How to Upgrade an HTTP Site to HTTPS Using acme.sh

Many site owners want to migrate from HTTP to HTTPS for security and platform requirements.

HTTPS adds SSL/TLS encryption and requires a CA certificate. You can obtain a certificate either by purchasing one or using a free provider such as Let’s Encrypt.

acme.sh is a lightweight shell script that automates certificate issuance and renewal from Let’s Encrypt. It can be installed with a single curl command.

curl get.acme.sh | sh

After installation the script creates a directory ~/.acme.sh/ and an alias alias acme.sh=~/.acme.sh/acme.sh . It also sets up a daily cron job to check and renew certificates.

Certificates can be issued via two main validation methods:

HTTP validation : place a verification file in the web root, e.g. acme.sh --issue -d mydomain.com -d www.mydomain.com --webroot /home/wwwroot/mydomain.com/

DNS validation : add a TXT record, e.g. acme.sh --issue --dns -d mydomain.com

The script also supports automatic integration with popular DNS providers (Cloudflare, DNSPod, etc.) for fully automated renewals.

Once a certificate is generated, copy it to the location used by your web server with the --installcert command, for example:

acme.sh --installcert -d
.com \
  --key-file /etc/nginx/ssl/
.key \
  --fullchain-file /etc/nginx/ssl/fullchain.cer \
  --reloadcmd "service nginx force-reload"

Remember to use force-reload instead of a simple reload so the new certificate is actually applied.

Certificates are automatically renewed about 60 days after issuance. You can upgrade acme.sh itself with acme.sh --upgrade or enable auto‑upgrade with acme.sh --upgrade --auto-upgrade . Debug logs can be obtained with the --debug flag if errors occur.