2016-11-09 16:44:24 +01:00
# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)
2016-04-16 17:10:46 +02:00
- An ACME protocol client written purely in Shell (Unix shell) language.
2016-11-15 14:13:58 +01:00
- Full ACME protocol implementation.
- Simple, powerful and very easy to use. You only need 3 minutes to learn it.
- Bash, dash and sh compatible.
2016-04-15 12:50:40 +02:00
- Simplest shell script for Let's Encrypt free certificate client.
2016-11-15 14:13:58 +01:00
- Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
- Just one script to issue, renew and install your certificates automatically.
2016-04-21 15:12:48 +02:00
- DOES NOT require `root/sudoer` access.
2015-12-26 14:44:39 +01:00
2016-04-15 12:50:40 +02:00
It's probably the `easiest&smallest&smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt.
2015-12-26 14:44:39 +01:00
2016-04-14 15:44:26 +02:00
Wiki: https://github.com/Neilpang/acme.sh/wiki
2016-04-05 16:48:33 +02:00
2016-11-15 14:13:58 +01:00
2016-09-30 15:27:23 +02:00
# [中文说明](https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E)
2016-11-15 14:13:58 +01:00
# Tested OS
2016-04-21 15:09:08 +02:00
| NO | Status| Platform|
|----|-------|---------|
2016-04-25 07:48:03 +02:00
|1|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/ubuntu-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Ubuntu
|2|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/debian-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Debian
|3|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/centos-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|CentOS
2016-04-25 07:49:02 +02:00
|4|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/windows-cygwin.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Windows (cygwin with curl, openssl and crontab included)
2016-04-25 07:48:03 +02:00
|5|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/freebsd.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|FreeBSD
|6|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/pfsense.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|pfsense
|7|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/opensuse-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|openSUSE
|8|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/alpine-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Alpine Linux (with curl)
|9|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/base-archlinux.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Archlinux
|10|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/fedora-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|fedora
|11|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/kalilinux-kali-linux-docker.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Kali Linux
|12|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/oraclelinux-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Oracle Linux
|13|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/proxmox.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Proxmox https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration#Let.27s_Encrypt_using_acme.sh
2016-04-24 07:57:50 +02:00
|14|-----| Cloud Linux https://github.com/Neilpang/le/issues/111
2016-04-25 07:48:03 +02:00
|15|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/openbsd.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|OpenBSD
2016-06-05 13:53:22 +02:00
|16|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/mageia.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Mageia
2016-07-25 20:07:34 +02:00
|17|-----| OpenWRT: Tested and working. See [wiki page ](https://github.com/Neilpang/acme.sh/wiki/How-to-run-on-OpenWRT )
2016-08-11 07:47:38 +02:00
|18|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/solaris.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|SunOS/Solaris
2016-10-30 10:26:00 +01:00
|19|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/gentoo-stage3-amd64.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Gentoo Linux
2016-12-06 12:03:59 +01:00
|20|[![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)|Mac OSX
2015-12-26 14:44:39 +01:00
2016-11-15 14:13:58 +01:00
For all build statuses, check our [daily build project ](https://github.com/Neilpang/acmetest ):
2015-12-26 14:44:39 +01:00
2016-04-14 15:44:26 +02:00
https://github.com/Neilpang/acmetest
2016-03-11 14:57:05 +01:00
2016-04-15 12:50:40 +02:00
2016-11-15 14:13:58 +01:00
# Supported modes
2016-01-10 03:59:51 +01:00
2016-11-15 14:13:58 +01:00
- Webroot mode
- Standalone mode
- Apache mode
- DNS mode
2016-04-15 12:50:40 +02:00
2016-04-10 06:54:01 +02:00
2016-08-25 16:13:34 +02:00
# 1. How to install
2015-12-26 14:44:39 +01:00
2016-11-15 14:13:58 +01:00
### 1. Install online
2015-12-26 14:44:39 +01:00
2016-04-24 12:50:09 +02:00
Check this project: https://github.com/Neilpang/get.acme.sh
2016-04-14 16:27:51 +02:00
2016-04-15 12:50:40 +02:00
```bash
2016-04-16 17:10:46 +02:00
curl https://get.acme.sh | sh
2016-03-27 14:43:32 +02:00
```
Or:
2016-04-15 12:50:40 +02:00
```bash
2016-04-16 17:10:46 +02:00
wget -O - https://get.acme.sh | sh
2016-03-27 14:43:32 +02:00
```
2016-11-15 14:13:58 +01:00
### 2. Or, Install from git
2016-04-15 12:50:40 +02:00
2016-11-15 14:13:58 +01:00
Clone this project and launch installation:
2016-04-15 12:50:40 +02:00
```bash
2016-04-14 15:44:26 +02:00
git clone https://github.com/Neilpang/acme.sh.git
2016-04-15 12:50:40 +02:00
cd ./acme.sh
2016-04-14 15:44:26 +02:00
./acme.sh --install
2015-12-26 14:44:39 +01:00
```
2016-03-27 14:43:32 +02:00
2016-04-15 12:50:40 +02:00
You `don't have to be root` then, although `it is recommended` .
