下载 acme
curl https://get.acme.sh | sh
下载出错了
[root@ysl01 ~]# curl https://get.acme.sh | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 775 0 775 0 0 620 0 --:--:-- 0:00:01 --:--:-- 620
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed connect to raw.githubusercontent.com:443; Connection refused
修改/etc/hosts在文件结尾新增加一行如下内容
199.232.96.133 raw.githubusercontent.com
网站的ip地址通过https://www.ipaddress.com/查询到
重新安装成功
[root@ysl01 ~]# curl https://get.acme.sh | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 775 0 775 0 0 983 0 --:--:-- --:--:-- --:--:-- 983
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 202k 100 202k 0 0 40893 0 0:00:05 0:00:05 --:--:-- 57446
[Sat Dec 26 17:40:02 CST 2020] Installing from online archive.
[Sat Dec 26 17:40:02 CST 2020] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Sat Dec 26 17:40:08 CST 2020] Extracting master.tar.gz
[Sat Dec 26 17:40:08 CST 2020] It is recommended to install socat first.
[Sat Dec 26 17:40:08 CST 2020] We use socat for standalone server if you use standalone mode.
[Sat Dec 26 17:40:08 CST 2020] If you don't use standalone mode, just ignore this warning.
[Sat Dec 26 17:40:08 CST 2020] Installing to /root/.acme.sh
[Sat Dec 26 17:40:08 CST 2020] Installed to /root/.acme.sh/acme.sh
[Sat Dec 26 17:40:08 CST 2020] Installing alias to '/root/.bashrc'
[Sat Dec 26 17:40:08 CST 2020] OK, Close and reopen your terminal to start using acme.sh
[Sat Dec 26 17:40:08 CST 2020] Installing alias to '/root/.cshrc'
[Sat Dec 26 17:40:08 CST 2020] Installing alias to '/root/.tcshrc'
[Sat Dec 26 17:40:08 CST 2020] Installing cron job
no crontab for root
no crontab for root
[Sat Dec 26 17:40:08 CST 2020] Good, bash is found, so change the shebang to use bash as preferred.
[Sat Dec 26 17:40:09 CST 2020] OK
[Sat Dec 26 17:40:09 CST 2020] Install success!
默认安装位置 /root/.acme.sh/
创建alias
alias acme.sh=/root/.acme.sh/acme.sh
DNS方式验证
export Ali_Key="***"
export Ali_Secret="***"
acme.sh --issue --force --dns dns_ali -d *.biyouliao.cn -d biyouliao.cn
默认证书保存位置
[Sat Dec 26 17:49:05 CST 2020] Your cert is in /root/.acme.sh/*.biyouliao.cn/*.biyouliao.cn.cer
[Sat Dec 26 17:49:05 CST 2020] Your cert key is in /root/.acme.sh/*.biyouliao.cn/*.biyouliao.cn.key
[Sat Dec 26 17:49:05 CST 2020] The intermediate CA cert is in /root/.acme.sh/*.biyouliao.cn/ca.cer
[Sat Dec 26 17:49:05 CST 2020] And the full chain certs is there: /root/.acme.sh/*.biyouliao.cn/fullchain.cer
更新 acme.sh
acme.sh --upgrade
自动更新 acme.sh
acme.sh --upgrade --auto-upgrade
关闭自动更新 acme.sh
acme.sh --upgrade --auto-upgrade 0
nginx使用证书文件
server {
listen 443 ssl;
server_name q.biyouliao.cn;
ssl_certificate /root/.acme.sh/*.biyouliao.cn/fullchain.cer;
ssl_certificate_key /root/.acme.sh/*.biyouliao.cn/*.biyouliao.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 200M;
location / {
root /home/server/html/q;
index index.html index.htm;
}
}
证书自动更新
crontab自动加了一个定时任务
8 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
会自动到期前更新证书