Guide to Upgrading HTTP Sites to HTTPS Using acme.sh

Many site owners need to upgrade from HTTP to HTTPS for security and platform requirements.

HTTPS adds SSL/TLS on top of HTTP, requiring a CA certificate to authenticate the server and encrypt traffic.

Certificates can be purchased or obtained for free from Let’s Encrypt. The free option is suitable for small sites.

The script acme.sh automates obtaining and renewing Let’s Encrypt certificates using the ACME protocol.

Installation is a single command:

curl https://get.acme.sh | sh

After installation, the script resides in ~/.acme.sh/ and creates a cron job to check certificates daily.

Certificates can be issued via HTTP validation (placing a file in the webroot) or DNS validation (adding a TXT record). Example commands:

acme.sh --issue -d mydomain.com -d www.mydomain.com --webroot /home/wwwroot/mydomain.com/

acme.sh --issue -d mydomain.com --apache

acme.sh --issue -d mydomain.com --nginx

acme.sh --issue -d mydomain.com --standalone

acme.sh --issue --dns -d mydomain.com

After issuance, install the certificate to the desired location using --installcert with parameters for key, fullchain, and reload command, e.g.:

acme.sh --installcert -d <domain>.com \
--key-file /etc/nginx/ssl/<domain>.key \
--fullchain-file /etc/nginx/ssl/fullchain.cer \
--reloadcmd "service nginx force-reload"

Certificates auto‑renew after 60 days; the script can be upgraded with:

acme.sh --upgrade

Automatic upgrades can be enabled:

acme.sh --upgrade --auto-upgrade

For troubleshooting, add --debug or --debug 2 to the issue command.