whatisgithub

What is acme.sh?

acmesh-official/acme.sh — explained in plain English

Analysis updated 2026-06-20

46,476ShellAudience · ops devopsComplexity · 2/5Setup · easy

In one sentence

acme.sh is a single shell script that automatically gets free SSL certificates for your website from Let's Encrypt and renews them before they expire, no Python or special software required, works on any Unix system.

Mindmap

mindmap
  root((acme.sh))
    What it does
      Free SSL certificates
      Auto renewal
      No dependencies
    Certificate types
      Single domain
      Wildcard
      Multi-domain SAN
    Supported CAs
      Lets Encrypt
      ZeroSSL
      BuyPass
    Platforms
      Linux
      macOS
      FreeBSD
      Shared hosting
    Web servers
      Nginx
      Apache
      Manual install
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Automatically issue and renew a free SSL certificate for your domain with zero manual steps

USE CASE 2

Get a wildcard certificate that covers all subdomains of your site in one certificate

USE CASE 3

Set up HTTPS on shared hosting without root or sudo access

USE CASE 4

Install renewed certificates directly into Nginx or Apache so your web server is always up to date

What is it built with?

ShellPOSIX shell

How does it compare?

acmesh-official/acme.shpyenv/pyenvtw93/mole
Stars46,47644,71550,268
LanguageShellShellShell
Setup difficultyeasyeasyeasy
Complexity2/52/52/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 30min

No dependencies beyond a POSIX shell, does not require root access.

So what is it?

acme.sh is a shell script that automates the process of obtaining and renewing free SSL/TLS certificates for websites. SSL/TLS certificates are the technology behind the padlock icon in browsers, they encrypt traffic between a website and its visitors and prove the website's identity. Services like Let's Encrypt provide these certificates for free, but the process of obtaining and renewing them involves a standardized protocol called ACME (Automatic Certificate Management Environment) that requires answering domain ownership challenges, handling cryptographic operations, and scheduling renewals before certificates expire. Doing all of this manually every 60-90 days is tedious and error-prone. acme.sh automates the entire lifecycle. The key characteristic that distinguishes this tool from similar ones like Certbot is that it is written entirely in POSIX shell script with no dependencies on Python, Ruby, or any other runtime environment. This makes it extremely portable: it runs on Linux, macOS, FreeBSD, OpenBSD, and many other Unix variants using whatever shell is already present. You do not need root or sudo access to run it, which makes it suitable for shared hosting and constrained environments. It supports all ACME certificate authorities including Let's Encrypt, ZeroSSL, and BuyPass. It handles multiple certificate types including wildcard certificates (which cover all subdomains) and SAN certificates (which cover multiple domain names in one certificate). Once installed, it sets up a cron job that automatically renews certificates before they expire and can install them directly into web servers like Nginx and Apache. You would use acme.sh when running any web server that needs HTTPS and you want certificate issuance and renewal to be fully automated with minimal dependencies and no ongoing manual intervention.

Copy-paste prompts

Prompt 1
Using acme.sh, show me the exact commands to issue a Let's Encrypt SSL certificate for example.com and www.example.com using the webroot verification method, then install it into Nginx.
Prompt 2
I want to get a wildcard certificate for *.example.com using acme.sh with DNS-01 verification via Cloudflare. Give me the environment variable setup and the issuance command.
Prompt 3
Set up acme.sh on a shared hosting account where I only have SSH access and no root permissions. Walk me through installation and issuing a certificate for my domain.
Prompt 4
Configure acme.sh to use ZeroSSL instead of Let's Encrypt as the certificate authority and issue a certificate for my domain. Show me the account registration and issue commands.
Prompt 5
How do I set up acme.sh to automatically reload Nginx after each certificate renewal? Show me the --reloadcmd option and a cron job verification approach.

Frequently asked questions

What is acme.sh?

acme.sh is a single shell script that automatically gets free SSL certificates for your website from Let's Encrypt and renews them before they expire, no Python or special software required, works on any Unix system.

What language is acme.sh written in?

Mainly Shell. The stack also includes Shell, POSIX shell.

How hard is acme.sh to set up?

Setup difficulty is rated easy, with roughly 30min to a first successful run.

Who is acme.sh for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.