Stateless Mode - acmesh-official/acme.sh GitHub Wiki
Configure your webserver to respond statelessly to challenges for a given account key. This requires nothing more than a one-time web server configuration change and no "moving parts".
- First get your account key thumbprint:
Remember the thumbprint in the last line:
root@ed:~# acme.sh --register-account [Mon Feb 6 21:40:18 CST 2017] Registering account [Mon Feb 6 21:40:19 CST 2017] Already registered [Mon Feb 6 21:40:21 CST 2017] Update success. [Mon Feb 6 21:40:21 CST 2017] ACCOUNT_THUMBPRINT='6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd'6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd - Configure the web server to return the account key thumbprint:
Add something similar to your
nginx.conf:Add something similar to yourhttp { ... server { ... location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ { default_type text/plain; return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd"; } ... } }Caddyfile:Add something similar to yourexample.com { @achallenge { path_regexp ch ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ } respond @achallenge "{re.ch.1}.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd"httpd.conf:Then addLoadModule php7_module libexec/apache2/libphp7.so ... <VirtualHost *:80> ... <IfModule php7_module> AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps <IfModule dir_module> DirectoryIndex index.html index.php </IfModule> </IfModule> ... <Directory "/PATH/TO/WWW/ROOT/.well-known/acme-challenge/"> RewriteEngine On RewriteRule "^[-_a-zA-Z0-9]+$" "index.php" </Directory> ... </VirtualHost> .../PATH/TO/WWW/ROOT/.well-known/acme-challenge/index.php:NOTE that this approach uses PHP but something similar could be done with CGI, Perl, Ruby or pretty much any other server-side language. Add the http-request return rule to your configuration:<?php header("Content-Type: text/plain"); $token = array_pop(explode('/',$_SERVER['REQUEST_URI'])); echo "$token.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd"; ?>
global setenv ACCOUNT_THUMBPRINT '6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd' log stderr local0 stats socket /var/run/haproxy.sock level admin mode 0666 frontend web log global option httplog mode http bind :80 bind :443 ssl crt /etc/haproxy/certs/ http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_reg '^/.well-known/acme-challenge/[-_a-zA-Z0-9]+$' } - Ok, you can issue cert now.
acme.sh --issue -d example.com --stateless