2016-11-15 14:13:58 +01:00
Advanced Installation: https://github.com/Neilpang/acme.sh/wiki/How-to-install
2016-04-21 15:43:28 +02:00
2016-04-15 12:50:40 +02:00
The installer will perform 3 actions:
2016-01-23 16:04:42 +01:00
2016-11-15 14:13:58 +01:00
1. Create and copy `acme.sh` to your home dir (`$HOME`): `~/.acme.sh/` .
All certs will be placed in this folder too.
2. Create alias for: `acme.sh=~/.acme.sh/acme.sh` .
3. Create daily cron job to check and renew the certs if needed.
2016-04-15 12:50:40 +02:00
Cron entry example:
```bash
0 0 * * * "/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null
```
2015-12-27 06:52:46 +01:00
2016-11-15 14:13:58 +01:00
After the installation, you must close the current terminal and reopen it to make the alias take effect.
Ok, you are ready to issue certs now.
2015-12-27 06:52:46 +01:00
2015-12-26 14:44:39 +01:00
Show help message:
2016-04-15 12:50:40 +02:00
2015-12-26 14:44:39 +01:00
```
2016-05-29 08:08:39 +02:00
root@v1:~# acme.sh -h
2015-12-26 14:44:39 +01:00
```
2016-11-15 14:13:58 +01:00
# 2. Just issue a cert
2016-03-07 02:52:54 +01:00
2016-04-15 12:50:40 +02:00
**Example 1:** Single domain.
2016-03-07 02:52:54 +01:00
2016-04-15 12:50:40 +02:00
```bash
2016-10-13 04:14:36 +02:00
acme.sh --issue -d example.com -w /home/wwwroot/example.com
2015-12-26 14:44:39 +01:00
```
2016-04-15 12:50:40 +02:00
**Example 2:** Multiple domains in the same cert.
```bash
2016-11-15 14:13:58 +01:00
acme.sh --issue -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com
2015-12-26 14:44:39 +01:00
```
2016-03-07 02:52:54 +01:00
2016-10-13 04:14:36 +02:00
The parameter `/home/wwwroot/example.com` is the web root folder. You **MUST** have `write access` to this folder.
2015-12-26 14:44:39 +01:00
2016-11-15 14:13:58 +01:00
Second argument ** "example.com"** is the main domain you want to issue the cert for.
You must have at least one domain there.
2015-12-26 14:44:39 +01:00
2016-10-13 04:14:36 +02:00
You must point and bind all the domains to the same webroot dir: `/home/wwwroot/example.com` .
2015-12-26 14:44:39 +01:00
2016-11-15 14:13:58 +01:00
Generated/issued certs will be placed in `~/.acme.sh/example.com/`
2015-12-26 14:44:39 +01:00
2016-11-15 14:13:58 +01:00
The issued cert will be renewed automatically every **60** days.
2015-12-26 14:44:39 +01:00
2016-04-14 15:44:26 +02:00
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
2016-04-09 17:40:59 +02:00
2016-11-15 14:13:58 +01:00
# 3. Install the issued cert to Apache/Nginx etc.
2016-04-09 17:40:59 +02:00
2016-11-15 14:13:58 +01:00
After you issue a cert, you probably want to install/copy the cert to your Apache/Nginx or other servers.
