Home Explore Project
Register Sign In
linux
/
acme.sh
3
0
Fork 0
Files Issues 2 Pull Requests 0 Wiki
Labels Milestones
New Issue

#1 升级证书记录

Open
opened 2 years ago by lyq · 2 comments
天问 commented 2 years ago

Steps to reproduce

Debug log

acme.sh  --issue .....   --debug 2

acme.sh --renew -d yoqi.me

新版本已经 letsencrypt 改为 zerossl 证书。

<!-- 我很忙, 每天可能只有 几秒钟 时间看你的 issue, 如果不按照我的要求写 issue, 你可能不会得到任何回复, 石沉大海. 请确保已经更新到最新的代码, 然后贴上来 `--debug 2` 的调试输出. 没有调试信息. 我做不了什么. 如何调试 https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh If it is a bug report: - make sure you are able to repro it on the latest released version. You can install the latest version by: `acme.sh --upgrade` - Search the existing issues. - Refer to the [WIKI](https://wiki.acme.sh). - Debug info [Debug](https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh). --> Steps to reproduce ------------------ Debug log ----------------- ``` acme.sh --issue ..... --debug 2 ``` acme.sh --renew -d yoqi.me 新版本已经 [letsencrypt](https://letsencrypt.org/#) 改为 [zerossl](https://zerossl.com/) 证书。
天问 commented 2 years ago
Poster

takegpt.cn安装证书

  • 安装证书

    # 安装acme.sh
wget -O -  https://get.acme.sh | sh -s email=my@example.com

# 使用zerossl证书
acme.sh --set-default-ca --server zerossl

  • 单域名

    acme.sh --issue -d takegpt.cn  -w /data/wwwroot/www.takegpt.cn
acme.sh --issue -d ai.takegpt.cn --nginx

acme.sh --install-cert -d ai.takegpt.cn \
--key-file       /root/.acme.sh/takegpt.cn_ecc/takegpt.cn.key  \
--fullchain-file /root/.acme.sh/takegpt.cn_ecc/fullchain.cer \
--reloadcmd     "service nginx force-reload"

  • 泛域名

    # test
curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
 -H "Authorization: Bearer UtENaR8dVvYhDS0oqzHpdpE4y4vHls1NnToKkiP2" \
 -H "Content-Type:application/json"

# https://dash.cloudflare.com/profile
export CF_Key="UtENaR8dVvYhDS0oqzHpdpE4y4vHls1NnToKkiP2"
export CF_Email="zz1036@qq.com"


# cloudflare
acme.sh   --issue   --dns cloudflare -d takegpt.cn  -d *.takegpt.cn

acme.sh --install-cert -d ai.takegpt.cn \
--key-file       /path/to/keyfile/in/nginx/key.pem  \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd     "service nginx force-reload"

acme.sh --install-cert -d example.com \
--key-file       /youdata/ssl/nginx/yourdomain.key  \
--fullchain-file /youdata/ssl/nginx/fullchain.cer \
--reloadcmd     "sudo nginx -s reload"


[Wed Mar 29 11:52:33 CST 2023] Your cert is in: /root/.acme.sh/takegpt.cn_ecc/takegpt.cn.cer
[Wed Mar 29 11:52:33 CST 2023] Your cert key is in: /root/.acme.sh/takegpt.cn_ecc/takegpt.cn.key
[Wed Mar 29 11:52:33 CST 2023] The intermediate CA cert is in: /root/.acme.sh/takegpt.cn_ecc/ca.cer
[Wed Mar 29 11:52:33 CST 2023] And the full chain certs is there: /root/.acme.sh/takegpt.cn_ecc/fullchain.cer

  • 更新证书

    # renew
acme.sh --renew -d example.com --force --ecc

# crontab
56 * * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
## takegpt.cn安装证书 * 安装证书 ``` # 安装acme.sh wget -O - https://get.acme.sh | sh -s email=my@example.com # 使用zerossl证书 acme.sh --set-default-ca --server zerossl ``` * 单域名 ``` acme.sh --issue -d takegpt.cn -w /data/wwwroot/www.takegpt.cn acme.sh --issue -d ai.takegpt.cn --nginx acme.sh --install-cert -d ai.takegpt.cn \ --key-file /root/.acme.sh/takegpt.cn_ecc/takegpt.cn.key \ --fullchain-file /root/.acme.sh/takegpt.cn_ecc/fullchain.cer \ --reloadcmd "service nginx force-reload" ``` * 泛域名 ``` # test curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \ -H "Authorization: Bearer UtENaR8dVvYhDS0oqzHpdpE4y4vHls1NnToKkiP2" \ -H "Content-Type:application/json" # https://dash.cloudflare.com/profile export CF_Key="UtENaR8dVvYhDS0oqzHpdpE4y4vHls1NnToKkiP2" export CF_Email="zz1036@qq.com" # cloudflare acme.sh --issue --dns cloudflare -d takegpt.cn -d *.takegpt.cn acme.sh --install-cert -d ai.takegpt.cn \ --key-file /path/to/keyfile/in/nginx/key.pem \ --fullchain-file /path/to/fullchain/nginx/cert.pem \ --reloadcmd "service nginx force-reload" acme.sh --install-cert -d example.com \ --key-file /youdata/ssl/nginx/yourdomain.key \ --fullchain-file /youdata/ssl/nginx/fullchain.cer \ --reloadcmd "sudo nginx -s reload" [Wed Mar 29 11:52:33 CST 2023] Your cert is in: /root/.acme.sh/takegpt.cn_ecc/takegpt.cn.cer [Wed Mar 29 11:52:33 CST 2023] Your cert key is in: /root/.acme.sh/takegpt.cn_ecc/takegpt.cn.key [Wed Mar 29 11:52:33 CST 2023] The intermediate CA cert is in: /root/.acme.sh/takegpt.cn_ecc/ca.cer [Wed Mar 29 11:52:33 CST 2023] And the full chain certs is there: /root/.acme.sh/takegpt.cn_ecc/fullchain.cer ``` * 更新证书 ``` # renew acme.sh --renew -d example.com --force --ecc # crontab 56 * * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null ```
天问 commented 1 year ago
Poster

相关项目

acme.sh

https://git.yoqi.me/lyq/acme.sh

acme-tiny

lyq/acme-tiny#1

certbot-auto

## 相关项目 **acme.sh** https://git.yoqi.me/lyq/acme.sh **acme-tiny** https://git.yoqi.me/lyq/acme-tiny/issues/1 **certbot-auto**
Sign in to join this conversation.
Labels
Clear labels
No Label
Milestone
Clear milestone
No Milestone
Assignee
Clear assignee
No assignee
1 Participants
Write Preview
Loading...
Cancel
Save
There is no content yet.