51工具盒子
一、部署 acme.sh
curl
https://get.acme.sh | sh -s email=admin@90apt.com
安装后,acmesh会生成计划任务
acme.sh --
version
https:
/
/github.com/acmesh
-official/acme.sh
v3.
0
.
8
crontab -l
37
12
* * *
"/root/.acme.sh"
/acme.sh --cron --home
"/root/.acme.sh"
>
/dev/null
配置默认ca服务器为letsencrypt
acme.sh --
set
-
default
-ca --server letsencrypt
二、腾讯云申请泛域名通配符证书
1、获取腾讯云 SecretId 和 SecretKey
https://console.cloud.tencent.com/cam/capi
2、导入环境变量
export
Tencent_SecretId=
"AKIDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export
Tencent_SecretKey=
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
3、申请证书
acme
.sh
--issue
--dns
dns_tencent
-d
90
apt
.com
-d
*
.90apt
.com
--debug
申请完成
-----END
CERTIFICATE-----
[Thu
Jun
20
14
:13:23
CST
2024
]
Your cert is in:
/root/.acme.sh/90apt.com_ecc/90apt.com.cer
[Thu
Jun
20
14
:13:23
CST
2024
]
Your cert key is in:
/root/.acme.sh/90apt.com_ecc/90apt.com.key
[Thu
Jun
20
14
:13:23
CST
2024
]
The intermediate CA cert is in:
/root/.acme.sh/90apt.com_ecc/ca.cer
[Thu
Jun
20
14
:13:23
CST
2024
]
And the full chain certs is there:
/root/.acme.sh/90apt.com_ecc/fullchain.cer
[Thu
Jun
20
14
:13:23
CST
2024
]
_on_issue_success
[Thu
Jun
20
14
:13:23
CST
2024
]
''
does
not
contain
'dns'
4、查看证书
ll
/root/.acme.sh/90apt.com_ecc/
total
32
-rw-r--r--
1
root
root
1452
Jun
20
14
:13
90apt.com.cer
-rw-r--r--
1
root
root
567
Jun
20
14
:13
90apt.com.conf
-rw-r--r--
1
root
root
473
Jun
20
14
:12
90apt.com.csr
-rw-r--r--
1
root
root
198
Jun
20
14
:12
90apt.com.csr.conf
-rw-------
1
root
root
227
Jun
20
14
:12
90apt.com.key
-rw-r--r--
1
root
root
2668
Jun
20
14
:13
ca.cer
-rw-r--r--
1
root
root
4120
Jun
20
14
:13
fullchain.cer
三、腾讯云申请泛域名通配符证书
1、进入RAM访问控制
2、创建用户组
3、给用户组增加DNS完整控制权限
AliyunDNSFullAccess
4、创建用户
5、给用户分配用户组,使其获得DNS完整控制权
6、创建AccessKey
7、导入环境变量
export
Ali_Key=
"sdfsdfsdfljlbjkljlkjsdfoiwje"
export
Ali_Secret=
"jlsdflanljkljlfdsaklkjflsa"
8、申请证书
acme
.sh
--issue
--dns
dns_ali
-d
90
apt
.com
-d
*
.90apt
.com
--debug
申请完成
[Thu
Jun
20
14
:41:41
CST
2024
]
Your cert is in:
/root/.acme.sh/90apt.com_ecc/90apt.com.cer
[Thu
Jun
20
14
:41:41
CST
2024
]
Your cert key is in:
/root/.acme.sh/90apt.com_ecc/90apt.com.key
[Thu
Jun
20
14
:41:41
CST
2024
]
The intermediate CA cert is in:
/root/.acme.sh/90apt.com_ecc/ca.cer
[Thu
Jun
20
14
:41:41
CST
2024
]
And the full chain certs is there:
/root/.acme.sh/90apt.com_ecc/fullchain.cer
[Thu
Jun
20
14
:41:41
CST
2024
]
_on_issue_success
[Thu
Jun
20
14
:41:41
CST
2024
]
''
does
not
contain
'dns'
9、查看证书
ll
/root/.acme.sh/90apt.com_ecc/
total
32
-rw-r--r--
1
root
root
2668
Jun
20
14
:41
ca.cer
-rw-r--r--
1
root
root
1460
Jun
20
14
:41
90apt.com.cer
-rw-r--r--
1
root
root
569
Jun
20
14
:41
90apt.com.conf
-rw-r--r--
1
root
root
481
Jun
20
14
:40
90apt.com.csr
-rw-r--r--
1
root
root
204
Jun
20
14
:40
90apt.com.csr.conf
-rw-------
1
root
root
227
Jun
20
14
:40
90apt.com.key
-rw-r--r--
1
root
root
4128
Jun
20
14
:41
fullchain.cer
四、acme.sh程序自动升级:
acme
.sh
--upgrade --
auto
-upgrade
关闭自动升级
acme
.sh
--upgrade --
auto
-upgrade 0
五、debug
acme
.sh
--issue
.....
--debug
