Set Up a TLS Certificate using acme.sh and IONOS Cloud DNS

This tutorial will guide you through the process of setting up a TLS certificate using acme.sh and IONOS Cloud DNS. By following these steps, you will be able to secure your web server with a valid TLS certificate issued by ZeroSSL.

Steps

1. Install acme.sh

   If you have not installed acme.sh, you can do so using the following command:

   Copy

   curl https://get.acme.sh | sh

2. Add acme.sh to your PATH

   If acme.sh is not found, add it to your PATH. Add the following line to your shell configuration file. Example: .zshrc for Zsh or .bashrc for Bash.

   Copy

   export PATH="$HOME/.acme.sh:$PATH"

   After executing this command, reload your shell configuration.

   For Bash:

   Copy

   source ~/.bashrc

   For Zsh:

   Copy

   source ~/.zshrc

3. Set Up IONOS Cloud DNS API Credentials

   You need to set up your IONOS Cloud DNS API credentials. Export the IONOS_TOKEN as an enviornment variable:

   Copy

   export IONOS_TOKEN="<IONOS Cloud Token>"

   Replace IONOS Cloud Token with your actual IONOS Cloud token. For more information on managing authentication tokens, see Token Management Guide.

4. Configure the DNS API in acme.sh

   Configure acme.sh to use the IONOS Cloud DNS API:

   Copy

   acme.sh --set-default-ca --server zerossl
   acme.sh --register-account --accountemail "your_email@example.com"

   Replace your_email@example.com with your IONOS Cloud registered email address.

   While this tutorial uses ZeroSSL as the default CA, acme.sh supports other CAs, such as Let's Encrypt. You can change the CA by using the --server option with the appropriate CA URL. For example, to use Let's Encrypt, you can set the server option as follows:

   Copy

   acme.sh --set-default-ca --server letsencrypt

5. Issue a Certificate Using acme.sh

   Use acme.sh to issue a certificate for your domain:

   Copy

   acme.sh --issue --dns dns_ionos_cloud -d yourdomain.com

   Replace yourdomain.com with your actual domain name.

6. Install the Certificate

   Once the certificate is issued, you can install it using the following command:

   Copy

   acme.sh --install-cert -d yourdomain.com \
   --key-file /path/to/your/private.key \
   --fullchain-file /path/to/your/fullchain.pem

   Replace /path/to/your/private.key and /path/to/your/fullchain.pem with the actual paths where you want to store the certificate and key files.

7. Configure Your Web Server

   Update your web server configuration to use the new certificate. For example, if you are using Nginx, update your configuration file as follows:

   Copy

   server {
       listen 443 ssl;
       server_name yourdomain.com;
   
       ssl_certificate /path/to/your/fullchain.pem;
       ssl_certificate_key /path/to/your/private.key;
   
   ...
   
   }

   Replace /path/to/your/private.key and /path/to/your/fullchain.pem with the actual paths where you want to store the certificate and key files.

8. Restart Your Web Server

   Restart your web server to apply the changes. For Nginx, use:

   Copy

   sudo systemctl restart nginx

9. Verify the Certificate

   Open a web browser and navigate to https://yourdomain.com to verify that the certificate is correctly installed and the connection is secure.

10. Automatic Renewal

    The certificate will be automatically renewed by acme.sh every 60 days. However, you can also force to renew a cert:

    Copy

    acme.sh --renew -d yourdomain.com --force

    or, for ECC cert:

    Copy

    acme.sh --renew -d yourdomain.com --force --ecc

Conclusion

You have successfully set up a TLS certificate using acme.sh and IONOS Cloud DNS. This ensures that your web server is secure and your data is protected.

For more information, refer to the acme.sh documentation and the IONOS Cloud DNS API.