安装
curl https://get.acme.sh | sh
source ~/.bashrc
Wildcard Certificate
Let’s Encrypt Wildcard Certificate 必须用 DNS TXT 记录验证方式,且注意加2个 -d ddatsh.com -d *.ddatsh.com
其他 dns 或手工见 acme github wiki
export DP_Id="1xxx"
export DP_Key="xxxx"
acme.sh --issue --dns dns_dp -d ddatsh.com -d *.ddatsh.com --renew-hook "/root/.acme.sh/acme.sh --install-cert -d ddatsh.com --key-file /etc/nginx/conf.d/ssl/ddatsh.com.rsa.key --fullchain-file /etc/nginx/conf.d/ssl/ddatsh.com.rsa.cer --reloadcmd \"systemctl force-reload nginx\""
acme.sh --issue --dns dns_dp -d ddatsh.com -d *.ddatsh.com -k ec-384 --renew-hook "/root/.acme.sh/acme.sh --install-cert -d ddatsh.com --ecc --key-file /etc/nginx/conf.d/ssl/ddatsh.com.ecc.key --fullchain-file /etc/nginx/conf.d/ssl/ddatsh.com.ecc.cer --reloadcmd \"systemctl force-reload nginx"\" --force
cron log
[root@VM-0-7-centos ~]# acme.sh --cron
[Tue Dec 15 12:04:51 CST 2020] ===Starting cron===
[Tue Dec 15 12:04:51 CST 2020] Renew: 'ddatsh.com'
[Tue Dec 15 12:04:52 CST 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Dec 15 12:04:52 CST 2020] Multi domain='DNS:ddatsh.com,DNS:*.ddatsh.com'
[Tue Dec 15 12:04:52 CST 2020] Getting domain auth token for each domain
[Tue Dec 15 12:04:57 CST 2020] Getting webroot for domain='ddatsh.com'
[Tue Dec 15 12:04:57 CST 2020] Getting webroot for domain='*.ddatsh.com'
[Tue Dec 15 12:04:58 CST 2020] ddatsh.com is already verified, skip dns-01.
[Tue Dec 15 12:04:58 CST 2020] *.ddatsh.com is already verified, skip dns-01.
[Tue Dec 15 12:04:58 CST 2020] Verify finished, start to sign.
[Tue Dec 15 12:04:58 CST 2020] Lets finalize the order.
[Tue Dec 15 12:04:58 CST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/105392664/6749057114'
[Tue Dec 15 12:05:00 CST 2020] Downloading cert.
[Tue Dec 15 12:05:00 CST 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04b7648ffb2c2a2887a2b85e7ed662421226'
[Tue Dec 15 12:05:01 CST 2020] Cert success.
-----BEGIN CERTIFICATE-----
MIIFKxxx
-----END CERTIFICATE-----
[Tue Dec 15 12:05:01 CST 2020] Your cert is in /root/.acme.sh/ddatsh.com/ddatsh.com.cer
[Tue Dec 15 12:05:01 CST 2020] Your cert key is in /root/.acme.sh/ddatsh.com/ddatsh.com.key
[Tue Dec 15 12:05:01 CST 2020] The intermediate CA cert is in /root/.acme.sh/ddatsh.com/ca.cer
[Tue Dec 15 12:05:01 CST 2020] And the full chain certs is there: /root/.acme.sh/ddatsh.com/fullchain.cer
[Tue Dec 15 12:05:02 CST 2020] Run renew hook:'/root/.acme.sh/acme.sh --install-cert -d ddatsh.com --key-file /etc/nginx/conf.d/ssl/ddatsh.com.rsa.key --fullchain-file /etc/nginx/conf.d/ssl/ddatsh.com.rsa.cer --reloadcmd "systemctl force-reload nginx"'
[Tue Dec 15 12:05:02 CST 2020] Installing key to:/etc/nginx/conf.d/ssl/ddatsh.com.rsa.key
[Tue Dec 15 12:05:02 CST 2020] Installing full chain to:/etc/nginx/conf.d/ssl/ddatsh.com.rsa.cer
[Tue Dec 15 12:05:02 CST 2020] Run reload cmd: systemctl force-reload nginx
[Tue Dec 15 12:05:03 CST 2020] Reload success
[Tue Dec 15 12:05:03 CST 2020] Renew: 'ddatsh.com'
[Tue Dec 15 12:05:04 CST 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Dec 15 12:05:04 CST 2020] Multi domain='DNS:ddatsh.com,DNS:*.ddatsh.com'
[Tue Dec 15 12:05:04 CST 2020] Getting domain auth token for each domain
[Tue Dec 15 12:05:10 CST 2020] Getting webroot for domain='ddatsh.com'
[Tue Dec 15 12:05:10 CST 2020] Getting webroot for domain='*.ddatsh.com'
[Tue Dec 15 12:05:10 CST 2020] ddatsh.com is already verified, skip dns-01.
[Tue Dec 15 12:05:10 CST 2020] *.ddatsh.com is already verified, skip dns-01.
[Tue Dec 15 12:05:10 CST 2020] Verify finished, start to sign.
[Tue Dec 15 12:05:10 CST 2020] Lets finalize the order.
[Tue Dec 15 12:05:10 CST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/105392664/6749062076'
[Tue Dec 15 12:05:12 CST 2020] Downloading cert.
[Tue Dec 15 12:05:12 CST 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/038811d00702ddb48ba0ab38fce9fc554a9e'
[Tue Dec 15 12:05:13 CST 2020] Cert success.
-----BEGIN CERTIFICATE-----
MIIEezxxx
-----END CERTIFICATE-----
[Tue Dec 15 12:05:13 CST 2020] Your cert is in /root/.acme.sh/ddatsh.com_ecc/ddatsh.com.cer
[Tue Dec 15 12:05:13 CST 2020] Your cert key is in /root/.acme.sh/ddatsh.com_ecc/ddatsh.com.key
[Tue Dec 15 12:05:13 CST 2020] The intermediate CA cert is in /root/.acme.sh/ddatsh.com_ecc/ca.cer
[Tue Dec 15 12:05:13 CST 2020] And the full chain certs is there: /root/.acme.sh/ddatsh.com_ecc/fullchain.cer
[Tue Dec 15 12:05:13 CST 2020] Run renew hook:'/root/.acme.sh/acme.sh --install-cert -d ddatsh.com --ecc --key-file /etc/nginx/conf.d/ssl/ddatsh.com.ecc.key --fullchain-file /etc/nginx/conf.d/ssl/ddatsh.com.ecc.cer --reloadcmd "systemctl force-reload nginx"'
[Tue Dec 15 12:05:13 CST 2020] Installing key to:/etc/nginx/conf.d/ssl/ddatsh.com.ecc.key
[Tue Dec 15 12:05:13 CST 2020] Installing full chain to:/etc/nginx/conf.d/ssl/ddatsh.com.ecc.cer
[Tue Dec 15 12:05:13 CST 2020] Run reload cmd: systemctl force-reload nginx
[Tue Dec 15 12:05:13 CST 2020] Reload success
[Tue Dec 15 12:05:13 CST 2020] ===End cron===