This documentation applies to the Basic SSLMate service. If you are using SSLMate for SaaS, please see the SSLMate Agent Help instead.

Download a Certificate

Run:

sslmate download HOSTNAME

The following files will be downloaded to the configured certificate directory, overwriting existing files with the same names:

  • example.com.crt - the certificate
  • example.com.chain.crt - the certificate chain (aka intermediate cert)
  • example.com.chained.crt - a concatenation of the certificate and the chain, for convenience

To download more than one certificate at once, specify multiple names on the command line to sslmate download. Pass the --all option in lieu of hostnames to download the certificate for every key in your key directory.

Normally, you do not need to run sslmate download because sslmate buy downloads these files automatically. Instead, sslmate download is intended to be placed in a cron job or a configuration management script to ensure that your servers always have the most up-to-date copy of your certificates. Thus, your can set your certificates to automatically renew and the renewed certificates will automatically propagate to your servers.

Exit Status

sslmate download exits with one of the following status codes:

  • 0 - new certificate files were downloaded
  • 10 - the current certificate files are up-to-date
  • other - an error occurred

You can use this exit status in your script to determine whether to restart services that use the certificate.

Example Cron Job

The following script could be placed in a file in /etc/cron.daily (make sure the script is executable):

#!/bin/sh if sslmate download --all > /dev/null then service apache2 restart > /dev/null fi

Every day, this script will attempt to download new certificates for every key in your key directory. If new certificates are downloaded, Apache will be restarted. For this to work, Apache must refer to the certificate files with their standard names in the SSLMate certificate directory (/etc/sslmate by default).

To run sslmate download from a cron job, you must have a /etc/sslmate.conf configuration file containing your SSLMate API credentials, or you must have run sslmate link as the same user who runs the cron job.

Verifying Your Cron Job

Your certificates dashboard displays the date on which each certificate was most recently downloaded. You can use this to make sure your cron job is running at a regular interval.

Compatibility

Note: sslmate download requires version 0.3.0 or above of the sslmate client. Downloading multiple certificates at once, either explicitly or with --all, requires version 0.4.0 or above.

Get Started with SSLMate Today

Buy a new certificate, or import your existing certs for free.

Click to sign up