acme.sh自动解析并申请泛域名通配符证书 腾讯云 阿里云

一、部署 acme.sh

curl https://get.acme.sh | sh -s email=admin@90apt.com

安装后，acmesh会生成计划任务

acme.sh   --version
https://github.com/acmesh-official/acme.sh
v3.0.8

crontab -l
37 12 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

配置默认ca服务器为letsencrypt

acme.sh --set-default-ca --server letsencrypt

二、腾讯云申请泛域名通配符证书
1、获取腾讯云 SecretId 和 SecretKey
https://console.cloud.tencent.com/cam/capi

2、导入环境变量

export Tencent_SecretId="AKIDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export Tencent_SecretKey="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

3、申请证书

acme.sh --issue --dns dns_tencent -d 90apt.com -d *.90apt.com --debug

申请完成

-----END CERTIFICATE-----
[Thu Jun 20 14:13:23 CST 2024] Your cert is in: /root/.acme.sh/90apt.com_ecc/90apt.com.cer
[Thu Jun 20 14:13:23 CST 2024] Your cert key is in: /root/.acme.sh/90apt.com_ecc/90apt.com.key
[Thu Jun 20 14:13:23 CST 2024] The intermediate CA cert is in: /root/.acme.sh/90apt.com_ecc/ca.cer
[Thu Jun 20 14:13:23 CST 2024] And the full chain certs is there: /root/.acme.sh/90apt.com_ecc/fullchain.cer
[Thu Jun 20 14:13:23 CST 2024] _on_issue_success
[Thu Jun 20 14:13:23 CST 2024] '' does not contain 'dns'

4、查看证书

ll /root/.acme.sh/90apt.com_ecc/
total 32
-rw-r--r-- 1 root root 1452 Jun 20 14:13 90apt.com.cer
-rw-r--r-- 1 root root  567 Jun 20 14:13 90apt.com.conf
-rw-r--r-- 1 root root  473 Jun 20 14:12 90apt.com.csr
-rw-r--r-- 1 root root  198 Jun 20 14:12 90apt.com.csr.conf
-rw------- 1 root root  227 Jun 20 14:12 90apt.com.key
-rw-r--r-- 1 root root 2668 Jun 20 14:13 ca.cer
-rw-r--r-- 1 root root 4120 Jun 20 14:13 fullchain.cer

三、腾讯云申请泛域名通配符证书
1、进入RAM访问控制

2、创建用户组

3、给用户组增加DNS完整控制权限
AliyunDNSFullAccess

4、创建用户

5、给用户分配用户组，使其获得DNS完整控制权

6、创建AccessKey

7、导入环境变量

export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"

8、申请证书

acme.sh --issue --dns dns_ali -d 90apt.com -d *.90apt.com --debug

申请完成

[Thu Jun 20 14:41:41 CST 2024] Your cert is in: /root/.acme.sh/90apt.com_ecc/90apt.com.cer
[Thu Jun 20 14:41:41 CST 2024] Your cert key is in: /root/.acme.sh/90apt.com_ecc/90apt.com.key
[Thu Jun 20 14:41:41 CST 2024] The intermediate CA cert is in: /root/.acme.sh/90apt.com_ecc/ca.cer
[Thu Jun 20 14:41:41 CST 2024] And the full chain certs is there: /root/.acme.sh/90apt.com_ecc/fullchain.cer
[Thu Jun 20 14:41:41 CST 2024] _on_issue_success
[Thu Jun 20 14:41:41 CST 2024] '' does not contain 'dns'

9、查看证书

ll /root/.acme.sh/90apt.com_ecc/
total 32
-rw-r--r-- 1 root root 2668 Jun 20 14:41 ca.cer
-rw-r--r-- 1 root root 1460 Jun 20 14:41 90apt.com.cer
-rw-r--r-- 1 root root  569 Jun 20 14:41 90apt.com.conf
-rw-r--r-- 1 root root  481 Jun 20 14:40 90apt.com.csr
-rw-r--r-- 1 root root  204 Jun 20 14:40 90apt.com.csr.conf
-rw------- 1 root root  227 Jun 20 14:40 90apt.com.key
-rw-r--r-- 1 root root 4128 Jun 20 14:41 fullchain.cer

四、acme.sh程序自动升级:

acme.sh --upgrade --auto-upgrade

关闭自动升级

acme.sh --upgrade --auto-upgrade  0

五、debug

acme.sh --issue  .....  --debug