moneyslow.com

letsencrypt签署通配符域名--dnspod

阿里云https证书免费期缩短到3个月,腾讯云坚挺1年不变!数字证书免费1年还能白嫖多久

阿里云https证书免费期缩短到3个月,腾讯云坚挺1年不变!数字证书免费1年还能白嫖多久

之前写过一个godaddy的(2020年旧文):
https://moneyslow.com/letsencrypt%e7%ad%be%e7%bd%b2%e9%80%9a%e9%85%8d%e7%ac%a6%e5%9f%9f%e5%90%8d.html

官方支持的dns厂家列表:https://github.com/acmesh-official/acme.sh/wiki/dnsapi

下面这个是dnspod的:

安装acme:
curl https://get.acme.sh | sh -s email=admin@moneyslow.com
可以来个别名,方便操作:
vi .bashrc 加入:
alias acme.sh=~/.acme.sh/acme.sh

设置默认ca:
acme.sh --set-default-ca --server letsencrypt

升级到最新:
acme.sh --upgrade

查看版本:
acme.sh --version

https://console.dnspod.cn/account/token/token
创建密钥,得到6位数字ID和一串Token

135790
9203ab6675084989fd2281c9e7fef79f

服务器上执行:
export DP_Id="135790"
export DP_Key="9203ab6675084989fd2281c9e7fef79f"

服务器上执行签证书命令:

./acme.sh --issue --dns dns_dp -d moneyslow.com -d *.moneyslow.com
[Tue Jun 25 06:49:45 AM UTC 2024] Cert success.
-----BEGIN CERTIFICATE-----
MIIDfjCCAwSgAwIBAgISBO34I0Xbrne-pgBNip9CmbIIMAoGCCqGSM49BAMDMDIx
....
AfYPUswZM/OhZXSyANbVnTcuF23QpeS9yYDH4hwzazECMGQyOwjGej0gaIMQb/0a
CRVJcdnQ7YP+PVyvmUvrEez9fMDLSWDKf3KsiillZglUYg==
-----END CERTIFICATE-----
[Tue Jun 25 06:49:45 AM UTC 2024] Your cert is in: /root/.acme.sh/moneyslow.com_ecc/moneyslow.com.cer
[Tue Jun 25 06:49:45 AM UTC 2024] Your cert key is in: /root/.acme.sh/moneyslow.com_ecc/moneyslow.com.key
[Tue Jun 25 06:49:45 AM UTC 2024] The intermediate CA cert is in: /root/.acme.sh/moneyslow.com_ecc/ca.cer
[Tue Jun 25 06:49:45 AM UTC 2024] And the full chain certs is there: /root/.acme.sh/moneyslow.com_ecc/fullchain.cer

此时,你的DP_Id和DP_Key已经被写到这个文件里了: /root/.acme.sh/account.conf

部署证书到自己nginx配置证书的位置:
acme.sh --installcert -d moneyslow.com \
 --key-file /etc/nginx/key/moneyslow.com.key \
 --fullchain-file /etc/nginx/key/moneyslow.com.fullchain.cer \
 --reloadcmd  "systemctl restart nginx"

更详细的安装参考:
https://www.cyberciti.biz/faq/issue-lets-encrypt-wildcard-certificate-with-acme-sh-and-cloudflare-dns/#Issuing_Let's_Encrypt_wildcard_certificate

Exit mobile version