42 lines
1.6 KiB
Plaintext
42 lines
1.6 KiB
Plaintext
|
# 访问账户注册页面注册一个ZeroSSL账户:https://app.zerossl.com/signup
|
|||
|
|
# 获取账户的EAB凭证,用来注册acme帐户:https://app.zerossl.com/developer ,生成并保存EAB KID、EAB HMAC Key
|
|||
|
|
# EAB KID: 0LMQmCsN7JfTiUGSBlt92A
|
|||
|
|
# EAB HMAC Key: 0f7MrdOiBgoWO-KUDYvOjdebphcbJM6yL1l1fswh70girLlnp5iayptXf83QGm1JUMpZCTXAER87k3HPuDYxjw
|
|||
|
|
|
|||
|
|
|
|||
|
|
# 安装 acme.sh
|
|||
|
|
curl https://get.acme.sh | sh
|
|||
|
|
source ~/.bashrc
|
|||
|
|
|
|||
|
|
|
|||
|
|
# 注册 ZeroSSL 账户
|
|||
|
|
acme.sh --register-account --server zerossl \
|
|||
|
|
--eab-kid 你的eab-kid \
|
|||
|
|
--eab-hmac-key 你的eab-hmac-key
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
# 设置你的 DNS 提供商的 API,比如 Cloudflare(需要 API Key)
|
|||
|
|
export CF_Account_ID="630ec20446f17247191cbaec23d8af61"
|
|||
|
|
export CF_Key="ran6bGxXpJ1Df-uZFPFAgfRRcgz_Us4hd0e_e_kO"
|
|||
|
|
export CF_Email="Dinxinchen@gmail.com"
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
# 申请证书(DNS 验证方式,不需要公网 IP),过程可能提示无法添加dns TXT 解析,按提示手动添加也可以
|
|||
|
|
acme.sh --issue --dns dns_cf -d sit.lessie.ai
|
|||
|
|
|
|||
|
|
#证书申请成功后,acme.sh 会将证书文件存放在以下目录:
|
|||
|
|
#证书文件:/root/.acme.sh/sit.lessie.ai_ecc/sit.lessie.ai.cer
|
|||
|
|
#私钥文件:/root/.acme.sh/sit.lessie.ai_ecc/sit.lessie.ai.key
|
|||
|
|
#完整证书链文件:/root/.acme.sh/sit.lessie.ai_ecc/fullchain.cer
|
|||
|
|
|
|||
|
|
# nginx配置:(具体路径具体写)
|
|||
|
|
ssl_certificate /data/tengine/conf/certificate/lessie.ai/fullchain.cer;
|
|||
|
|
ssl_certificate_key /data/tengine/conf/certificate/lessie.ai/sit.lessie.ai.key;
|
|||
|
|
|
|||
|
|
# 查询证书有效期
|
|||
|
|
openssl x509 -in /etc/nginx/ssl/fullchain.cer -noout -dates
|
|||
|
|
|
|||
|
|
# 手动续期
|
|||
|
|
acme.sh --renew -d sit.lessie.ai
|