Linux Servers
Acme.sh - SSL Creation
Acme.sh is a lightweight, pure Unix shell script that acts as an ACME client to automatically issue, renew, and install free SSL/TLS certificates from Let's Encrypt. Unlike Certbot Acme.sh uses bash commands to execute commands where Certbot uses Python to operate. This guide will will demonstrate how to install, issue, and use Acme.sh.
Table of Contents
If you're already using Certbot there's likely no need to use Acme.sh unless you intend to switch.
As of April 21st 2026 Ubuntu is listed as a failed testing operating system for Acme.sh. Take caution if installing on Ubuntu operating systems.
Why Use Acme.sh
No dependencies (pure bash)
Lightweight and portable
Supports DNS and webroot challenge methods
Supports ECDSA certificates
Support SAN and wildcard certificates
No need for system packages like
certbotorpython3-certbot-nginx
Initial Installation
To install Acme.sh to a Linux operating system it can be installed with the curl or wget commands.
curl https://get.acme.sh | sh -s [email protected]or
wget -O - https://get.acme.sh | sh -s [email protected]Issue a Certificate
To create a certificate for a domain it's fairly simple to achieve with Acme.sh.
Create an A Record and make sure it's pointed to the server that the certificate will be created on
Run the below Acme.sh command replacing the
example.comwith the relevant domain
acme.sh --issue -d example.com -w /home/wwwroot/example.comThe certificate will create an issue.
For more advanced usage with web-servers like Apache2 and Nginx refer to the official documentation - https://github.com/acmesh-official/acme.sh#3%EF%B8%8F%E2%83%A3-install-the-certificate-to-apachenginx
Remove a Certificate
To remove an existing certificate the remove flag on the command will perform this action
acme.sh --remove -d example.comFurther Documentation
For further information, guides, and documentation for Acme.sh view the GitHub repository at the below link.