Done according to https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode
Warning: DNS manual mode can not renew automatically. For renewal you need to repeat steps below each time. Certificate needs to be renewed within 90 days.
Install client
git clone https://github.com/Neilpang/acme.sh.git cd ./acme.sh ./acme.sh --install
Get values for TXT records for DNS records:
./acme.sh --issue --dns -d it-projects.info -d '*.it-projects.info' -d '*.apps.it-projects.info' -d '*.runbot.it-projects.info' -d '*.new.it-projects.info' -d '*.test.it-projects.info' -d '*.saas.it-projects.info' --yes-I-know-dns-manual-mode-enough-go-ahead-please
Add the TXT records to your DNS records.
Check TXT records via dig:
dig _acme-challenge.it-projects.info -t txt
Get your certificate with --renew command:
./acme.sh --debug --renew -d it-projects.info -d '*.it-projects.info' -d '*.apps.it-projects.info' -d '*.runbot.it-projects.info' -d '*.new.it-projects.info' --yes-I-know-dns-manual-mode-enough-go-ahead-please
Copy the certs within Nginx:
cp fullchain.cer /etc/nginx/certs/letsencrypt.it-projects.info.cer cp it-projects.info.key /etc/nginx/certs/letsencrypt.it-projects.info.key
Note:
If you see error like this:
[Чт янв 9 20:58:31 MSK 2020] code='500' [Чт янв 9 20:58:31 MSK 2020] Sign failed, finalize code is not 200. [Чт янв 9 20:58:31 MSK 2020] { "type": "urn:ietf:params:acme:error:serverInternal", "detail": "Error finalizing order", "status": 500 } [Чт янв 9 20:58:31 MSK 2020] _on_issue_err [Чт янв 9 20:58:31 MSK 2020] Please add '--debug' or '--log' to check more details. [Чт янв 9 20:58:31 MSK 2020] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [Чт янв 9 20:58:31 MSK 2020] The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead.
Try to execute the last command again (maybe 2 times).
As a result you should see:
[Чт янв 9 21:02:17 MSK 2020] Your cert is in /root/.acme.sh/it-projects.info/it-projects.info.cer [Чт янв 9 21:02:17 MSK 2020] Your cert key is in /root/.acme.sh/it-projects.info/it-projects.info.key [Чт янв 9 21:02:17 MSK 2020] v2 chain. [Чт янв 9 21:02:17 MSK 2020] The intermediate CA cert is in /root/.acme.sh/it-projects.info/ca.cer [Чт янв 9 21:02:17 MSK 2020] And the full chain certs is there: /root/.acme.sh/it-projects.info/fullchain.cer [Чт янв 9 21:02:17 MSK 2020] _on_issue_success