acme.sh 命令

常用示例

说明

acme.sh is a pure Unix shell ACME client for obtaining free SSL/TLS certificates from Let's Encrypt and other ACME-compliant certificate authorities. It supports multiple validation methods including webroot, standalone, DNS, and Apache/Nginx plugins. The tool automatically handles certificate renewal through cron jobs and supports wildcard certificates via DNS validation. It requires no dependencies beyond a POSIX-compliant shell and common utilities like curl or wget.

参数

--issue

Issue a new certificate

--install-cert

Install issued certificate to specified locations

--renew

Renew a specific certificate

--renew-all

Renew all issued certificates

--list

List all issued certificates

-d _domain_

Domain name (can be repeated for multiple domains/SANs)

-w _path_

Webroot path for HTTP validation

--dns _provider_

Use DNS validation with specified provider (dns_cf, dns_aws, etc.)

--standalone

Use standalone mode (starts temporary web server)

--nginx

Use Nginx mode for validation

--apache

Use Apache mode for validation

--key-file _path_

Path to install private key

--fullchain-file _path_

Path to install full certificate chain

--reloadcmd _cmd_

Command to reload service after installation

--force

Force renewal regardless of expiry

--revoke -d _domain_

Revoke a certificate

--remove -d _domain_

Remove a certificate from the renewal list

--server _url_

Specify ACME server (default: Let's Encrypt). Use letsencrypt, zerossl, buypass, or a custom URL.

--upgrade

Upgrade acme.sh to the latest version