbix.example.com 'rcctl restart apache2'<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Install acme.sh On the server requesting the cert: Create &#8220;hook&#8221; scripts for the acme.sh script Issue the wildcard cert using acme.sh Check here to see if the SSL we renewed.If it was renewed, continue on with the rest of this processIf it was NOT renewed, go ahead and stop here Install the cert locally Copy cert and key files to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-312","post","type-post","status-publish","format-standard","hentry","category-misc"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.cmsws.com\/blog\/wp-json\/wp\/v2\/posts\/312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cmsws.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cmsws.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cmsws.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cmsws.com\/blog\/wp-json\/wp\/v2\/comments?post=312"}],"version-history":[{"count":0,"href":"https:\/\/www.cmsws.com\/blog\/wp-json\/wp\/v2\/posts\/312\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cmsws.com\/blog\/wp-json\/wp\/v2\/media?parent=312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cmsws.com\/blog\/wp-json\/wp\/v2\/categories?post=312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cmsws.com\/blog\/wp-json\/wp\/v2\/tags?post=312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}