← All open source projects

acme.sh

acmesh-official/acme.sh

acme.sh is a shell ACME client for issuing and renewing SSL/TLS certificates, with support for different CAs and validation modes.

GitHub · 46,997 stars Project website
Forks 5,616
Author acmesh-official
Language Shell
License Unknown
Synced 2026-06-27

What it is

acme.sh is a shell ACME client for issuing and renewing SSL/TLS certificates.

The project appeared around certificate automation: manual issue and renewal quickly become sources of outages and mistakes.

acme.sh’s main task is to make certificate issuance a repeatable script that can be built into server maintenance.

What is inside the repository

The repository contains features, Chinese documentation, who uses it, tested OS, supported CAs, supported modes, and usage guide.

The project supports different certificate authorities and several domain validation modes.

How people usually use it

acme.sh is used on web servers, reverse proxies, personal VPS machines, internal services, and certificate-renewal automation.

A normal scenario is to install the client, issue a certificate for a domain, install files to the right place, and configure automatic renewal.

Issuing a certificate with webroot

This example shows a typical ACME scenario: validate the domain through webroot and issue a certificate.

Language: Bash 
acme.sh --issue -d example.com -w /var/www/html
acme.sh --install-cert -d example.com \
  --key-file /etc/ssl/example.key \
  --fullchain-file /etc/ssl/example.crt

What it feels like in practice

The project’s strength is the minimalist shell approach. It is easy to understand, move, and run on different Unix systems.

Another advantage is support for different CAs rather than only one certificate provider.

Limits and careful spots

The limitation is that certificate automation directly affects site availability. A wrong path, permission, or reload command can leave a service with an old certificate.

DNS and HTTP validation also require careful domain and web-server configuration.

Who it fits

acme.sh best fits administrators and developers who need a transparent ACME client without a heavy dependency.

In the catalog, acme.sh matters as a practical infrastructure tool: it solves a small but critical task for security and availability.

In long-term work with a project like this, installation is not the only concern: the team needs a clear boundary of responsibility, an update routine, and an owner for usage rules.

In practice, this means running a minimal example before adoption, checking configuration, reviewing updates, and understanding which data or processes are touched. That short pass quickly shows where the project helps immediately and where the team still needs its own decisions.

If the project becomes part of a public site, product, or internal platform, it should be recorded in team documentation: source link, version, owner, and update rhythm. Then the open code remains a managed dependency rather than a random fragment of infrastructure.