useradd -m -d /var/lib/acme -s /usr/sbin/nologin acme
chmod 700 /var/lib/acme
mkdir -p /var/www/EXAMPLE.com/.well-known/acme-challenge
chown acme.acme /var/www/EXAMPLE.com/.well-known/acme-challenge
chmod 755 /var/www/EXAMPLE.com/.well-known/acme-challenge
location ~ /.well-known {
allow all;
root /var/www/EXAMPLE.com;
}
visudo
acme ALL=(ALL) NOPASSWD: /usr/sbin/service nginx reload
su - acme -s /bin/bash
export HOME=/var/lib/acme
cd /var/lib/acme
git clone https://github.com/acmesh-official/acme.sh.git
cd acme.sh
./acme.sh --install
cd /var/lib/acme
.acme.sh/acme.sh --issue -d EXAMPLE.com -w /var/www/EXAMPLE.com
./acme.sh --issue -w /var/www/EXAMPLE.com -d EXAMPLE.com -d www.EXAMPLE.com
ssl_certificate /etc/nginx/auth-acme/EXAMPLE.com.crt;
ssl_certificate_key /etc/nginx/auth-acme/EXAMPLE.com.key;
ssl_trusted_certificate /etc/nginx/auth-acme/EXAMPLE.com.ca;
service nginx reload