Acme.sh全自动获取SSL通配符证书
Here I’m gonna show you a quick how-to on obtaining a wildcard SSL cert from Let’s Encrypt with the “pure shell written” acme.sh, which is simple, light-weight and far beyond flexible.
And you may already aware that I’ve an earlier post on doing this with another tool called certbot-auto, well, unfortuantely it’s… kinda still working… but having no support or further update anymore. As for the “official successor” of the certbot-auto? It seems the official guys have decided to walk step and step closer into the mire, with that good-looking but evil-inside snapd… oh, don’t even say that word again. It’s weird enough – I saw nothing around Canonical brand on sponsors list from homepage of Let’s Encrypt. That’s another topic anyway, a wildcard SSL cert for free is still worth my sincere appreciation in this case.
今天简单聊下如何使用acme.sh来获取通配符证书,纯shell工具比之前聊过的certbot-auto更为简单、轻量且灵活。此外不幸的是,半年不见certbot已然走上邪路,奇怪的是Let’s Encrypt首页赞助商清单里并未发现Canonical在列,让我倍感意外。
废话少叙,先装为敬。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
[root@aqui-test ~]# curl https://get.acme.sh | sh % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 937 0 937 0 0 445 0 --:--:-- 0:00:02 --:--:-- 445 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 204k 100 204k 0 0 33335 0 0:00:06 0:00:06 --:--:-- 28373 [Sat Feb 27 23:14:42 CST 2021] Installing from online archive. [Sat Feb 27 23:14:42 CST 2021] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz [Sat Feb 27 23:15:47 CST 2021] Extracting master.tar.gz [Sat Feb 27 23:15:47 CST 2021] It is recommended to install socat first. [Sat Feb 27 23:15:47 CST 2021] We use socat for standalone server if you use standalone mode. [Sat Feb 27 23:15:47 CST 2021] If you don't use standalone mode, just ignore this warning. [Sat Feb 27 23:15:47 CST 2021] Installing to /root/.acme.sh [Sat Feb 27 23:15:47 CST 2021] Installed to /root/.acme.sh/acme.sh [Sat Feb 27 23:15:47 CST 2021] Installing alias to '/root/.bashrc' [Sat Feb 27 23:15:47 CST 2021] OK, Close and reopen your terminal to start using acme.sh [Sat Feb 27 23:15:47 CST 2021] Installing alias to '/root/.cshrc' [Sat Feb 27 23:15:47 CST 2021] Installing alias to '/root/.tcshrc' [Sat Feb 27 23:15:47 CST 2021] Installing cron job [Sat Feb 27 23:15:48 CST 2021] Good, bash is found, so change the shebang to use bash as preferred. [Sat Feb 27 23:15:49 CST 2021] OK [Sat Feb 27 23:15:49 CST 2021] Install success! [root@aqui-test ~]# |
安装过程中会自动创建cronjob,如果不想自动创建,安装时要加个参数,也可以手动把cronjob删掉(则证书不会自动展期)。
|
1 2 3 4 |
[root@aqui-test ~]# crontab -l # m h dom mon dow command 47 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null [root@aqui-test ~]# |
此时把阿里云key和secret填入环境变量(建议使用RAM账户,风险最小化)。
|
1 2 |
[root@aqui-test ~]# export Ali_Key="L123456789q" [root@aqui-test ~]# export Ali_Secret="j123456789l" |
然后一句话申请wildcard(通配符)证书。
文章的脚注信息由WordPress的wp-posturl插件自动生成
完整阅读本篇»
京公网安备 11011502004657号