Nginx Install acme.sh curl https://get.acme.sh | sh -s email=<your@email.com> Restart terminal, then set env for acme.sh export CF_Key="<you-CF-key>" export CF_Email="<your@email.com>" acme.sh --register-account -m <your@email.com> Get ssl cert mkdir -p /etc/nginx/ssl acme.sh --set-default-ca --server letsencrypt acme.sh --issue -d "your-domain.com" --dns dns_cf \ --key-file /etc/nginx/ssl/your-domain.com.key \ --fullchain-file /etc/nginx/ssl/your-domain.com.pem \ --reloadcmd "systemctl reload nginx" acme.sh --upgrade --auto-upgrade Nginx config server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name your-domain.com; root /data/www; ssl_certificate /etc/nginx/ssl/your-domain.com.pem; ssl_certificate_key /etc/nginx/ssl/your-domain.com.key; charset utf-8,gbk; index index.html index.htm; } server { listen 80; listen [::]:80; server_name your-domain.com; location / { return 301 https://your-domain.com$request_uri; } } Acme.sh for PVE acme.sh --issue -d "your-domain.com" --dns dns_cf \ --key-file /etc/pve/local/pveproxy-ssl.key \ --fullchain-file /etc/pve/local/pveproxy-ssl.pem \ --reloadcmd "systemctl reload pveproxy" acme.sh --upgrade --auto-upgrade