文档
安装
// 下载安装脚本
curl https://get.acme.sh | sh -s [email protected]
// 添加别名
vi /root/.bashrc
alias acme.sh='~/.acme.sh/acme.sh'
// :wq 保存退出
source /root/.bashrc
// 查看
acme.sh -h
更换默认服务商
// 根据自己的需求选择
acme.sh --set-default-ca --server letsencrypt
添加授权
// 根据自己的域名服务商选择对应
export GD_Key="xxxxxxxxxxx"
export GD_Secret="xxxxxxxxxxx"
****PS:这里需要注意,自己使用的域名厂商,选择对应的****
添加记录并验证
acme.sh --issue --dns dns_gd -d xxxxxx1.com -d xxxxxx2.com
安装证书到指定目录
acme.sh --install-cert -d xxxxxx1.com --key-file /root/nginx/ssl/xxxxxx.com.key --fullchain-file /root/nginx/ssl/xxxxxx.com.pem
配置证书
// nginx 为例
server {
listen 80;
server_name download.xxxxxx.com;
root /usr/share/nginx/html/download;
gzip on;
gzip_comp_level 6;
gzip_min_length 1k;
gzip_types text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
location / {
index index.html index.htm index.php;
}
if ($scheme = http) {
return 301 https://$host$request_uri;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|bmp|swf|eot|svg|ttf|woff|woff2)$ {
expires 30d;
log_not_found off;
}
}
server {
listen 443 ssl;
ssl on;
server_name download.xxxxxx.com;
root /usr/share/nginx/html/download;
// 这里是做了容器映射的-v /root/nginx/ssl:/etc/nginx/ssl,根据自己的目录位置来
ssl_certificate /etc/nginx/ssl/xxxxxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/xxxxxx.com.key;
}
最后重起nginx即可
自动检查和更新
letsencrypt免费使用3个月,到期需要重新申请。acme已经做好了
执行脚本
写了个执行脚本,需要自取
#!/bin/bash
# @Author: TUTU
# @Description: acme.sh 申请证书dns自动注册运行脚本,本脚本支持Ali,GoDaddy,Cloudflare三家域名服务商的自动证书申请和续期
# @Use: sudo sh ./acme_auto.sh ali
# @Use: sudo sh ./acme_auto.sh gd
# @Use: sudo sh ./acme_auto.sh cf
########## 需填写配置 ###########
# 申请邮箱
send_mail="[email protected]"
# 域名
domain_name="xxx.comd"
# key
dns_key=""
# secret,Cloudflare为注册邮箱
dns_secret=""
# 证书安装地址
ssl_path=""
########## 需填写配置 ###########
if [[ ${send_mail} == "" ]] || [[ ${domain_name} == "" ]] || [[ ${dns_key} == "" ]] || [[ ${dns_secret} == "" ]] || [[ ${ssl_path} == "" ]]; then
echo "请完善配置!"
exit
fi
if [[ $1 == "" ]]; then
echo "缺少必要参数!"
exit
fi
curl https://get.acme.sh | sh -s email=${send_mail}
cd ~/.acme.sh/
# 添加别名
echo "alias acme.sh='~/.acme.sh/acme.sh'" >>/root/.bashrc
source /root/.bashrc
# 切换证书机构
acme.sh --set-default-ca --server letsencrypt
# dns 添加类型
dns_type=""
if [[ $1 == "ali" ]]; then
export Ali_Key=${dns_key}
export Ali_Secret=${dns_secret}
dns_type="dns_ali"
elif [[ $1 == "gd" ]]; then
export GD_Key=${dns_key}
export GD_Secret=${dns_secret}
dns_type="dns_gd"
elif [[ $1 == "cf" ]]; then
export CF_Key=${dns_key}
export CF_Email=${dns_secret}
dns_type="dns_cf"
else
echo "服务商错误!"
fi
# 泛域名证书申请
acme.sh --issue --dns ${dns_type} -d ${domain_name} -d *.${domain_name}
acme.sh --install-cert -d ${domain_name} --key-file ${ssl_path}/${domain_name}.key --fullchain-file ${ssl_path}/${domain_name}.pem
# 自动更新
acme.sh --upgrade --auto-upgrade
# 证书更新异常可用一下命令手动更新
# acme.sh --renew -d xxx.com -d *.xxx.com --force
# 检查定时任务
echo "------------ 脚本定时任务 -----------"
crontab -l
echo "------------ 脚本定时任务 -----------"
echo "THE END ..."