acme.sh 申请SSL证书并自动更新(DNSPod版) – MasterH's Grocery Store

acme.sh 申请SSL证书并自动更新(DNSPod版)

下载源码

git clone https://gitee.com/neilpang/acme.sh.git

进入acme.sh目录执行命令安装

cd acme.sh
./acme.sh --install -m 你的邮箱

设置默认的证书提供商

acme.sh --set-default-ca --server letsencrypt

设置DNSPod Token,方便后面自动验证

DNSPod Token可在这里查看或设置(https://console.dnspod.cn/account/token/apikey)

export DP_Id=""
export DP_Key=""

开始申请证书

./acme.sh --issue -d 您的域名 --dns dns_dp


出现上图里的内容,说明申请成功了

Nginx部署证书

server块的设置:

 server {
        listen       80;
        listen       [::]:80;
        server_name  您的域名.com www.您的域名.com;
        return 301 https://您的域名.com$request_uri;
    }

server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  您的域名.com www.您的域名.com;
        root         /home/html;
        index index.html;

        ssl_certificate "/root/.acme.sh/您的域名.com/您的域名.com.cer";
        ssl_certificate_key "/root/.acme.sh/您的域名.com/您的域名.com.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

到期自动更新

acme.sh在安装的时候已经自动创建了一个cronjob,每天检查证书是否更新,可以通过下面命令查看

crontab -l

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *