written on Sep 13, 2016
Previously I used certbot to generate acme challenges and manually editted nginx configs to allow Letsencrypt server to read them. It’s still working fine and I have a monthly cron job running to auto renew the certificates.
I recently came across acme.sh which supports multiple ways to create challenges for Letsencrypt server to check. One method which caught my eyes is DNS mode; it uses a DNS provider’s API to write TXT records whose values are acme challenges. My DNS provider is Cloudflare which the repo officially supports so the command to get certificates is really simple.
export CF_Key=my_cloudflare_api_key export CF_Email=my_email acme.sh --issue --dns dns_cf -d lttviet.com -d hello.lttviet.com
The script also supports a bunch of other modes to issue certs so it seems rather versatile.
This is just one out of many ways to get certificates from Letsencrypt but it seems the most simple to my current workflow. I can generate certs on my local machine and push them to my server; no more manually modifying nginx config.
A few more solutions
Getting certs these days is incredibly easy and it’s also free. Here are a few more interesting options that I have read about: