Generate HTTPS certificates via

What is is an open-source Shell script used for automating the generation and management of HTTPS certificates.


curl | sh -s [email protected]

After installation, will appear in your home directory.


Execute the following command to make the environment variables of take effect.

source ~/.basrc

Generate certificates

Before generating the certificate, needs to verify your ownership of the domain name. There are several verification modes as follows:

HTTP Verification


If you are using an Apache server. --issue -d --apache

Nginx Server

If you are using an nginx server. --issue -d --nginx

Add file to website root directory.

You can also tell the root directory of your website, and will automatically add a file for verification. --issue -d --webroot /path-to-the-webroot-of-the-site

DNS Verification

Add record manually

Execute command --issue --dns -d --yes-I-know-dns-manual-mode-enough-go-ahead-please

Then, will generate the corresponding parsing record and display it. You just need to add this TXT record in your domain management panel.

Then regenerate the certificate --renew -d --yes-I-know-dns-manual-mode-enough-go-ahead-please

Verify through DNS service provider API.

This should be the most commonly used and recommended verification mode. Taking CloudFlare as an example, please refer to for applying certificates from other service providers.

Apply for API.

You can get your global API key from your Cloudflare profile page, under the API tokens section. Click "View" next to Global API key, verify your Cloudflare password, and it will be revealed to you. It is a 32-character hexadecimal string that you must provide to by setting the environment variable CF_Key to its value. You must also set CF_Email to the email address that is associated with your Cloudflare account; this is the email address you enter when logging in to Cloudflare. For example:

export CF_Key="763eac4f1bcebd8b5c95e9fc50d010b4"
export CF_Email="[email protected]"

Generate certificate. --issue --dns dns_cf -d -d '*'

View certificate files

After the certificate is generated, you can access ~/ to view the certificate files. fullchain.cer is the certificate file and is the private key file. Both of them are text files that can be uploaded to during the site configuration process.

Common issues during the usage of

CA now defaults to ZeroSSL as the CA, but often encounters accessibility issues. You can use the following command to switch the CA to Let's Encrypt. --set-default-ca --server letsencrypt

Generate wildcard domain certificate.

Assuming you want to apply for a certificate that is applicable to and *, you can use the following command to generate a wildcard domain certificate. -d -d *

Certificate renewal

After generates the certificate, it will add a crontab scheduled task to periodically update the certificate. You can use the following command to view the scheduled task, and the updated content is also saved in ~/

crontab -e