一、部署 acme.sh
curl https://get.acme.sh | sh -s email=admin@90apt.com
安装后,acmesh会生成计划任务
acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.0.8
crontab -l
37 12 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
配置默认ca服务器为letsencrypt
acme.sh --set-default-ca --server letsencrypt
二、腾讯云申请泛域名通配符证书
1、获取腾讯云 SecretId 和 SecretKey
https://console.cloud.tencent.com/cam/capi
2、导入环境变量
export Tencent_SecretId="AKIDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export Tencent_SecretKey="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
3、申请证书
acme.sh --issue --dns dns_tencent -d 90apt.com -d *.90apt.com --debug
申请完成
-----END CERTIFICATE-----
[Thu Jun 20 14:13:23 CST 2024] Your cert is in: /root/.acme.sh/90apt.com_ecc/90apt.com.cer
[Thu Jun 20 14:13:23 CST 2024] Your cert key is in: /root/.acme.sh/90apt.com_ecc/90apt.com.key
[Thu Jun 20 14:13:23 CST 2024] The intermediate CA cert is in: /root/.acme.sh/90apt.com_ecc/ca.cer
[Thu Jun 20 14:13:23 CST 2024] And the full chain certs is there: /root/.acme.sh/90apt.com_ecc/fullchain.cer
[Thu Jun 20 14:13:23 CST 2024] _on_issue_success
[Thu Jun 20 14:13:23 CST 2024] '' does not contain 'dns'
4、查看证书
ll /root/.acme.sh/90apt.com_ecc/
total 32
-rw-r--r-- 1 root root 1452 Jun 20 14:13 90apt.com.cer
-rw-r--r-- 1 root root 567 Jun 20 14:13 90apt.com.conf
-rw-r--r-- 1 root root 473 Jun 20 14:12 90apt.com.csr
-rw-r--r-- 1 root root 198 Jun 20 14:12 90apt.com.csr.conf
-rw------- 1 root root 227 Jun 20 14:12 90apt.com.key
-rw-r--r-- 1 root root 2668 Jun 20 14:13 ca.cer
-rw-r--r-- 1 root root 4120 Jun 20 14:13 fullchain.cer
三、腾讯云申请泛域名通配符证书
1、进入RAM访问控制
2、创建用户组
3、给用户组增加DNS完整控制权限 AliyunDNSFullAccess
4、创建用户
5、给用户分配用户组,使其获得DNS完整控制权
6、创建AccessKey
7、导入环境变量
export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"
8、申请证书
acme.sh --issue --dns dns_ali -d 90apt.com -d *.90apt.com --debug
申请完成
[Thu Jun 20 14:41:41 CST 2024] Your cert is in: /root/.acme.sh/90apt.com_ecc/90apt.com.cer
[Thu Jun 20 14:41:41 CST 2024] Your cert key is in: /root/.acme.sh/90apt.com_ecc/90apt.com.key
[Thu Jun 20 14:41:41 CST 2024] The intermediate CA cert is in: /root/.acme.sh/90apt.com_ecc/ca.cer
[Thu Jun 20 14:41:41 CST 2024] And the full chain certs is there: /root/.acme.sh/90apt.com_ecc/fullchain.cer
[Thu Jun 20 14:41:41 CST 2024] _on_issue_success
[Thu Jun 20 14:41:41 CST 2024] '' does not contain 'dns'
9、查看证书
ll /root/.acme.sh/90apt.com_ecc/
total 32
-rw-r--r-- 1 root root 2668 Jun 20 14:41 ca.cer
-rw-r--r-- 1 root root 1460 Jun 20 14:41 90apt.com.cer
-rw-r--r-- 1 root root 569 Jun 20 14:41 90apt.com.conf
-rw-r--r-- 1 root root 481 Jun 20 14:40 90apt.com.csr
-rw-r--r-- 1 root root 204 Jun 20 14:40 90apt.com.csr.conf
-rw------- 1 root root 227 Jun 20 14:40 90apt.com.key
-rw-r--r-- 1 root root 4128 Jun 20 14:41 fullchain.cer
四、acme.sh程序自动升级:
acme.sh --upgrade --auto-upgrade
关闭自动升级
acme.sh --upgrade --auto-upgrade 0
五、debug
acme.sh --issue ..... --debug
评论