Actalis.com CA Wiki Page Edited Discussion: Free 90-Day SSL Certificates
Hey guys! It looks like the Actalis.com-CA wiki page on acme.sh has been updated by JensSpanier on October 10, 2025. This edit brings some exciting news about free 90-day SSL certificates offered by Actalis. Let's dive into the details of this update and see what it means for you.
What's New on the Actalis.com-CA Wiki Page?
The main highlight of this edit is the information about Actalis.com providing free 90-day SSL certificates. This is a fantastic opportunity for anyone looking to secure their website with a valid SSL certificate without breaking the bank. However, there are a few things you need to keep in mind.
Key Points About the Free Certificates
- Single Domain Certificates: These certificates are limited to a single domain and its
wwwsubdomain. So, if you haveexample.com, you can also securewww.example.comwith the same certificate. This is perfect for small websites or blogs that primarily operate on a single domain. - No Wildcard Certificates: If you were hoping for a wildcard certificate to cover all subdomains (like
*.example.com), unfortunately, this isn't an option with the free offering. Wildcard certificates are typically reserved for paid accounts.
How to Issue a Certificate with Actalis.com Using acme.sh
The updated wiki page provides a clear set of instructions on how to issue a certificate using acme.sh with Actalis.com. Let's break it down step by step.
1. Register for a Free Account
First things first, you'll need to register for a free account at www.actalis.com. Once you've registered, you'll need to obtain your EAB (External Account Binding) Credentials. These credentials are required to authenticate your acme.sh client with Actalis.com's ACME server.
2. Get Your EAB Credentials
To get your EAB Credentials, follow the instructions provided in the Actalis.com guide. This guide will walk you through the process of obtaining your eab-kid and eab-hmac-key. These are crucial for the next step.
3. Register Your Account with acme.sh
Now that you have your EAB Credentials, you can register your account with acme.sh using the following command:
acme.sh --register-account --server actalis.com \
--eab-kid xxxxxx --eab-hmac-key xxxxxxxx
Replace xxxxxx with your actual eab-kid and xxxxxxxx with your eab-hmac-key. This command tells acme.sh to register an account with the Actalis.com ACME server using your provided credentials.
4. Issue Your Certificate
With your account registered, you can now issue your certificate. Here’s the command you'll use:
acme.sh --issue -d example.com -d www.example.com --dns dns_cf --server actalis.com
Let's break down this command:
--issue: This tells acme.sh that you want to issue a new certificate.-d example.com: This specifies the primary domain for the certificate.-d www.example.com: This includes thewwwsubdomain in the certificate.--dns dns_cf: This option specifies that you're using Cloudflare's DNS API for DNS challenges. You'll need to configure your DNS provider accordingly. If you're using a different DNS provider, you'll need to use the appropriate DNS alias (e.g.,--dns dns_ovhfor OVH).--server actalis.com: This tells acme.sh to use the Actalis.com ACME server.
Example Scenario
Let's say you want to issue a certificate for yourdomain.com and www.yourdomain.com using Cloudflare for DNS validation. You would use the following command:
acme.sh --issue -d yourdomain.com -d www.yourdomain.com --dns dns_cf --server actalis.com
Before running this command, make sure you have set up the necessary Cloudflare API credentials in your environment variables. acme.sh typically uses environment variables like CF_Key and CF_Email for authentication with Cloudflare.
Why This Update Matters
This update is significant because it provides users with another option for obtaining free SSL certificates. While Let's Encrypt is a popular choice, having alternatives is always beneficial. Actalis.com's offering can be particularly useful for those who need certificates for single domains and are comfortable with the 90-day validity period.
Additionally, the clear instructions provided on the wiki page make it easier for users to integrate Actalis.com certificates into their workflows using acme.sh. This is especially helpful for those who prefer automating certificate issuance and renewal processes.
Potential Use Cases
So, who might benefit the most from these free certificates? Here are a few scenarios:
- Small Businesses: If you run a small business with a simple website, a free 90-day certificate can be a cost-effective way to secure your site.
- Personal Blogs: Bloggers often need SSL certificates to ensure their readers' data is protected. Actalis.com's offering is a great fit for personal blogs.
- Development and Testing Environments: Developers can use these certificates to secure their development and testing environments without incurring costs.
- Temporary Projects: For projects with a limited lifespan, a 90-day certificate can provide sufficient security without the need for long-term commitments.
Considerations and Limitations
Before you jump in and start issuing certificates, it’s important to consider the limitations:
- 90-Day Validity: You'll need to renew your certificate every 90 days. While this can be automated with acme.sh, it's something to keep in mind.
- Single Domain Only: If you need certificates for multiple domains or subdomains, you might need to explore other options or consider a paid account.
- No Wildcard Support: As mentioned earlier, wildcard certificates are not available with the free offering.
How to Automate Renewal with acme.sh
The beauty of using acme.sh is that it can automate the certificate renewal process. Once you've issued a certificate, acme.sh will automatically renew it before it expires. This ensures that your website remains secure without manual intervention.
To ensure automatic renewal works correctly, you'll need to set up a cron job or systemd timer that runs the acme.sh --cron command regularly. This command checks for certificates that are due for renewal and automatically renews them.
Setting Up a Cron Job
To set up a cron job, you can use the crontab -e command. This will open your system's crontab file in a text editor. Add the following line to the file:
0 0 * * * /path/to/acme.sh --cron --home /path/to/.acme.sh > /dev/null
Replace /path/to/acme.sh with the actual path to the acme.sh script and /path/to/.acme.sh with the directory where acme.sh stores its data. This cron job will run the renewal check every day at midnight.
Using Systemd Timers
Alternatively, you can use systemd timers to schedule the renewal checks. This is often a preferred method on modern Linux systems. You'll need to create a systemd service file and a systemd timer file.
Here’s an example of a service file (/etc/systemd/system/acme-renewal.service):
[Unit]
Description=acme.sh certificate renewal
[Service]
Type=oneshot
ExecStart=/path/to/acme.sh --cron --home /path/to/.acme.sh
And here’s an example of a timer file (/etc/systemd/system/acme-renewal.timer):
[Unit]
Description=acme.sh certificate renewal timer
[Timer]
OnCalendar=daily
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=timers.target
Replace /path/to/acme.sh and /path/to/.acme.sh with the appropriate paths. Then, enable and start the timer:
sudo systemctl enable acme-renewal.timer
sudo systemctl start acme-renewal.timer
Conclusion
The updated Actalis.com-CA wiki page provides valuable information about obtaining free 90-day SSL certificates from Actalis.com. This is a fantastic option for securing single-domain websites and can be easily integrated with acme.sh for automated certificate issuance and renewal. While there are limitations to consider, such as the 90-day validity and the lack of wildcard support, this offering provides a cost-effective solution for many users. So, if you're looking for a free SSL certificate, give Actalis.com a try and see if it meets your needs!
Remember, keeping your website secure is crucial, and having options like this makes it easier than ever to protect your online presence. Happy securing, guys!
