What is This Guide About?

This guide will help you set up and use the Acme.sh to get SSL certificates for your website.

What You'll Need Before Starting

Before we begin, make sure you have:

• A computer running Linux, Mac, or Windows (with WSL)
• Administrator access (permission to install software on your computer)
• A domain name (like example.com) that you own
• An account with your DNS provider (like Cloudflare, GoDaddy, or similar) have API Support.
• Your special access codes from your administrator (we'll explain what these are below)

Part 1: Installing the Acme.sh

The Acme.sh is a small program that automatically gets and renews SSL certificates for you. Think of it as your personal certificate assistant that works in the background.

First, you need to open your terminal (command line):

Now we'll download and install the Acme.sh. Copy and paste this command into your terminal, then press Enter:

curl https://get.acme.sh | sh -s email=your-email@example.com

Important: Replace 'your-email@example.com' with your actual email address.

This command downloads the Acme.sh and installs it to your computer. It only takes a few seconds.

After installation, you need to 'activate' the tool by telling your terminal where to find it. Type these commands one at a time:

source ~/.bashrc

These commands refresh your terminal so it knows about the new Acme.sh.

Let's make sure everything installed correctly. Type this command:

acme.sh --version

You should see something like this:

https://github.com/acmesh-official/acme.sh
v3.0.7

If you see version information like above, congratulations! The tool is installed correctly.

Enable automatic updates so the tool stays up-to-date with the latest security features:

acme.sh --upgrade --auto-upgrade

Great job! The Acme.sh is now installed and ready to use.

Part 2: Setting Up Your Configuration

Now we need to create a configuration file that tells the Acme.sh where to get certificates and how to connect to your DNS provider. Think of this as filling out a form with your account information.

First, create a folder to store your settings:

mkdir -p ~/.acme.sh/config

This creates a hidden folder called '.acme.sh/config' in your home directory.

Now, open a text editor to create your configuration file:

nano ~/.acme.sh/config/acme-server.env

This opens a simple text editor where you'll add your settings.

Copy and paste this template into the editor, then replace the placeholder values with your actual information:

# Server Information
export ACME_SERVER="https://demo.acme-server.com/directory"
export EMAIL="admin@example.com"

# Your Access Codes (get these from your administrator)
export EAB_KEY="YOUR_EAB_KEY_HERE"
export HMAC_KEY="YOUR_HMAC_KEY_HERE"

# Timeout Settings (how long to wait for responses)
export Le_HTTPTimeout=600
export Le_DNSSleep=120

# Cloudflare Connection (if using Cloudflare)
export CF_Token="YOUR_CLOUDFLARE_TOKEN_HERE"
export CF_Account_ID="YOUR_CLOUDFLARE_ACCOUNT_ID"

This example demonstrates DNS configuration using Cloudflare. If you are using a different DNS provider, please refer to the supported DNS providers list to check compatibility.

What to replace:

• ACME_SERVER:
• EAB_KEY and HMAC_KEY:
• ACME_SERVER, EAB_KEY, and HMAC_KEY will be provided by Https.In. You can find them in your My Account ? Certificate Management section
• EMAIL: Your email address.
• CF_Token and CF_Account_ID: These can be obtained from your Cloudflare Domain Control Panel. For more details, please refer to Part 3

This file contains sensitive information, so we need to protect it. Run this command:

chmod 600 ~/.acme.sh/config/acme-server.env

This makes sure only you can read this file, keeping your credentials safe.

Part 3: Getting Your Cloudflare API Token

The Acme.sh needs permission to update your DNS records automatically. If you use Cloudflare (a popular DNS provider), follow these steps to create an API token.

If you use a different DNS provider (like GoDaddy, AWS, or DigitalOcean), check the 'Other DNS Providers' section at the end of this guide.

1. Go to cloudflare.com and log into your account
2. Click on your profile icon in the top right corner
3. Select 'My Profile'

1. On your profile page, click 'API Tokens' in the left menu
2. Click the blue 'Create Token' button
3. Find the 'Edit zone DNS' template and click 'Use template'

Now set up what this token can do. Make sure these settings are correct:

• Zone ? DNS ? Edit
• Zone ? Zone ? Read

Zone Resources:

• Include ? Specific zone ? [select your domain]

Click 'Continue to summary'

Click 'Create Token'

Important! Cloudflare will show your token only once. You need to copy it now.

1. Click the 'Copy' button to copy your token
2. Save it somewhere safe (like a password manager)
3. Add it to your configuration file (the CF_Token line)

Let's make sure the token works. First, load your configuration:

source ~/.acme.sh/config/acme-server.env

Then test the connection, use CURL:

curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
-H "Authorization: Bearer $CF_Token" \
-H "Content-Type: application/json"

If your token is working, you'll see:

{ "success": true, "result": { "status": "active" } }

Perfect! Your Cloudflare connection is working.

Part 4: Registering Your Account

Now we need to register your account with the certificate server. This tells the server, 'Hello, I'm allowed to request certificates.'

source ~/.acme.sh/config/acme-server.env

acme.sh --register-account \
--server "$ACME_SERVER" \
--eab-kid "$EAB_KEY" \
--eab-hmac-key "$HMAC_KEY"

You should see a success message like this:

[Mon Feb  9 10:30:00 UTC 2026] Registering account
[Mon Feb  9 10:30:01 UTC 2026] Registered

Excellent! Your account is now registered.

Congratulations! You're All Set Up

Great work! You've successfully completed the installation and setup. Here's what you accomplished:

• Installed the Acme.sh on your computer
• Created and secured your configuration file
• Set up your DNS provider connection (like Cloudflare)
• Registered your account with the certificate server

Now that everything is set up, you're ready to request and install SSL certificates!

Check out the next guide: “Acme.sh Deployment Guide” to learn how to request, renew, and install an SSL certificate for your domain under different server environments.