How to automaticly renew ZeroSSL certificate?

How can I automaticly renew ZeroSSL certificate for nginx? I tried using the ZeroSSL bot but it uses certificates from Lets encrypt instead of ZeroSSL, but I can't use Lets Encrypt certificate, because I need to make it trusted by older versions of Java 8 (and Lets Encrypt is supported from Java 8u101). I tried using acme.sh as @Daniel B sugested, but it gives me an error.


Solution 1:

It appears the ZeroSSL bot (which is really just a wrapper for Certbot) has a small bug that prevents the required parameters from taking effect.

ZeroSSL uses the ACME protocol, just like Let’s Encrypt.

There is a pending pull request to fix the bug. You can use the fixed version right now by getting the source of the PR.

Alternatively, I suggest taking a look at acme.sh, a much more compact client that does not use Python. You can find the guide on ZeroSSL with acme.sh here. It boils down to (since you already have a ZeroSSL account):

  1. Get acme.sh

  2. Generate your EAB credentials at: https://app.zerossl.com/developer

  3. Log in:

    acme.sh --register-account --server zerossl --eab-kid xxxxxxxxxxxx --eab-hmac-key xxxxxxxxx
    
  4. Get certificates:

    acme.sh --issue -d example.com --nginx /etc/nginx/nginx.conf
    

    or

    acme.sh --issue -d example.com --nginx /etc/nginx/conf.d/example.com.conf
    

acme.sh is already set up to renew your certificates using a cron job.