openSUSE Tumbleweed - acme.sh management on

Created by: Administrator, Last modification: 22 August 2025

Originally I had a useful crib sheet when I moved from certbot to acme.sh but I can't locate it now, hence taking a little more time to create my own crib sheets today.

How to secure nginx with lets encrypt on opensuse 15-1-15-2 was the one I found this time around and while I am using nginx, I don't have acme.sh restarting it when a certificated is updated. Something to look at again later, but it is nicely renewing the certificates at the right time. Security Certificate Renewal was a more recent crib sheet and covers the changes that the cyberciti.biz crib sheet needs updating to address.

As a starting point the procedure to add a new certificate started with

./.acme.sh/acme.sh --issue --webroot &amp;quot;/srv/website/phpsurgery&amp;quot; -d &amp;quot;phpsurgery.uk&amp;quot; -d &amp;quot;www.phpsurgery.uk&amp;quot; -d &amp;quot;phps.rdm1.uk&amp;quot; --keylength 4096

and then change the --keylength to the ecc version

./.acme.sh/acme.sh --issue --webroot &amp;quot;/srv/website/phpsurgery&amp;quot; -d &amp;quot;phpsurgery.uk&amp;quot; -d &amp;quot;www.phpsurgery.uk&amp;quot; -d &amp;quot;phps.rdm1.uk&amp;quot; --keylength ec-384

These are then flagged to be copied to the ssl folder on the nginx setup.

./.acme.sh/acme.sh -d &amp;quot;phpsurgery.uk&amp;quot; --install-cert --fullchain-file &amp;quot;/etc/nginx/ssl/phpsurgery.uk/fullchain.cer&amp;quot; --key-file &amp;quot;/etc/nginx/ssl/phpsurgery

and the ecc versions are merged with the main ones in the one subdirectory under /etc/nginx/ssl/

.uk/phpsurgery.uk.key&amp;quot; --cert-file &amp;quot;/etc/nginx/ssl/phpsurgery.uk/phpsurgery.uk.cer&amp;quot;
./.acme.sh/acme.sh -d &amp;quot;phpsurgery.uk&amp;quot; --ecc --install-cert --fullchain-file &amp;quot;/etc/nginx/ssl/phpsurgery.uk/fullchain.cer.ecc&amp;quot; --key-file &amp;quot;/etc/nginx/ssl/
phpsurgery.uk/phpsurgery.uk.key.ecc&amp;quot; --cert-file &amp;quot;/etc/nginx/ssl/phpsurgery.uk/phpsurgery.uk.cer.ecc&amp;quot;

What I forgot to include initially was the dhparams.pem file so when restarting nginx it bauked, but since this file is identical across all the domains I just had to duplicate it. Looking at the nginx configuration, it may be that I only need a generic copy in one location rather than duplicating it in all the subfolders. Something to review later.

Useful Links