Published: 29.04.2021 | Edited: 09.05.2021 | Tags: 100daystooffload

Cheatsheet: acme.sh DNS mode

Here's a compilation of useful commands that use a DNS-01 challenge to issue a certificate using acme.sh client.

  • Issue a certificate using an automatic DNS API mode with GoDaddy:

acme.sh --issue --dns gnd_gd --domain example.com

  • Issue a wildcard certificate (denoted by an asterisk) using an automatic DNS API mode with Namesilo:

acme.sh --issue --dns dns_namesilo --domain *.example.com

  • Issue a certificate using a DNS alias mode with Cloudflare:

acme.sh --issue --dns dns_cf --domain example.com --challenge-alias alias-for-example-validation.com

  • Issue a certificate using Namecheap DNS API while disabling an automatic Cloudflare or Google DNS polling after the DNS record is added by specifying a manual wait time (useful when concerned about privacy):

acme.sh --issue --dns dns_namecheap --domain example.com --dnssleep 300

  • Issue a certificate using a custom DNS API script, placed by default at /root/.acme.sh/dns_custom.sh (useful with an error Can not find dns api hook when the API is not yet supported upstream), see also my other post:

acme.sh --issue --dns dns_custom --domain example.com

  • Issue a certificate using a manual DNS mode, but without an automatic certificate renewal (make sure to research this method before issuing):

acme.sh --issue --dns --domain example.com --yes-I-know-dns-manual-mode-enough-go-ahead-please

This is a 50th post of #100daystooffload.

Links