====== Let’s Encrypt ======

[[https://letsencrypt.org/|Let’s Encrypt]] is a free, automated, and open Certificate Authority.

===== acme.sh =====

I'm using [[https://github.com/Neilpang/acme.sh|acme.sh]] to issue/renew let's encrypt's cert.

==== Install ====

  curl https://get.acme.sh | sh

==== Issue a new cert ====

  acme.sh --issue -d [domain] -w /path/to/webroot

==== acme.sh 自动更新策略 ====

acme.sh 会添加 ''acme.sh --cron'' 命令到 [[linux:crontab]]，每日判断域名是否更新，判断文件在 ''$HOME/.acme.sh/[domain]/[domain].conf''，每次更新的间隔为60天

如没有设置 ''reloadcmd'' 可以直接在该文件中补上：

<code ini>
Le_ReloadCmd='service nginx reload'
</code>