# Install Acme.sh for nginx

```
apt install socat curl

mkdir /etc/nginx/acme

chmod 740 /etc/nginx/acme

chown nginx:nginx /etc/nginx/acme

chmod g+s,o+s,u+s /etc/nginx/acme

sudo -s -u nginx

curl -o /tmp/acme.sh "https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh"

cd /tmp

bash ./acme.sh --home /etc/nginx/acme --install

```

# Issue cert
```
sudo -s -u nginx

cd /etc/nginx/acme

./acme.sh --home /etc/nginx/acme --issue --server letsencrypt --standalone --httpport 18080 -d domain.com -d domain.com --test

./acme.sh --home /etc/nginx/acme --issue --server letsencrypt --standalone --httpport 18080 -d domain.com -d domain.com --force
```

# Allow acme.sh under nginx to reload itself

```
echo "# Allow reloading of nginx
nginx ALL=(ALL) NOPASSWD: /bin/systemctl force-reload nginx.service
" | tee /etc/sudoers.d/allow-user-nginx-to-force-reload-nginx
```

# Install cert

```
sudo -s -u nginx

cd /etc/nginx/acme

./acme.sh --home /etc/nginx/acme --install-cert -d domain.com \
--key-file       /etc/nginx/pem/domain.com-key.pem \
--fullchain-file /etc/nginx/pem/domain.com-cert.pem \
--reloadcmd     "sudo /bin/systemctl force-reload nginx.service"
```