acme.sh is a shell-based certificate manager and ACME SSL certificate client. It automates the issuance, renewal, and installation of digital security certificates using a portable Unix shell script to remove dependencies on heavy runtime environments.
The project specializes in automated domain ownership verification through a DNS challenge automator that integrates with provider APIs. It supports the generation of diverse certificate types, including wildcard certificates and issuance based on pre-existing certificate signing requests.
The tool covers the full certificate lifecycle, including cron-based renewal scheduling for zero-touch security updates and the deployment of certificates to production paths. It provides domain validation via webroot and DNS modes, uses post-renewal hooks for service reloads, and sends status notifications regarding the renewal process.
