acme.sh with dnspod
发布于
Top
work

安装

curl https://get.acme.sh | sh
source ~/.bashrc

Wildcard Certificate

Let’s Encrypt Wildcard Certificate 必须用 DNS TXT 记录验证方式,且注意加2个 -d ddatsh.com -d *.ddatsh.com

其他 dns 或手工见 acme github wiki

export DP_Id="1xxx"
export DP_Key="xxxx"
acme.sh --issue --dns dns_dp -d ddatsh.com -d *.ddatsh.com --renew-hook "/root/.acme.sh/acme.sh --install-cert -d ddatsh.com  --key-file       /etc/nginx/conf.d/ssl/ddatsh.com.rsa.key    --fullchain-file /etc/nginx/conf.d/ssl/ddatsh.com.rsa.cer    --reloadcmd      \"systemctl force-reload nginx\""

acme.sh --issue --dns dns_dp -d ddatsh.com -d *.ddatsh.com -k ec-384  --renew-hook "/root/.acme.sh/acme.sh --install-cert -d ddatsh.com --ecc --key-file       /etc/nginx/conf.d/ssl/ddatsh.com.ecc.key    --fullchain-file /etc/nginx/conf.d/ssl/ddatsh.com.ecc.cer    --reloadcmd      \"systemctl force-reload nginx"\" --force

cron log

[root@VM-0-7-centos ~]# acme.sh --cron
[Tue Dec 15 12:04:51 CST 2020] ===Starting cron===
[Tue Dec 15 12:04:51 CST 2020] Renew: 'ddatsh.com'
[Tue Dec 15 12:04:52 CST 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Dec 15 12:04:52 CST 2020] Multi domain='DNS:ddatsh.com,DNS:*.ddatsh.com'
[Tue Dec 15 12:04:52 CST 2020] Getting domain auth token for each domain
[Tue Dec 15 12:04:57 CST 2020] Getting webroot for domain='ddatsh.com'
[Tue Dec 15 12:04:57 CST 2020] Getting webroot for domain='*.ddatsh.com'
[Tue Dec 15 12:04:58 CST 2020] ddatsh.com is already verified, skip dns-01.
[Tue Dec 15 12:04:58 CST 2020] *.ddatsh.com is already verified, skip dns-01.
[Tue Dec 15 12:04:58 CST 2020] Verify finished, start to sign.
[Tue Dec 15 12:04:58 CST 2020] Lets finalize the order.
[Tue Dec 15 12:04:58 CST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/105392664/6749057114'
[Tue Dec 15 12:05:00 CST 2020] Downloading cert.
[Tue Dec 15 12:05:00 CST 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04b7648ffb2c2a2887a2b85e7ed662421226'
[Tue Dec 15 12:05:01 CST 2020] Cert success.
-----BEGIN CERTIFICATE-----
MIIFKxxx
-----END CERTIFICATE-----
[Tue Dec 15 12:05:01 CST 2020] Your cert is in  /root/.acme.sh/ddatsh.com/ddatsh.com.cer 
[Tue Dec 15 12:05:01 CST 2020] Your cert key is in  /root/.acme.sh/ddatsh.com/ddatsh.com.key 
[Tue Dec 15 12:05:01 CST 2020] The intermediate CA cert is in  /root/.acme.sh/ddatsh.com/ca.cer 
[Tue Dec 15 12:05:01 CST 2020] And the full chain certs is there:  /root/.acme.sh/ddatsh.com/fullchain.cer 
[Tue Dec 15 12:05:02 CST 2020] Run renew hook:'/root/.acme.sh/acme.sh --install-cert -d ddatsh.com  --key-file       /etc/nginx/conf.d/ssl/ddatsh.com.rsa.key    --fullchain-file /etc/nginx/conf.d/ssl/ddatsh.com.rsa.cer    --reloadcmd      "systemctl force-reload nginx"'
[Tue Dec 15 12:05:02 CST 2020] Installing key to:/etc/nginx/conf.d/ssl/ddatsh.com.rsa.key
[Tue Dec 15 12:05:02 CST 2020] Installing full chain to:/etc/nginx/conf.d/ssl/ddatsh.com.rsa.cer
[Tue Dec 15 12:05:02 CST 2020] Run reload cmd: systemctl force-reload nginx
[Tue Dec 15 12:05:03 CST 2020] Reload success
[Tue Dec 15 12:05:03 CST 2020] Renew: 'ddatsh.com'
[Tue Dec 15 12:05:04 CST 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Dec 15 12:05:04 CST 2020] Multi domain='DNS:ddatsh.com,DNS:*.ddatsh.com'
[Tue Dec 15 12:05:04 CST 2020] Getting domain auth token for each domain
[Tue Dec 15 12:05:10 CST 2020] Getting webroot for domain='ddatsh.com'
[Tue Dec 15 12:05:10 CST 2020] Getting webroot for domain='*.ddatsh.com'
[Tue Dec 15 12:05:10 CST 2020] ddatsh.com is already verified, skip dns-01.
[Tue Dec 15 12:05:10 CST 2020] *.ddatsh.com is already verified, skip dns-01.
[Tue Dec 15 12:05:10 CST 2020] Verify finished, start to sign.
[Tue Dec 15 12:05:10 CST 2020] Lets finalize the order.
[Tue Dec 15 12:05:10 CST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/105392664/6749062076'
[Tue Dec 15 12:05:12 CST 2020] Downloading cert.
[Tue Dec 15 12:05:12 CST 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/038811d00702ddb48ba0ab38fce9fc554a9e'
[Tue Dec 15 12:05:13 CST 2020] Cert success.
-----BEGIN CERTIFICATE-----
MIIEezxxx
-----END CERTIFICATE-----
[Tue Dec 15 12:05:13 CST 2020] Your cert is in  /root/.acme.sh/ddatsh.com_ecc/ddatsh.com.cer 
[Tue Dec 15 12:05:13 CST 2020] Your cert key is in  /root/.acme.sh/ddatsh.com_ecc/ddatsh.com.key 
[Tue Dec 15 12:05:13 CST 2020] The intermediate CA cert is in  /root/.acme.sh/ddatsh.com_ecc/ca.cer 
[Tue Dec 15 12:05:13 CST 2020] And the full chain certs is there:  /root/.acme.sh/ddatsh.com_ecc/fullchain.cer 
[Tue Dec 15 12:05:13 CST 2020] Run renew hook:'/root/.acme.sh/acme.sh --install-cert -d ddatsh.com --ecc  --key-file       /etc/nginx/conf.d/ssl/ddatsh.com.ecc.key    --fullchain-file /etc/nginx/conf.d/ssl/ddatsh.com.ecc.cer    --reloadcmd      "systemctl force-reload nginx"'
[Tue Dec 15 12:05:13 CST 2020] Installing key to:/etc/nginx/conf.d/ssl/ddatsh.com.ecc.key
[Tue Dec 15 12:05:13 CST 2020] Installing full chain to:/etc/nginx/conf.d/ssl/ddatsh.com.ecc.cer
[Tue Dec 15 12:05:13 CST 2020] Run reload cmd: systemctl force-reload nginx
[Tue Dec 15 12:05:13 CST 2020] Reload success
[Tue Dec 15 12:05:13 CST 2020] ===End cron===