SSL Certificate Issuance

The following tutorials are for obtaining SSL certificates for use with pasarguard using the command line (CLI).

Obtaining Certificate with acme.sh

Installing Prerequisites

Install socat using the following command for standalone mode:

apt install curl socat -y

Installing acme.sh

Install acme.sh with the following command.

Replace YOUR_EMAIL with your email address.

curl https://get.acme.sh | sh -s email=YOUR_EMAIL

Obtaining Certificate

To obtain a certificate, execute the following commands in order.

Replace YOUR_DOMAIN with your desired domain or subdomain.

export DOMAIN=YOUR_DOMAIN

mkdir -p /var/lib/pasarguard/certs

~/.acme.sh/acme.sh \
  --issue --force --standalone -d "$DOMAIN" \
  --fullchain-file "/var/lib/pasarguard/certs/$DOMAIN.cer" \
  --key-file "/var/lib/pasarguard/certs/$DOMAIN.cer.key"

Obtaining Certificate for Cloudflare Domain

If your domain is registered on Cloudflare and the above methods don't work, use manual mode.

Replace example.com with your domain.

Installing acme.sh

After installing acme, execute the following steps:

curl https://get.acme.sh | sh -s email=YOUR_EMAIL

Step 1: Request Certificate

~/.acme.sh/acme.sh --issue -d example.com --dns \
 --yes-I-know-dns-manual-mode-enough-go-ahead-please

After execution, you will receive two values as shown in the image below:

Step 2: Configure DNS Record

Go to Cloudflare and create a TXT record, entering the values as shown in the image below:

Step 3: Obtain Certificate

Obtain the certificate with the following command:

~/.acme.sh/acme.sh --renew -d example.com \
  --yes-I-know-dns-manual-mode-enough-go-ahead-please

File Paths

Finally, your domain certificate file will be at:

/root/.acme.sh/example.com_ecc/fullchain.cer

And the private key file will be saved at:

/root/.acme.sh/example.com_ecc/example.com.key