文章分类

当前位置:首页>文章中心>服务器相关>https 免费泛域名证书申请

https 免费泛域名证书申请

发布时间:2019-05-26 点击数:1879
1、安装证书申请工具

curl https://get.acme.sh | sh

这个命令后会将acme.sh安装到~/.acme.sh/目录下,重新载入~/.bashrc

source ~/.bashrc

2、开始申请

2.1、方法一

设置DNS,执行申请:

acme.sh --issue -d ljp123.cn -d *.ljp123.cn --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

执行响应:

[Sun May 26 14:33:52 HKT 2019] Creating domain key [Sun May 26 14:33:52 HKT 2019] The domain key is here: /root/.acme.sh/ljp123.cn/ljp123.cn.key [Sun May 26 14:33:52 HKT 2019] Multi domain='DNS:ljp123.cn,DNS:*.ljp123.cn' [Sun May 26 14:33:52 HKT 2019] Getting domain auth token for each domain [Sun May 26 14:34:03 HKT 2019] Getting webroot for domain='ljp123.cn' [Sun May 26 14:34:03 HKT 2019] Getting webroot for domain='*.ljp123.cn' [Sun May 26 14:34:03 HKT 2019] Add the following TXT record: [Sun May 26 14:34:03 HKT 2019] Domain: '_acme-challenge.ljp123.cn' [Sun May 26 14:34:03 HKT 2019] TXT value: 'CFqIh5XQRdN7_DKzGqqLp8DJ-g9mB86zMl1fzi2TeuY' [Sun May 26 14:34:03 HKT 2019] Please be aware that you prepend _acme-challenge. before your domain [Sun May 26 14:34:03 HKT 2019] so the resulting subdomain will be: _acme-challenge.ljp123.cn [Sun May 26 14:34:03 HKT 2019] Add the following TXT record: [Sun May 26 14:34:03 HKT 2019] Domain: '_acme-challenge.ljp123.cn' [Sun May 26 14:34:03 HKT 2019] TXT value: 'Bo0VhbDQjyVISgEEwce8Ul1bVL6U1E6whfoKY-V9Cgk' [Sun May 26 14:34:03 HKT 2019] Please be aware that you prepend _acme-challenge. before your domain [Sun May 26 14:34:03 HKT 2019] so the resulting subdomain will be: _acme-challenge.ljp123.cn [Sun May 26 14:34:03 HKT 2019] Please add the TXT records to the domains, and re-run with --renew. [Sun May 26 14:34:03 HKT 2019] Please add '--debug' or '--log' to check more details. [Sun May 26 14:34:03 HKT 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

根据返回数据,给域名添加TXT记录后执行

acme.sh --renew -d ljp123.cn -d *.ljp123.cn --yes-I-know-dns-manual-mode-enough-go-ahead-please

在目录下会生成一个 ljp123.com 的文件夹, 里面有证书和密钥

2.2、方法二

然后把自己的id和key 配置成环境变量。
export DP_Id=”XXX”
export DP_Key=”5XXXXXXXXXXXXXXXXXXXXXXX”

最后直接运行申请证书命令, 会自动在你的dnspod 后台解析一条txt记录, 并完成申请证书。

acme.sh --issue -d ljp123.cn -d *.ljp123.cn --dns dns_dp

2.3、方法三

acme.sh --issue -d ljp123.cn -d *.ljp123.cn --nginx

2.3、方法四

参考地址:https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode

acme.sh --issue -d ljp123.cn -d *.ljp123.cn -d *.s1.ljp123.cn -d *.s2.ljp123.cn --domain-alias myalias.ljp123.cn --dns dns_dp --log

3、复制证书

acme.sh --installcert -d ljp123.cn --key-file /etc/nginx/ssl/ljp123.cn/ljp123.cn.key --fullchain-file /etc/nginx/ssl/ljp123.cn/ljp123.cn.cer --reloadcmd "service nginx force-reload"

4、证书更新

证书有效期是 90 天的,需要定期重新申请,不过acme在安装的时候就已经设置了自动更新,所以这一步不用关心,很省心。

手动更新命令:acme.sh --cron -f

5、设置软件自动更新

acme.sh --upgrade --auto-upgrade


上一篇:Powershell挂载SMB共享存储 下一篇:Ngrok添加账号认证