Difference between revisions of "Acme.sh"
Latest revision as of 11:25, 27 January 2021
asme.sh - free open source solution for getting Lets Encrypt certificate. Benefits asme.sh:
- Easy installation
- Getting ECC-128,ECC-256,ECC-386 bits certificate
- Integration with DNS hosting Сloudflare
- Automatic certification
- Support wildcard
Instructions for getting Lets Encrypt wildcard ECC certificate with DNS verification
apt install git git clone https://github.com/Neilpang/acme.sh.git cd ./acme.sh ./acme.sh --install
Import Cloudflare DNS API Keys
CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" export CF_Email="firstname.lastname@example.org"
Difference for ECC and RSA. ECC is 10 times faster at the time of connection than RSA. RSA provides better interoperability with other federation servers. The level of protection against quantum computers is the same. A big quantum computer capable of cracking an ECC certificate will be able to crack an RSA certificate, although it takes 4 times longer to crack RSA, the difference between 1 minute and 4 minutes is negligible. It should be noted that there are no quantum computers capable of breaking RSA or ECC.
If you want to maintain compatibility with other servers and clients use RSA, if connection speed is important to you, use ECC
Get a wildcard ECC certificate Let's Encrypt.
sh acme.sh --issue --dns dns_cf -d example.com -d '*.example.com' --keylength ec-384
sh acme.sh --issue --dns dns_cf -d example.com -d '*.example.com' --keylength 4096
sh acme.sh --renew --dns dns_cf -d example.com -d '*.example.com' --ecc --force