-
-
Notifications
You must be signed in to change notification settings - Fork 5.1k
DNS manual mode
Warning: DNS manual mode can not renew automatically.
If your domain provider offers an DNS API, it's highly recommended to use DNS API mode instead. With the DNS API mode, you can automate the renewals.
If your domain provider does not offer an API where you can add/edit TXT records of your domain, it is recommended to use DNS alias mode instead. Or change the dns servers of your domain to anyone that support DNS api.
DNS manual mode should be used for testing. If you do use it for your production server, remember to renew your certificate within 90 days. Please, make sure you understand DNS manual mode.
- First step:
acme.sh --issue -d example.com --dns \
--yes-I-know-dns-manual-mode-enough-go-ahead-please
-
Please add the TXT record to your DNS records. This step is required every time you renew your certificate. With DNS api mode, this step can be automated.
-
Now retry with
--renew
command.
acme.sh --renew -d example.com \
--yes-I-know-dns-manual-mode-enough-go-ahead-please
if your DNS _acme challenge fails when using renew, your respective CA will generate new _acme challenge, make sure to wait 1 minute for DNS entries to reflect before using renew.
if you had issued a Staging/Production Certificate with SHA CSR then use the --force
switch to overwrite any entries of old CER and issue fresh CER.
acme.sh --renew -d example.com \
--yes-I-know-dns-manual-mode-enough-go-ahead-please --force
if you had issued a Staging/Production Certificate with ECC CSR then use the --ecc --force
switch to overwrite any entries of old CER and issue fresh CER.
acme.sh --renew -d example.com \
--yes-I-know-dns-manual-mode-enough-go-ahead-please --ecc --force
Buy me a beer, Donate to acme.sh if it saves your time. Your donation makes acme.sh better: https://donate.acme.sh/
如果 acme.sh 帮你节省了时间,请考虑赏我一杯啤酒🍺, 捐助: https://donate.acme.sh/ 你的支持将会使得 acme.sh 越来越好. 感谢