Buy a Certificate
Run:
sslmate buy DOMAIN...
-
DOMAIN is the hostname or wildcard domain that you need the certificate to secure, such as
example.com,www.example.com,subdomain.example.com, or*.example.com. -
For a wildcard domain, specify a DOMAIN like
*.example.com. -
If you need to secure multiple hostnames or wildcard domains, specify them as multiple arguments to
sslmate buy. The certificate's auto-renewal setting will be set to your account's default auto-renewal setting. To override, specify the
--auto-renewor--no-auto-renewoptions.For other options, run
sslmate help buyor consult thesslmate(1)man page.
You will be required to prove that you are authorized to obtain a certificate for each DOMAIN, by responding to an email, publishing a DNS record, or configuring your web server. For more information, including how to automate this process, see the certificate approval documentation.
After the sslmate command completes, four files will be placed in your key and cert directories (/etc/sslmate by default when running as root):
-
example.com.key- the private key -
example.com.crt- the certificate -
example.com.chain.crt- the certificate chain (aka intermediate cert) -
example.com.chained.crt- a concatenation of the certificate and the chain, for convenience
Configure Your Server
You should configure your server software with the above files. Consult your software's documentation, or use the config guide below.
Remember to restart your server software after changing its configuration. Note that Apache must be fully restarted after changing certificate configuration; a reload is not sufficient.
Test Your Server
After configuring your server, you can use the sslmate test command to
make sure that your certificate has been properly installed:
sslmate test DOMAIN
For more information about sslmate test, run sslmate help test
or consult the sslmate(1) man page.
Next step: Set up a cron job to run sslmate download for renewals.
See also: Certificate approval process