Acme.sh on sixdian https://sixdian.com/tags/acme.sh/ Recent content in Acme.sh on sixdian sixdian https://sixdian.com/image/150x150.webp https://sixdian.com/image/150x150.webp Hugo -- 0.154.0 zh-CN Wed, 07 Dec 2022 16:52:27 +0800 利用 acme.sh 为网站提供 ssl 支持 https://sixdian.com/post/acme/ Wed, 07 Dec 2022 16:52:27 +0800 https://sixdian.com/post/acme/ <p>原先用 Certbot 为网站安装证书时Nignx配置文件会被 Certbot 自动修改,令配置文件内容凌乱不堪,而且还要额外安装 Snap 影响服务器运行效率。所以放弃了 Certbot ,改用 acme.sh 生成和安装证书。 其安装和使用步骤如下:</p> <h2 id="安装-acmesh">安装 acme.sh</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>curl https://get.acme.sh | sh -s email=my@example.com # my@example.com 修改为你自己的 E-mail 地址 </span></span><span style="display:flex;"><span>alias acme.sh=~/.acme.sh/acme.sh # 创建一个 shell 的 alias 方便使用 </span></span></code></pre></div><h2 id="生成证书手动-dns-方式">生成证书(手动 DNS 方式)</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>acme.sh --issue --dns -d sixdian.com -d *.sixdian.com --keylength ec-256 \ </span></span><span style="display:flex;"><span> --yes-I-know-dns-manual-mode-enough-go-ahead-please </span></span></code></pre></div><p>acme.sh 会生成相应的解析记录显示出来,然后在你的域名管理面板中添加这些 txt 记录。</p> <h2 id="解析完成之后重新生成证书">解析完成之后,重新生成证书</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>acme.sh --renew -d sixdian.com -d *.sixdian.com --ecc\ </span></span><span style="display:flex;"><span> --yes-I-know-dns-manual-mode-enough-go-ahead-please </span></span></code></pre></div><h2 id="获取-cloudflare-api-key">获取 cloudflare API key</h2> <p>地址:https://dash.cloudflare.com/profile/api-tokens</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-gdscript3" data-lang="gdscript3"><span style="display:flex;"><span><span style="color:#66d9ef">export</span> CF_Key<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;Global API Key&#34;</span> <span style="color:#75715e"># Global API Key 修改为你的 Cloudflare API 密钥</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">export</span> CF_Email<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;my@example.com&#34;</span> <span style="color:#75715e"># my@example.com 修改为你 Cloudflare 账户绑定的邮箱</span> </span></span><span style="display:flex;"><span>acme<span style="color:#f92672">.</span>sh <span style="color:#f92672">--</span>issue <span style="color:#f92672">-</span>d sixdian<span style="color:#f92672">.</span>com <span style="color:#f92672">-</span>d <span style="color:#f92672">*.</span>sixdian<span style="color:#f92672">.</span>com <span style="color:#f92672">--</span>dns dns_cf <span style="color:#f92672">--</span>ecc <span style="color:#75715e"># 申请证书</span> </span></span></code></pre></div><h2 id="安装证书以-nginx-为例">安装证书(以 Nginx 为例)</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-gdscript3" data-lang="gdscript3"><span style="display:flex;"><span>acme<span style="color:#f92672">.</span>sh <span style="color:#f92672">--</span>install<span style="color:#f92672">-</span>cert <span style="color:#f92672">-</span>d sixdian<span style="color:#f92672">.</span>com <span style="color:#f92672">-</span>d <span style="color:#f92672">*.</span>sixdian<span style="color:#f92672">.</span>com \ </span></span><span style="display:flex;"><span><span style="color:#f92672">--</span>key<span style="color:#f92672">-</span>file <span style="color:#f92672">/</span>home<span style="color:#f92672">/</span>sixdian<span style="color:#f92672">/</span>ssl<span style="color:#f92672">/</span>key<span style="color:#f92672">.</span>pem \ </span></span><span style="display:flex;"><span><span style="color:#f92672">--</span>fullchain<span style="color:#f92672">-</span>file <span style="color:#f92672">/</span>home<span style="color:#f92672">/</span>sixdian<span style="color:#f92672">/</span>ssl<span style="color:#f92672">/</span>cert<span style="color:#f92672">.</span>pem \ </span></span><span style="display:flex;"><span><span style="color:#f92672">--</span>reloadcmd <span style="color:#e6db74">&#34;service nginx force-reload&#34;</span> </span></span></code></pre></div><h2 id="开启-acmesh-自动升级">开启 acme.sh 自动升级</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>acme.sh --upgrade --auto-upgrade </span></span></code></pre></div>