acme.sh Verified current stable Not installed? Networking

Acme.sh / Issue Wildcard Certificate Automatic Dns

Issue Wildcard Certificate Automatic Dns

Automate issuance of wildcard SSL certificates using Acme.sh with DNS challenge via NameSilo.

Terminal

acme.sh --issue --dns <dns_namesilo> --domain <example.com> --domain <*.example.com>

acme.sh --issue --dns <dns_namesilo> --domain <example.com> --domain <*.example.com>

#!/bin/bash

# Issue Wildcard Certificate Automatic Dns
acme.sh --issue --dns {{dns_namesilo}} --domain {{example.com}} --domain {{*.example.com}}

import subprocess

# Issue Wildcard Certificate Automatic Dns
# Make sure to replace <placeholders> with actual values
def run_command():
    cmd = [
        "acme.sh",
        "--issue",
        "--dns",
        "<dns_namesilo>",
        "--domain",
        "<example.com>",
        "--domain",
        "<*.example.com>"
    ]
    
    try:
        print(f"Executing: {' '.join(cmd)}")
        subprocess.run(cmd, check=True)
    except subprocess.CalledProcessError as e:
        print(f"Error: {e}")
    except FileNotFoundError:
        print("Error: acme.sh not found. Please install it first.")

if __name__ == "__main__":
    run_command()

When To Use

Use when automating wildcard SSL certificate issuance for a domain's subdomains via the DNS-01 challenge. This is critical for operations requiring secure communications with multiple subdomains, ensuring efficient certificate management with NameSilo's DNS service.

Pro Tip

Ensure API keys for NameSilo are correctly set in your environment; improper permissions can cause silent failures with no logs.

Command Builder

Tune the command before you copy it

Back to syntax

Generated Command

acme.sh --issue --dns <dns_namesilo> --domain <example.com> --domain <*.example.com>

Terminal Output

Expected runtime feedback

Simulated preview

Output

# Issuing wildcard certificate for example.com...
Processing example.com...
Processing *.example.com...

Successfully issued:
- example.com
- *.example.com

Certificate details:
- Validity: 90 days
- DNS Provider: NameSilo

Certificate path: /etc/acme.sh/example.com/fullchain.cer

Done.

Anatomy of Output

Understanding the result

Registered zone: example.com Domain registered

Confirms the root domain recognized by Acme.sh.

Using DNS-01 challenge for example.com Challenge type

Specifies DNS-01 challenge which updates DNS TXT records.

Requesting wildcard certificate for *.example.com Request specific

Wildcard request recognized.

Fetching API keys for NameSilo DNS provider setup

Ensures API keys are set correctly for DNS automation.

Updating TXT record for domain verification TXT update

Critical step for challenge validation.

Propagating DNS changes Propagation phase

May take time depending on DNS TTL settings. Not explicitly shown in logs.

Certificate received successfully Completion

Indicates the success of certificate issuance.

Power User Variants

Optimized versions

acme.sh --issue --dns dns_gd --domain example.com --domain *.example.com

Use GoDaddy API instead of NameSilo for DNS validation.

acme.sh --issue --dns dns_aws --domain example.com --domain *.example.com

Employ AWS Route53 for DNS challenges, adhering to IAM permissions.

Unix Pipeline

Shell combinations

acme.sh --list --filter example.com | grep 'Expiration'

List certificates for example.com and filter expiration details using 'grep'.

acme.sh --renew-all | xargs -n1 notify-send

Renew all certificates and send desktop notifications for each using 'xargs'.

Troubleshooting

Common pitfalls

acme.sh: ERROR Invalid response from DNS API

Solution: Check API key validity and DNS permissions.

acme.sh: ERROR Challenge failed

Solution: Ensure DNS records are publicly visible. Check TTL settings.

acme.sh: WARNING: DNS changes not propagated

Solution: Wait and verify TXT record updates manually.

Command Breakdown

What each part is doing

acme.sh: Base Command; The executable that performs this operation. Here it runs Acme.sh before the shell applies any redirect operators.
<dns_namesilo>: dns namesilo; The value supplied for dns namesilo.
<example.com>: example.com; The value supplied for example.com.
<*.example.com>: *.example.com; The value supplied for *.example.com.
--issue: Command Option; Tool-specific option used by this command invocation.
--dns: Command Option; Tool-specific option used by this command invocation.
--domain: Command Option; Tool-specific option used by this command invocation.

How To Run

Execution path

Step 1
Run the command to issue a wildcard certificate: `acme.sh --issue --dns {{dns_namesilo}} --domain {{example.com}} --domain {{*.example.com}}`.
Step 2
Check the output for confirmation of successful certificate issuance.

Alternative Approaches

Comparable commands in other tools

Alternative networking tools for the same job.

Gron / Disable Certificate Validation gron -k <url> Airdecap Ng / Decrypt Wep Capture With Hex Key airdecap-ng -w <hex_key> <path/to/capture.cap> Airdecap Ng / Decrypt Wpa Wpa2 Capture With Ssid Password airdecap-ng -e <essid> -p <password> <path/to/capture.cap> Tomb / Create Tomb With Initial Size tomb dig -s <100> <encrypted_directory.tomb> Httping / Ping Host Tls Httping httping -l -g https://<host>