Generate Let's Encrypt SSL Certificate without Webserver

Abdul Aziz
Cat Administrator

We will use acme.sh with Cloudflare DNS API to generate a wildcard SSL Certificate from Let’s Encrypt for our domain. We also will use Cloud Shell free Linux shell virtual machine instance provided by Google Cloud.
Note: Make sure that you have already added your domain to Cloudflare.
-
Log in to Google Cloud Console and activate Cloud Shell
-
Install acme.sh
1curl https://get.acme.sh | sh -s email=myemail@example.com
- Setup Cloudflare global API key, but first you need to log in to your Cloudflare account to get your API key.
1export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"2export CF_Email="myemail@example.com"
If you want to use another DNS API, you can check for the details in acme.sh documentation
- Issue a wildcard SSL certificate using Let’s Encrypt provider
1acme.sh --issue -d '*.example.com' --dns dns_cf --server letsencrypt
- The example output for generating a wildcard SSL certificate
1aziz@cloudshell:~ (my-project-id-xxx)$ acme.sh --issue -d '*.blogdoang.com' --dns dns_cf --server letsencrypt2[Fri 19 Aug 2022 02:45:15 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory3[Fri 19 Aug 2022 02:45:15 AM UTC] Single domain='*.blogdoang.com'4[Fri 19 Aug 2022 02:45:15 AM UTC] Getting domain auth token for each domain5[Fri 19 Aug 2022 02:45:18 AM UTC] Getting webroot for domain='*.blogdoang.com'6[Fri 19 Aug 2022 02:45:18 AM UTC] Adding txt value: xxxxxxxxxxxxxxxxxxxxxxxxxx for domain: _acme-challenge.blogdoang.com7[Fri 19 Aug 2022 02:45:22 AM UTC] Adding record8[Fri 19 Aug 2022 02:45:23 AM UTC] Added, OK9[Fri 19 Aug 2022 02:45:23 AM UTC] The txt record is added: Success.10[Fri 19 Aug 2022 02:45:23 AM UTC] Let's check each DNS record now. Sleep 20 seconds first.11[Fri 19 Aug 2022 02:45:44 AM UTC] You can use '--dnssleep' to disable public dns checks.12[Fri 19 Aug 2022 02:45:44 AM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck13[Fri 19 Aug 2022 02:45:44 AM UTC] Checking blogdoang.com for _acme-challenge.blogdoang.com14[Fri 19 Aug 2022 02:45:44 AM UTC] Domain blogdoang.com '_acme-challenge.blogdoang.com' success.15[Fri 19 Aug 2022 02:45:44 AM UTC] All success, let's return16[Fri 19 Aug 2022 02:45:44 AM UTC] Verifying: *.blogdoang.com17[Fri 19 Aug 2022 02:45:45 AM UTC] Pending, The CA is processing your order, please just wait. (1/30)18[Fri 19 Aug 2022 02:45:49 AM UTC] Success19[Fri 19 Aug 2022 02:45:49 AM UTC] Removing DNS records.20[Fri 19 Aug 2022 02:45:49 AM UTC] Removing txt: xxxxxxxxxxxxxxxxxxxxxxxxxx for domain: _acme-challenge.blogdoang.com21[Fri 19 Aug 2022 02:45:53 AM UTC] Removed: Success22[Fri 19 Aug 2022 02:45:53 AM UTC] Verify finished, start to sign.23[Fri 19 Aug 2022 02:45:53 AM UTC] Lets finalize the order.24[Fri 19 Aug 2022 02:45:53 AM UTC] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/xxxxxxxxxxxxx'25[Fri 19 Aug 2022 02:45:54 AM UTC] Downloading cert.26[Fri 19 Aug 2022 02:45:54 AM UTC] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/xxxxxxxxxxxxx'27[Fri 19 Aug 2022 02:45:56 AM UTC] Cert success.28-----BEGIN CERTIFICATE-----29
30-----END CERTIFICATE-----31[Fri 19 Aug 2022 02:45:56 AM UTC] Your cert is in: /home/aziz/.acme.sh/*.blogdoang.com/*.blogdoang.com.cer32[Fri 19 Aug 2022 02:45:56 AM UTC] Your cert key is in: /home/aziz/.acme.sh/*.blogdoang.com/*.blogdoang.com.key33[Fri 19 Aug 2022 02:45:56 AM UTC] The intermediate CA cert is in: /home/aziz/.acme.sh/*.blogdoang.com/ca.cer34[Fri 19 Aug 2022 02:45:56 AM UTC] And the full chain certs is there: /home/aziz/.acme.sh/*.blogdoang.com/fullchain.cer