BestHub
Sign in
Operations 6 min read

Step-by-Step Guide to Installing and Using acme.sh for Automatic SSL Certificate Renewal on JD Cloud

This tutorial walks through installing acme.sh, configuring JD Cloud DNS API credentials, issuing and installing SSL certificates for Nginx (or Docker‑based Nginx), and setting up automatic 60‑day renewal, providing all necessary commands and configuration examples.

Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Step-by-Step Guide to Installing and Using acme.sh for Automatic SSL Certificate Renewal on JD Cloud

Hello, I'm "Cong". My SSL certificates keep expiring every 90 days, so I needed an automated solution. I discovered the open‑source tool acme.sh on GitHub and decided to share a complete walkthrough.

Installation : Clone the repository from the Chinese mirror and run the installer:

git clone https://gitee.com/neilpang/acme.sh.git
cd acme.sh
./acme.sh --install -m [email protected]

Generating a certificate : I chose DNS validation because it works well with JD Cloud. First, obtain an API key/secret from the JD Cloud console, then export them as environment variables:

export JD_ACCESS_KEY_ID="
"
export JD_ACCESS_KEY_SECRET="
"

Issue the certificate for your domain (replace example.com with your own):

./acme.sh --issue --dns dns_jd -d example.com -d *.example.com

The command will contact JD Cloud’s DNS API, create the necessary TXT records, and obtain the certificate.

Installing the certificate : Use the --install-cert option to copy the key and full‑chain files to the locations used by Nginx (or Docker‑based Nginx) and specify a reload command:

acme.sh --install-cert -d example.com \
  --key-file /path/to/keyfile/in/nginx/key.pem \
  --fullchain-file /path/to/fullchain/nginx/cert.pem \
  --reloadcmd "docker restart nginx"

The reloadcmd is crucial; without it the renewed certificate will not be applied.

Updating Nginx configuration : Adjust ssl_certificate and ssl_certificate_key directives in your nginx.conf (or site config) to point to the files you just installed, then restart Nginx:

server {
    listen 80;
    listen [::]:80;
    server_name codebug.icu;
    rewrite ^(.*) https://$server_name$1 permanent;
}

server {
    listen 443 ssl;
    server_name codebug.icu;
    ssl_certificate     /path/to/keyfile/in/nginx/cert.pem;
    ssl_certificate_key /path/to/keyfile/in/nginx/key.pem;
    ssl_session_cache   shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / {
        root /usr/share/nginx/html;
        index index.html;
    }
    error_page 500 502 503 504 /50x.html;
    location = /50x.html { root /usr/share/nginx/html; }
}

After editing, run docker restart nginx (or systemctl restart nginx ) to apply the changes.

Automatic renewal : By default, acme.sh renews certificates every 60 days without manual intervention. If you need to force a renewal, run:

acme.sh --renew -d example.com --force

Following these steps, the certificate will be kept up‑to‑date automatically, eliminating the hassle of manual renewals.

AutomationLinuxNginxcertificateSSLJD Cloudacme.sh
Rare Earth Juejin Tech Community
Written by

Rare Earth Juejin Tech Community

Juejin, a tech community that helps developers grow.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment