Install SSL cert for Nginx with acme.sh on Debain

• Get acme.sh

sudo su 
curl  https://get.acme.sh | sh
source ~/.bashrc
acme.sh --version
acme.sh --help

• Setup Aliyun DNS API , I need to match *.example.com for the SSL

For other DNS API, see [acme.sh]()
```bash 
export Ali_Key=""
export Ali_Secret=""
```

• Issue a cert

mkdir /etc/nginx/ssl -p
acme.sh --register-account -m my@example.com
acme.sh --issue --dns dns_ali -d example.com -d *.example.com
acme.sh --install-cert -d example.com \
--key-file       /etc/nginx/ssl/key.pem  \
--fullchain-file /etc/nginx/ssl/cert.pem \
--reloadcmd     "nginx -s reload"

• Check cert

admin@ip-172-26-2-113:/etc/nginx/ssl$ ls -lat
-rw-r--r-- 1 root root 4124 May 13 12:26 cert.pem
-rw------- 1 root root  227 May 13 12:26 key.pem

• Install crontab

crontab -e
0 0 1 * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

server {
    listen 443;
    server_name *.example.com; 
    ...
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;
}

Errors

• No EAB credentials found for ZeroSSL, let’s get one

root@ip-172-26-2-113:~# acme.sh --issue --dns dns_ali -d example.com -d *.example.com
[Sat May 13 12:09:23 UTC 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Sat May 13 12:09:23 UTC 2023] Create account key ok.
[Sat May 13 12:09:24 UTC 2023] No EAB credentials found for ZeroSSL, let's get one
[Sat May 13 12:09:24 UTC 2023] acme.sh is using ZeroSSL as default CA now.
[Sat May 13 12:09:24 UTC 2023] Please update your account with an email address first.
[Sat May 13 12:09:24 UTC 2023] acme.sh --register-account -m my@example.com
[Sat May 13 12:09:24 UTC 2023] See: https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA
[Sat May 13 12:09:24 UTC 2023] Please add '--debug' or '--log' to check more details.
[Sat May 13 12:09:24 UTC 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

acme.sh --register-account -m my@example.com