letsencrypt签署通配符域名–dnspod

之前写过一个godaddy的（2020年旧文）：
https://moneyslow.com/letsencrypt%e7%ad%be%e7%bd%b2%e9%80%9a%e9%85%8d%e7%ac%a6%e5%9f%9f%e5%90%8d.html

官方支持的dns厂家列表：https://github.com/acmesh-official/acme.sh/wiki/dnsapi

下面这个是dnspod的：

安装acme：
curl https://get.acme.sh | sh -s email=admin@moneyslow.com
可以来个别名，方便操作：
vi .bashrc 加入：
alias acme.sh=~/.acme.sh/acme.sh

设置默认ca：
acme.sh --set-default-ca --server letsencrypt

升级到最新：
acme.sh --upgrade

查看版本：
acme.sh --version

https://console.dnspod.cn/account/token/token
创建密钥，得到6位数字ID和一串Token

135790
9203ab6675084989fd2281c9e7fef79f

服务器上执行：
export DP_Id="135790"
export DP_Key="9203ab6675084989fd2281c9e7fef79f"

服务器上执行签证书命令：

./acme.sh --issue --dns dns_dp -d moneyslow.com -d *.moneyslow.com
[Tue Jun 25 06:49:45 AM UTC 2024] Cert success.
-----BEGIN CERTIFICATE-----
MIIDfjCCAwSgAwIBAgISBO34I0Xbrne-pgBNip9CmbIIMAoGCCqGSM49BAMDMDIx
....
AfYPUswZM/OhZXSyANbVnTcuF23QpeS9yYDH4hwzazECMGQyOwjGej0gaIMQb/0a
CRVJcdnQ7YP+PVyvmUvrEez9fMDLSWDKf3KsiillZglUYg==
-----END CERTIFICATE-----
[Tue Jun 25 06:49:45 AM UTC 2024] Your cert is in: /root/.acme.sh/moneyslow.com_ecc/moneyslow.com.cer
[Tue Jun 25 06:49:45 AM UTC 2024] Your cert key is in: /root/.acme.sh/moneyslow.com_ecc/moneyslow.com.key
[Tue Jun 25 06:49:45 AM UTC 2024] The intermediate CA cert is in: /root/.acme.sh/moneyslow.com_ecc/ca.cer
[Tue Jun 25 06:49:45 AM UTC 2024] And the full chain certs is there: /root/.acme.sh/moneyslow.com_ecc/fullchain.cer

此时，你的DP_Id和DP_Key已经被写到这个文件里了： /root/.acme.sh/account.conf

部署证书到自己nginx配置证书的位置：
acme.sh --installcert -d moneyslow.com \
 --key-file /etc/nginx/key/moneyslow.com.key \
 --fullchain-file /etc/nginx/key/moneyslow.com.fullchain.cer \
 --reloadcmd  "systemctl restart nginx"

更详细的安装参考：
https://www.cyberciti.biz/faq/issue-lets-encrypt-wildcard-certificate-with-acme-sh-and-cloudflare-dns/#Issuing_Let’s_Encrypt_wildcard_certificate