You **MUST** use this command to copy the certs to the target files, **DO NOT** use the certs files in ** ~/.acme.sh/** folder, they are for internal use only, the folder structure may change in the future.
2016-04-15 12:50:40 +02:00
2016-11-15 14:13:58 +01:00
**Apache** example:
2016-04-15 12:50:40 +02:00
```bash
2016-10-13 04:14:36 +02:00
acme.sh --installcert -d example.com \
2016-11-15 14:13:58 +01:00
--certpath /path/to/certfile/in/apache/cert.pem \
--keypath /path/to/keyfile/in/apache/key.pem \
--fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \
--reloadcmd "service apache2 restart"
2016-11-03 12:19:51 +01:00
```
2016-11-15 14:13:58 +01:00
**Nginx** example:
2016-11-03 12:19:51 +01:00
```bash
acme.sh --installcert -d example.com \
2016-11-15 14:13:58 +01:00
--keypath /path/to/keyfile/in/nginx/key.pem \
--fullchainpath /path/to/fullchain/nginx/cert.pem \
--reloadcmd "service nginx restart"
2015-12-26 14:44:39 +01:00
```
2016-01-23 16:04:42 +01:00
2016-04-09 17:40:59 +02:00
Only the domain is required, all the other parameters are optional.
2016-11-15 14:13:58 +01:00
Install/copy the issued cert/key to the production Apache or Nginx path.
The cert will be `renewed every **60** days by default` (which is configurable). Once the cert is renewed, the Apache/Nginx service will be restarted automatically by the command: `service apache2 restart` or `service nginx restart` .
2016-01-23 16:04:42 +01:00
2015-12-26 14:44:39 +01:00
2016-08-25 16:13:34 +02:00
# 4. Use Standalone server to issue cert
2015-12-26 14:44:39 +01:00
2016-11-15 14:13:58 +01:00
**(requires you to be root/sudoer or have permission to listen on port 80 (TCP))**
2016-01-05 14:59:27 +01:00
2016-11-15 14:13:58 +01:00
Port `80` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again.
2016-04-15 12:50:40 +02:00
```bash
2016-10-13 04:14:36 +02:00
acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
2016-01-05 14:59:27 +01:00
```
2016-04-14 15:44:26 +02:00
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
2016-04-09 17:40:59 +02:00
2016-06-17 07:23:44 +02:00
2016-11-15 14:13:58 +01:00
# 5. Use Standalone TLS server to issue cert
**(requires you to be root/sudoer or have permission to listen on port 443 (TCP))**
2016-06-17 07:23:44 +02:00
acme.sh supports `tls-sni-01` validation.
2016-11-15 14:13:58 +01:00
Port `443` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again.
2016-06-17 07:23:44 +02:00
```bash
2016-10-13 04:14:36 +02:00
acme.sh --issue --tls -d example.com -d www.example.com -d cp.example.com
2016-06-17 07:23:44 +02:00
```
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
2016-11-15 14:13:58 +01:00
2016-08-25 16:13:34 +02:00
# 6. Use Apache mode
2016-04-15 12:50:40 +02:00
2016-11-15 14:13:58 +01:00
**(requires you to be root/sudoer, since it is required to interact with Apache server)**
2016-04-15 12:50:40 +02:00
2016-11-15 14:13:58 +01:00
If you are running a web server, Apache or Nginx, it is recommended to use the `Webroot mode` .
2016-04-09 17:40:59 +02:00
2016-11-15 14:13:58 +01:00
Particularly, if you are running an Apache server, you should use Apache mode instead. This mode doesn't write any files to your web root folder.
2016-01-10 03:59:51 +01:00
2016-11-15 14:13:58 +01:00
Just set string "apache" as the second argument and it will force use of apache plugin automatically.
2016-01-10 03:59:51 +01:00
```
2016-11-15 14:13:58 +01:00
acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com
2016-01-10 03:59:51 +01:00
```
2016-04-09 17:40:59 +02:00
2016-04-14 15:44:26 +02:00
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
2016-01-10 03:59:51 +01:00
2016-11-15 14:13:58 +01:00
2016-08-25 16:13:34 +02:00
# 7. Use DNS mode:
2016-01-21 17:16:43 +01:00
2016-04-15 12:50:40 +02:00
Support the `dns-01` challenge.
