Panduan singkat mengenai cara untuk issue certificate dengan mode DNS manual. Cara ini tidak disarankan untuk server produksi karena proses renew tidak bisa otomatis sehingga Anda perlu renew dan update file certificatenya di webserver setiap 90 hari sekali.
Untuk issue dengan mode DNS manual gunakan perintah.
acme.sh --issue -d example.com --dns \
--yes-I-know-dns-manual-mode-enough-go-ahead-please
Setelah perintah tersebut dijalankan maka akan muncul output seperti berikut.
[Wed Aug 9 18:26:30 WIB 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Wed Aug 9 18:26:30 WIB 2023] Single domain='example.com'
[Wed Aug 9 18:26:30 WIB 2023] Getting domain auth token for each domain
[Wed Aug 9 18:26:34 WIB 2023] Getting webroot for domain='example.com'
[Wed Aug 9 18:26:34 WIB 2023] Add the following TXT record:
[Wed Aug 9 18:26:34 WIB 2023] Domain: '_acme-challenge.example.com'
[Wed Aug 9 18:26:34 WIB 2023] TXT value: '7j6txRuet8IQaX4dGhnrE2DalCfeJPvdQ7L4zs8KPPY'
[Wed Aug 9 18:26:34 WIB 2023] Please be aware that you prepend _acme-challenge. before your domain
[Wed Aug 9 18:26:34 WIB 2023] so the resulting subdomain will be: _acme-challenge.example.com
[Wed Aug 9 18:26:34 WIB 2023] Please add the TXT records to the domains, and re-run with --renew.
[Wed Aug 9 18:26:34 WIB 2023] Please check log file for more details: /root/.acme.sh/acme.sh.log
Buat TXT record sesuai Domain dan TXT value tersebut melalui panel DNS yang ada di provider domain Anda.
Tunggu beberapa saat sampai record TXT dapat resolv secara global, lalu jalankan perintah renew.
acme.sh --renew -d example.com \
--yes-I-know-dns-manual-mode-enough-go-ahead-please
[Wed Aug 9 18:29:25 WIB 2023] The domain 'example.com' seems to have a ECC cert already, lets use ecc cert.
[Wed Aug 9 18:29:25 WIB 2023] Renew: 'example.com'
[Wed Aug 9 18:29:25 WIB 2023] Renew to Le_API=https://acme.zerossl.com/v2/DV90
[Wed Aug 9 18:29:26 WIB 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Wed Aug 9 18:29:26 WIB 2023] Single domain='example.com'
[Wed Aug 9 18:29:26 WIB 2023] Getting domain auth token for each domain
[Wed Aug 9 18:29:26 WIB 2023] Verifying: example.com
[Wed Aug 9 18:29:29 WIB 2023] Processing, The CA is processing your order, please just wait. (1/30)
[Wed Aug 9 18:29:33 WIB 2023] Success
[Wed Aug 9 18:29:33 WIB 2023] Verify finished, start to sign.
[Wed Aug 9 18:29:33 WIB 2023] Lets finalize the order.
[Wed Aug 9 18:29:33 WIB 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/3pPVmgDcsjp2lKt0HCng8g/finalize'
[Wed Aug 9 18:29:34 WIB 2023] Order status is processing, lets sleep and retry.
[Wed Aug 9 18:29:34 WIB 2023] Retry after: 15
[Wed Aug 9 18:29:50 WIB 2023] Polling order status: https://acme.zerossl.com/v2/DV90/order/3pPVmgDcsjp2lKt0HCng8g
[Wed Aug 9 18:29:51 WIB 2023] Downloading cert.
[Wed Aug 9 18:29:51 WIB 2023] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/iiyGcuaGNygFIQbetjUodQ'
[Wed Aug 9 18:29:52 WIB 2023] Cert success.
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
[Wed Aug 9 18:29:52 WIB 2023] Your cert is in: /root/.acme.sh/example.com_ecc/example.com.cer
[Wed Aug 9 18:29:52 WIB 2023] Your cert key is in: /root/.acme.sh/example.com_ecc/example.com.key
[Wed Aug 9 18:29:52 WIB 2023] The intermediate CA cert is in: /root/.acme.sh/example.com_ecc/ca.cer
[Wed Aug 9 18:29:52 WIB 2023] And the full chain certs is there: /root/.acme.sh/example.com_ecc/fullchain.cer