How to Request an SSL Certificate from ZeroSSL in ServBay

ServBay is a powerful local web development environment that supports automatic SSL/TLS certificate application and management using the ACME (Automated Certificate Management Environment) protocol. This enables developers to easily configure HTTPS for locally hosted websites, better simulating production environments, and allows testing of features that require HTTPS (such as Service Worker, secure context APIs, and more). This guide provides detailed instructions on how to issue free SSL certificates from ZeroSSL within ServBay.

Overview

With ACME integration in ServBay, you can directly apply for real, publicly trusted SSL certificates from recognized Certificate Authorities (CAs) such as ZeroSSL. ServBay automatically handles certificate requests, validation (via DNS-01 challenge), and renewal, greatly simplifying the process of enabling HTTPS in your local environment.

Use Cases

• Simulate production HTTPS settings in your local development environment.
• Test web features that require a secure context, such as Service Worker, Web Authentication API, Geolocation API (in some browsers), Payment Request API, etc.
• Ensure consistency between your local development and production environments, reducing issues caused by protocol differences.
• Provide trusted SSL certificates for locally running services that need public access (for example, via tunneling services).

Prerequisites

Before starting the ZeroSSL certificate request, make sure you meet the following requirements:

1. Own one or more domains: You must have a domain that you control. Note that certificates are issued for these domains, not for localhost or IP addresses.
2. Ability to manage your domain’s DNS records: ZeroSSL (via ACME DNS-01 challenge) verifies domain ownership by requiring you to add specific TXT records to your domain’s DNS. Thus, you must have permissions to modify DNS records for your domain.
3. Obtain your DNS provider’s API keys: ServBay uses DNS APIs to automate DNS record verification. You need to obtain the required API key or token for DNS API access from your domain registrar or DNS provider (such as Cloudflare, GoDaddy, Aliyun DNS, etc.). The process for obtaining API credentials varies by provider—typically generated through your provider’s user panel. Refer to the DNS API section of the acme.sh Wiki for guidance on API credentials required for your provider (although ServBay integrates its own ACME client, its DNS API configuration is compatible with acme.sh format).

Step-by-Step Guide

Follow these steps to request an SSL certificate from ZeroSSL in ServBay:

1. Launch ServBay and open the management panel: Double-click the ServBay app icon to start the program, then open the ServBay management panel via the system tray icon or menu.

2. Go to the SSL Certificate Management section: In ServBay’s sidebar, find and click on the SSL Certificates option.

3. Start a new certificate application: On the SSL certificates list page, click the plus (+) button in the upper-right corner. This will open the certificate request configuration window.

4. Fill in the certificate request details: In the pop-up "Request Certificate" window, provide the following key information:

   • Common Name: Assign a recognizable name to your certificate, such as servbay.demo SSL. This is for internal identification within ServBay.
   • Usage Purpose: Select TLS/SSL to indicate this certificate will be used for encrypted web traffic.
   • Request Method: Choose ACME to request the certificate automatically via the ACME protocol.
   • Issuer: Select ZeroSSL.
   • DNS API Provider: Select your DNS service provider from the dropdown list. ServBay supports most major providers.
   • Algorithm: It is recommended to choose ECC (Elliptic Curve Cryptography) with a key length of 384. ECC 384 offers security on par with RSA but with shorter keys and better performance.
   • E-Mail Address: Enter a valid email address. ZeroSSL or ServBay may use this address to send notifications about certificate expiration or renewal issues.
   • DNS API Tokens: Enter your DNS provider’s required API credentials. These are usually in key-value pairs (such as CF_Key=xxx CF_Email=xxx). Refer to the instructions for your selected DNS API Provider and see the acme.sh Wiki for details.
     Important: Do NOT add export or other shell commands before your API input. Enter plain KEY=VALUE or KEY="VALUE" pairs, separated by spaces if multiple credentials are required.
   • Domain: Enter the domain(s) you want to secure. For multiple domains (including wildcards), separate using commas—for example: servbay.demo, www.servbay.demo, *.servbay.demo. Note that wildcard certificates (*.yourdomain.com) must use DNS API validation.

   (Note: The example domains shown in the images may differ from the brand examples in the text—please refer to the documentation text as authoritative.)

5. Submit your request: After reviewing and confirming all information is correct, click the Request button in the lower-right corner.

6. Wait for the process to complete: ServBay will launch the ACME client in the background, connect to the ZeroSSL server, perform domain ownership verification (automatically creating and verifying TXT records under your domain using your DNS API credentials), and upon successful validation, will obtain and install the certificate. This process may take a few moments, depending on DNS propagation and ZeroSSL server response times. The progress will be displayed in the ServBay interface.

7. Verify the certificate list: After a successful request, your newly issued certificate will appear in the SSL Certificates list showing a "Valid" status.

Using the Certificate

Once your certificate has been successfully obtained and added to ServBay, you can apply it to your local website:

1. Go to site configuration: In ServBay’s sidebar, click on Sites.
2. Select or edit your site: Choose an existing site you want to enable HTTPS for, or create a new site.
3. Configure SSL certificate: In the SSL section of the site’s configuration page, switch the dropdown from the default (like "None" or ServBay User CA) to ACME.
4. Choose the issued certificate: In the ACME certificates dropdown list on the right, select the certificate you just obtained from ZeroSSL (identified by the Common Name you specified).
5. Save configuration: Click the save button to apply the changes. ServBay will automatically configure your web server (Caddy or Nginx) to use the certificate for HTTPS.

(Note: The example domains shown in the images may differ from the brand examples in the text—please refer to the documentation text as authoritative.)

Now, you should be able to access your local site via https://your-domain.

Certificate Renewal

ZeroSSL certificates are typically valid for 90 days. ServBay’s integrated ACME functionality will automatically monitor your certificates’ expiration and will handle renewals automatically (usually 30 days before expiration). As long as ServBay is running and your DNS API keys remain valid, you usually won’t need to renew certificates manually.

Important Notes & Troubleshooting

• DNS API Key Security: Your DNS API keys have permissions to modify DNS records—keep them safe and do not share them.
• DNS Propagation Delay: Certificate issuance relies on DNS TXT record validation. DNS record updates may take time to propagate globally (from a few minutes to several hours). If your application fails, please wait a while and try again.
• API Key Formatting: Ensure that your DNS API credentials exactly match the requirements listed for your provider in the acme.sh Wiki, and do not include any export or shell command prefixes. This is a common cause of errors.
• Firewall: Make sure your local firewall or network settings are not blocking ServBay from accessing ZeroSSL or your DNS provider’s API servers.
• ServBay User CA vs. ZeroSSL: ServBay also provides a built-in ServBay User CA and Public CA. These certificates are mainly for pure local development—by trusting the ServBay root certificate in your system or browser, you can enable HTTPS. In contrast, certificates from ZeroSSL are publicly trusted and suitable for simulating production or enabling access from the internet (including via tunneling). Choose the certificate type that fits your needs.

Summary

With ServBay’s ACME protocol integration, you can easily and efficiently request and manage free SSL certificates from ZeroSSL, enabling HTTPS for your local development sites. This not only allows you to better simulate production environments and test security features, but also enhances your overall development experience. ServBay’s automated request and renewal process makes local HTTPS setup easier than ever.