```bash
2016-11-15 14:13:58 +01:00
acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com
2016-01-21 17:16:43 +01:00
```
2016-11-15 14:13:58 +01:00
You should get an output like below:
2016-04-15 12:50:40 +02:00
2016-01-21 17:16:43 +01:00
```
Add the following txt record:
2016-10-13 04:14:36 +02:00
Domain:_acme-challenge.example.com
2016-01-21 17:16:43 +01:00
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c
Add the following txt record:
2016-10-13 04:14:36 +02:00
Domain:_acme-challenge.www.example.com
2016-01-21 17:16:43 +01:00
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Please add those txt records to the domains. Waiting for the dns to take effect.
```
2016-04-15 12:50:40 +02:00
Then just rerun with `renew` argument:
```bash
2016-10-13 04:14:36 +02:00
acme.sh --renew -d example.com
2016-01-21 17:16:43 +01:00
```
Ok, it's finished.
2016-11-15 14:13:58 +01:00
2016-08-25 16:13:34 +02:00
# 8. Automatic DNS API integration
2016-01-21 17:16:43 +01:00
2016-11-15 14:13:58 +01:00
If your DNS provider supports API access, we can use that API to automatically issue the certs.
2015-12-26 14:44:39 +01:00
2016-11-15 14:13:58 +01:00
You don't have to do anything manually!
2016-01-30 16:15:30 +01:00
2016-04-15 12:50:40 +02:00
### Currently acme.sh supports:
2016-02-07 11:37:04 +01:00
2016-11-16 06:10:56 +01:00
1. CloudFlare.com API
1. DNSPod.cn API
1. CloudXNS.com API
1. GoDaddy.com API
1. OVH, kimsufi, soyoustart and runabove API
2016-11-20 16:21:07 +01:00
1. AWS Route 53
2016-11-16 06:10:56 +01:00
1. PowerDNS.com API
1. lexicon DNS API: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
2016-11-15 14:13:58 +01:00
(DigitalOcean, DNSimple, DNSMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.)
2016-11-16 06:10:56 +01:00
1. LuaDNS.com API
1. DNSMadeEasy.com API
1. nsupdate API
2016-11-24 14:49:45 +01:00
1. aliyun.com(阿里云) API
2016-11-24 16:00:32 +01:00
1. ISPConfig 3.1 API
2016-11-15 14:13:58 +01:00
**More APIs coming soon...**
2016-01-30 16:15:30 +01:00
2016-11-15 14:13:58 +01:00
If your DNS provider is not on the supported list above, you can write your own DNS API script easily. If you do, please consider submitting a [Pull Request ](https://github.com/Neilpang/acme.sh/pulls ) and contribute it to the project.
2016-01-30 16:15:30 +01:00
2016-11-15 14:13:58 +01:00
For more details: [How to use DNS API ](dnsapi )
2016-01-30 16:15:30 +01:00
2016-11-15 14:13:58 +01:00
# 9. Issue ECC certificates
2016-04-15 12:50:40 +02:00
2016-11-15 14:13:58 +01:00
`Let's Encrypt` can now issue **ECDSA** certificates.
2016-04-15 12:50:40 +02:00
2016-11-15 14:13:58 +01:00
And we support them too!
2016-02-12 10:56:50 +01:00
2016-03-02 15:53:07 +01:00
Just set the `length` parameter with a prefix `ec-` .
2016-04-15 12:50:40 +02:00
2016-02-12 10:56:50 +01:00
For example:
2016-03-10 07:17:47 +01:00
2016-11-15 14:13:58 +01:00
### Single domain ECC cerfiticate
2016-03-10 07:17:47 +01:00
2016-04-15 12:50:40 +02:00
```bash
2016-11-15 14:13:58 +01:00
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
2016-02-12 10:56:50 +01:00
```
2016-04-15 12:50:40 +02:00
2016-11-15 14:13:58 +01:00
### SAN multi domain ECC certificate
2016-04-15 12:50:40 +02:00
```bash
2016-11-15 14:13:58 +01:00
acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256
2016-03-10 07:17:47 +01:00
```
2016-02-12 10:56:50 +01:00
Please look at the last parameter above.
