How to automaticly renew ZeroSSL certificate?
How can I automaticly renew ZeroSSL certificate for nginx? I tried using the ZeroSSL bot but it uses certificates from Lets encrypt instead of ZeroSSL, but I can't use Lets Encrypt certificate, because I need to make it trusted by older versions of Java 8 (and Lets Encrypt is supported from Java 8u101). I tried using acme.sh as @Daniel B sugested, but it gives me an error.
Solution 1:
It appears the ZeroSSL bot (which is really just a wrapper for Certbot) has a small bug that prevents the required parameters from taking effect.
ZeroSSL uses the ACME protocol, just like Let’s Encrypt.
There is a pending pull request to fix the bug. You can use the fixed version right now by getting the source of the PR.
Alternatively, I suggest taking a look at acme.sh, a much more compact client that does not use Python. You can find the guide on ZeroSSL with acme.sh here. It boils down to (since you already have a ZeroSSL account):
-
Get acme.sh
-
Generate your EAB credentials at: https://app.zerossl.com/developer
-
Log in:
acme.sh --register-account --server zerossl --eab-kid xxxxxxxxxxxx --eab-hmac-key xxxxxxxxx
-
Get certificates:
acme.sh --issue -d example.com --nginx /etc/nginx/nginx.conf
or
acme.sh --issue -d example.com --nginx /etc/nginx/conf.d/example.com.conf
acme.sh is already set up to renew your certificates using a cron job.