Issuing the first certificate

When you are satisfied that your BIND server, and the Google Domain servers are all working properly, you are ready to request your first certificate. You will need your external IP address XXX.XXX.XXX.XXX, and the file “keyfile.key” which you created above.

Install acme.sh by downloading it first from the website, and then issuing “acme.sh -install”

You can attempt to issue a certificate by using the command in Listing 6..

=-10pt
$\begin{lstlisting}[label=FIRST,caption=Issuing the First Certificate ] \par NSUP... ...om' -challenge-alias acmesh.example.com \ -dns dns_nsupdate \end{lstlisting}$

This will create a few directories, and if all goes well place certificates in them. It will also create a log file named “x” that you can examine to see if anything went wrong.

Perhaps everything went well. If so, be aware that these certificates are not valid (they are “testing” certificates). If everything is OK, then we need to remove the “testing” status. It may be simpler just to uninstall the acme.sh script and its associated directories and then reinstall it. Then reissue the last command without the “-test” argument. You should get valid certificates, which you can place whereever your web server requires them to be.