Valid values are:
2016-04-15 12:50:40 +02:00
1. **ec-256 (prime256v1, "ECDSA P-256")**
2. **ec-384 (secp384r1, "ECDSA P-384")**
3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)**
2016-02-12 10:56:50 +01:00
2016-08-25 16:13:34 +02:00
2016-11-15 14:13:58 +01:00
# 10. How to renew the issued certs
2016-08-25 16:13:34 +02:00
2016-11-15 14:13:58 +01:00
No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
2016-08-25 16:13:34 +02:00
However, you can also force to renew any cert:
```
2016-11-15 14:13:58 +01:00
acme.sh --renew -d example.com --force
2016-08-25 16:13:34 +02:00
```
or, for ECC cert:
2016-11-15 14:13:58 +01:00
2016-08-25 16:13:34 +02:00
```
2016-11-15 14:13:58 +01:00
acme.sh --renew -d example.com --force --ecc
2016-08-25 16:13:34 +02:00
```
2016-11-15 14:13:58 +01:00
2016-08-25 16:13:34 +02:00
# 11. How to upgrade `acme.sh`
2016-11-15 14:13:58 +01:00
2016-12-14 21:32:24 +01:00
acme.sh is in constant development, so it's strongly recommended to use the latest code.
2016-08-25 16:13:34 +02:00
You can update acme.sh to the latest code:
2016-11-15 14:13:58 +01:00
2016-08-25 16:13:34 +02:00
```
acme.sh --upgrade
```
2016-11-15 14:13:58 +01:00
You can also enable auto upgrade:
2016-09-28 16:11:00 +02:00
```
2016-11-15 14:13:58 +01:00
acme.sh --upgrade --auto-upgrade
2016-09-28 16:11:00 +02:00
```
2016-11-15 14:13:58 +01:00
Then **acme.sh** will be kept up to date automatically.
2016-09-28 16:11:00 +02:00
Disable auto upgrade:
2016-11-15 14:13:58 +01:00
2016-09-28 16:11:00 +02:00
```
2016-11-15 14:13:58 +01:00
acme.sh --upgrade --auto-upgrade 0
2016-09-28 16:11:00 +02:00
```
2016-11-15 14:13:58 +01:00
2016-09-27 16:03:42 +02:00
# 12. Issue a cert from an existing CSR
2016-08-27 08:00:26 +02:00
https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR
2016-04-15 12:50:40 +02:00
# Under the Hood
2015-12-26 14:44:39 +01:00
2016-04-16 17:10:46 +02:00
Speak ACME language using shell, directly to "Let's Encrypt".
2015-12-26 14:44:39 +01:00
TODO:
2016-11-15 14:13:58 +01:00
# Acknowledgments
2016-01-11 06:23:02 +01:00
1. Acme-tiny: https://github.com/diafygi/acme-tiny
2. ACME protocol: https://github.com/ietf-wg-acme/acme
2016-05-14 13:47:03 +02:00
3. Certbot: https://github.com/certbot/certbot
2016-01-11 06:23:02 +01:00
2016-11-15 14:13:58 +01:00
2016-09-27 16:03:42 +02:00
# License & Others
2015-12-26 14:44:39 +01:00
License is GPLv3
2015-12-26 14:47:28 +01:00
Please Star and Fork me.
2015-12-26 14:44:39 +01:00
2016-11-15 14:13:58 +01:00
[Issues ](https://github.com/Neilpang/acme.sh/issues ) and [pull requests ](https://github.com/Neilpang/acme.sh/pulls ) are welcome.
2015-12-26 14:44:39 +01:00
2016-07-16 15:57:29 +02:00
# Donate
2015-12-26 14:44:39 +01:00
2016-11-15 14:13:58 +01:00
1. PayPal: donate@acme.sh
2016-08-23 17:16:19 +02:00
2016-11-15 14:13:58 +01:00
[Donate List ](https://github.com/Neilpang/acme.sh/wiki/Donate-list )