ACME & Lets Encrypt

ℹ️ Support
1

Hi,

I created my Let`s Encrypt certificates with these both commands:

acme.sh --issue -d ihre.domain.de --keylength 4096 -w /var/www/letsencrypt --key-file /etc/letsencrypt/rsa-certs/privkey.pem --ca-file /etc/letsencrypt/rsa-certs/chain.pem --cert-file /etc/letsencrypt/rsa-certs/cert.pem --fullchain-file /etc/letsencrypt/rsa-certs/fullchain.pem --reloadcmd "sudo /bin/systemctl reload nginx.service"`


acme.sh --issue -d ihre.domain.de --keylength ec-384 -w /var/www/letsencrypt --key-file /etc/letsencrypt/ecc-certs/privkey.pem --ca-file /etc/letsencrypt/ecc-certs/chain.pem --cert-file /etc/letsencrypt/ecc-certs/cert.pem --fullchain-file /etc/letsencrypt/ecc-certs/fullchain.pem --reloadcmd "sudo /bin/systemctl reload nginx.service"

Everything fine.

Now I want to set Lets Encrypt as the standard CA by this commands:

su - acmeuser -c ".acme.sh/acme.sh --set-default-ca --server letsencrypt"

acme.sh --issue -d ihre.domain.de --server letsencrypt --keylength 4096 -w /var/www/letsencrypt --key-file /etc/letsencrypt/rsa-certs/privkey.pem --ca-file /etc/letsencrypt/rsa-certs/chain.pem --cert-file /etc/letsencrypt/rsa-certs/cert.pem --fullchain-file /etc/letsencrypt/rsa-certs/fullchain.pem --reloadcmd "sudo /bin/systemctl reload nginx.service"

acme.sh --issue -d ihre.domain.de --server letsencrypt --keylength ec-384 -w /var/www/letsencrypt --key-file /etc/letsencrypt/ecc-certs/privkey.pem --ca-file /etc/letsencrypt/ecc-certs/chain.pem --cert-file /etc/letsencrypt/ecc-certs/cert.pem --fullchain-file /etc/letsencrypt/ecc-certs/fullchain.pem --reloadcmd "sudo /bin/systemctl reload nginx.service"

Question:

Do I have to delete the current certifcates created with the first commands first?
Or simply entering the new comands and new certificates get installed and the old ones are replaced?

Thanks

2

Any tipps on this?

3

In the docs, they say that the certificates are copied to this location and keep the same permission settings:

If they rename the old ones before or if they delete them (because they are just copied from somewhere), i don’t know. But the link is from they repository, you could go through their code. Or just save all your config files to a backup and give it a try :wink: