Difference between revisions of "Acme.sh"

From WIKI
 
(No difference)

Latest revision as of 11:25, 27 January 2021

asme.sh - free open source solution for getting Lets Encrypt certificate. Benefits asme.sh:

  • Easy installation
  • Getting ECC-128,ECC-256,ECC-386 bits certificate
  • Integration with DNS hosting Сloudflare
  • Automatic certification
  • Support wildcard

Instructions for getting Lets Encrypt wildcard ECC certificate with DNS verification

apt install git
git clone https://github.com/Neilpang/acme.sh.git
cd ./acme.sh
./acme.sh --install

Import Cloudflare DNS API Keys

CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Email="xxxx@sss.com"

Difference for ECC and RSA. ECC is 10 times faster at the time of connection than RSA. RSA provides better interoperability with other federation servers. The level of protection against quantum computers is the same. A big quantum computer capable of cracking an ECC certificate will be able to crack an RSA certificate, although it takes 4 times longer to crack RSA, the difference between 1 minute and 4 minutes is negligible. It should be noted that there are no quantum computers capable of breaking RSA or ECC.

If you want to maintain compatibility with other servers and clients use RSA, if connection speed is important to you, use ECC


Get a wildcard ECC certificate Let's Encrypt.

sh acme.sh --issue --dns dns_cf -d example.com -d '*.example.com' --keylength ec-384

RSA-key

sh acme.sh --issue --dns dns_cf -d example.com -d '*.example.com' --keylength 4096

Renew

sh acme.sh --renew --dns dns_cf -d example.com -d '*.example.com' --ecc --force

Other Manual

Links