Automic VaultAutomic Vault

brew

Install acme.sh with Homebrew, apk, apt, Nix, pacman

ACME client. Version 3.1.3 via Homebrew; verified 2026-05-26.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install acme.sh

local Homebrew formula metadata

Linux

Alpine Linux apkverified · 92%
sudo apk add acme.sh

Alpine Linux edge package indexes · acme.sh · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install acme.sh

Debian stable package indexes · acme.sh · source: deb.debian.org

Nixverified · 92%
nix profile install nixpkgs#acme-sh

nixpkgs package indexes · pkgs/by-name/ac/acme-sh/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S acme.sh

Arch Linux sync databases · acme.sh · source: geo.mirror.pkgbuild.com

overview

Package summary

ACME client

Commands and aliases

  • acme.sh

history

Project history and usage

acme.sh is a pure Unix shell ACME client for issuing, renewing, and installing TLS certificates. It is designed around a small shell script, broad Unix compatibility, no Python dependency, and automated renewals through cron.

Project history

The GitHub repository was created in December 2015, shortly after Let's Encrypt made ACME-based certificate automation a practical mainstream workflow. The official README describes acme.sh as a full ACME protocol implementation written in Unix shell and tested across Linux, BSDs, macOS, Solaris-family systems, Haiku, and Windows via Cygwin.

The project grew from a Let's Encrypt-oriented client into a general ACME client. Its README lists support for multiple CAs including ZeroSSL, Let's Encrypt, SSL.com, Google Public CA, Actalis, Pebble, and any RFC 8555-compliant CA, while the wiki documents the large DNS API surface used for automated DNS-01 validation.

Adoption history

acme.sh became a popular package-manager ACME client because it fits shared hosting, appliances, routers, and small servers where a shell-only dependency profile matters. The official README's 'Who Uses acme.sh?' section names deployments and integrations such as FreeBSD.org, Proxmox, pfSense/OPNsense-adjacent tooling, and other hosting/control-panel environments.

The input package-manager facts show acme.sh packaged across Homebrew, Alpine, Debian, Nix, and Arch. The GitHub API reports a large public repository with tens of thousands of stars and thousands of forks, consistent with broad operational adoption.

How it is used

Typical package usage installs the acme.sh command, stores working state under ~/.acme.sh by default, creates a cron renewal job, and issues certificates with webroot, standalone, TLS-ALPN, Apache, Nginx, DNS, DNS alias, stateless, or DNS persist modes. DNS API credentials are exported once and then saved into ~/.acme.sh/account.conf for later renewal runs.

Why package nerds care

acme.sh matters to package nerds because it is a rare security-critical tool whose portability comes from plain POSIX-ish shell rather than a language runtime. That makes it attractive for Homebrew, distro, appliance, and container packaging, while its large dnsapi collection creates a sprawling map of DNS provider integrations in one scriptable package.

Timeline

  • 2015-12-26: GitHub repository created.
  • 2016-04-06: Earliest GitHub release metadata in the current repository lists version 1.2.2.
  • 2016-07-02: Version 2.3.0 tag commit appears in the repository tag history.
  • 2024: 3.0.x releases continue regular bug-fix and integration work.
  • 2026-04-28: Release 3.1.3 published.

Related projects

  • Related projects include Let's Encrypt, ZeroSSL, Certbot, Pebble, RFC 8555 ACME servers, and the DNS provider APIs supported by acme.sh's dnsapi wiki.

Sources

  • Official README, official wiki, official dnsapi wiki page, GitHub repository/release metadata, and source_facts.package-manager.

security posture

Risk level: blue

broad file, network, media, or database tool signal.

Risk classifier

blue risk · medium confidence · tool

Why

  • broad file, network, media, or database tool signal

Signals

  • text:client

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 1 platform targets.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.acme.sh/

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.acme.sh/account.conf

executables

Installed executables

CommandKindExposureNote
acme.shcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version3.1.3
manager updated2026-05-26
local dataok
upstreamcurrent
latest detected3.1.3

https://github.com/acmesh-official/acme.sh

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:acme.sh
Version3.1.3
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/acme.sh
Homepagehttps://github.com/acmesh-official/acme.sh
Repositoryhttps://github.com/acmesh-official/acme.sh
Upstream docshttps://github.com/acmesh-official/acme.sh#readme
LicenseGPL-3.0-only
Source archivehttps://github.com/acmesh-official/acme.sh/archive/refs/tags/3.1.3.tar.gz
Last updated2026-05-26T23:37:47-04:00
Pulseupdated
Bottleavailable (on all)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameacme.sh
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

acme.sh 3.1.1-1

Pure unix shell script implementing ACME client protocol

https://github.com/acmesh-official/acme.sh

sudo apt install acme.sh
  • Section: web
  • Architecture: all
  • 2 dependencies
  • normalized package name match
  • Matched by: Acme Sh
Debian stable package indexes · deb.debian.org · Debian stable package indexes: acme.sh from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

acme-sh

nix profile install nixpkgs#acme-sh
  • normalized package name match
  • Matched by: Acme Sh
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ac/acme-sh/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
apk95%

acme.sh 3.1.3-r0

ACME Shell script, an acme client alternative to certbot

https://github.com/acmesh-official/acme.sh

sudo apk add acme.sh
  • License: GPL-3.0-only
  • Architecture: x86_64
  • Source Package: acme.sh
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Acme Sh
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: acme.sh from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
pacman95%

acme.sh 3.1.3-1

An ACME Shell script, an acme client alternative to certbot

https://github.com/acmesh-official/acme.sh

sudo pacman -S acme.sh
  • License: GPL-3.0-only
  • Architecture: any
  • 1 dependencies
  • 3 optional deps
  • normalized package name match
  • Matched by: Acme Sh
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: acme.sh from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment