acme.sh 免費泛解析證書生成

環境準備

本篇文章使用的 ACME 用戶端是基于 Docker 容器使用的，是以需要準備 Docker 運作環境。本文使用的是 CentOS 7.x 與 Docker CE - 19.03.13，且已經安裝了 Docker Compose 工具。

我已經參考官方的 GitHub 文章編寫了 acme.sh 需要的 Docker Compose 檔案，标準模版如下:

version: "3"

services:
  acme.sh:
    image: neilpang/acme.sh:latest
    container_name: acme.sh
    command: daemon
    volumes:
      - "<ACME 證書檔案的生成目錄>:/acme.sh"
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      - Ali_Key=<填寫阿裡雲的 Access Key>
      - Ali_Secret=<填寫阿裡雲的 Access Secret>
      - DEPLOY_DOCKER_CONTAINER_LABEL=__nginx__
      - DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="nginx -s reload -c /etc/nginx/nginx.conf"
    restart: always
    networks:
      - internal-network

networks:
  internal-network:
    external: true

參數配置

針對 ACME 的預設參數，我們隻需要提供 DNS 服務商的 API 通路密鑰即可，acme.sh 會自動對我們的域名進行配置驗證，我這裡以阿裡雲的為例，其他受支援的 DNS 服務商可以前往 Github 文檔檢視。

除開環境變量的配置參數以外，針對 Acme 的證書檔案生成目錄也需要單獨進行配置，這塊可以用于

具體使用

拉取鏡像

執行一下指令拉取 acme.sh 的 Docker 鏡像。

docker pull neilpang/acme.sh:latest

運作容器

docker-compose up -d

生成證書

由于已經在環境變量配置了阿裡雲的參數，是以現在隻需要指定域名即可生成對應的證書，域名驗證等一系列步驟都交由 acme.sh 自動完成。

進入到 acme.sh 的容器，執行生成指令。

acme.sh --issue --dns dns_ali -d example.com -d www.example.com

等待驗證成功以後，就會在 acme.sh 檔案夾生成對應的證書檔案。

[Tue Mar 16 07:07:44 UTC 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Mar 16 07:07:45 UTC 2021] Create account key ok.
[Tue Mar 16 07:07:45 UTC 2021] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Tue Mar 16 07:07:46 UTC 2021] Registered
[Tue Mar 16 07:07:46 UTC 2021] ACCOUNT_THUMBPRINT='賬号資訊'
[Tue Mar 16 07:07:46 UTC 2021] Creating domain key
[Tue Mar 16 07:07:47 UTC 2021] The domain key is here: /acme.sh/example.com/example.com.key
[Tue Mar 16 07:07:47 UTC 2021] Multi domain='DNS:example.com,DNS:www.example.com'
[Tue Mar 16 07:07:47 UTC 2021] Getting domain auth token for each domain
[Tue Mar 16 07:07:49 UTC 2021] Getting webroot for domain='example.com'
[Tue Mar 16 07:07:49 UTC 2021] Getting webroot for domain='www.example.com'
[Tue Mar 16 07:07:49 UTC 2021] Adding txt value: eJ2UJrvi_lAMmY0D-BFrM4WNvDXkICUR0BSJ3EXyBtw for domain:  _acme-challenge.example.com
[Tue Mar 16 07:07:51 UTC 2021] The txt record is added: Success.
[Tue Mar 16 07:07:51 UTC 2021] Adding txt value: u_T1kks2iNU1E_1bAtE8zpz-e81uTISws8o_ZL8YE40 for domain:  _acme-challenge.www.example.com
[Tue Mar 16 07:07:53 UTC 2021] The txt record is added: Success.
[Tue Mar 16 07:07:53 UTC 2021] Let's check each DNS record now. Sleep 20 seconds first.
[Tue Mar 16 07:08:14 UTC 2021] You can use '--dnssleep' to disable public dns checks.
[Tue Mar 16 07:08:14 UTC 2021] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Tue Mar 16 07:08:14 UTC 2021] Checking example.com for _acme-challenge.example.com
[Tue Mar 16 07:08:16 UTC 2021] Domain example.com '_acme-challenge.example.com' success.
[Tue Mar 16 07:08:16 UTC 2021] Checking www.example.com for _acme-challenge.www.example.com
[Tue Mar 16 07:08:17 UTC 2021] Domain www.example.com '_acme-challenge.www.example.com' success.
[Tue Mar 16 07:08:17 UTC 2021] All success, let's return
[Tue Mar 16 07:08:17 UTC 2021] Verifying: example.com
[Tue Mar 16 07:08:21 UTC 2021] Success
[Tue Mar 16 07:08:21 UTC 2021] Verifying: www.example.com
[Tue Mar 16 07:08:25 UTC 2021] Success
[Tue Mar 16 07:08:25 UTC 2021] Removing DNS records.
[Tue Mar 16 07:08:25 UTC 2021] Removing txt: eJ2UJrvi_lAMmY0D-BFrM4WNvDXkICUR0BSJ3EXyBtw for domain: _acme-challenge.example.com
[Tue Mar 16 07:08:27 UTC 2021] Removed: Success
[Tue Mar 16 07:08:27 UTC 2021] Removing txt: u_T1kks2iNU1E_1bAtE8zpz-e81uTISws8o_ZL8YE40 for domain: _acme-challenge.www.example.com
[Tue Mar 16 07:08:30 UTC 2021] Removed: Success
[Tue Mar 16 07:08:30 UTC 2021] Verify finished, start to sign.
[Tue Mar 16 07:08:30 UTC 2021] Lets finalize the order.
[Tue Mar 16 07:08:30 UTC 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/123456'
[Tue Mar 16 07:08:31 UTC 2021] Downloading cert.
[Tue Mar 16 07:08:31 UTC 2021] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/123456123456'
[Tue Mar 16 07:08:32 UTC 2021] Cert success.
-----BEGIN CERTIFICATE-----
你的證書檔案資訊。
-----END CERTIFICATE-----
[Tue Mar 16 07:08:32 UTC 2021] Your cert is in  /acme.sh/example.com/example.com.cer
[Tue Mar 16 07:08:32 UTC 2021] Your cert key is in  /acme.sh/example.com/example.com.key
[Tue Mar 16 07:08:32 UTC 2021] The intermediate CA cert is in  /acme.sh/example.com/ca.cer
[Tue Mar 16 07:08:32 UTC 2021] And the full chain certs is there:  /acme.sh/example.com/fullchain.cer

acme.sh 免費泛解析證書生成

環境準備

參數配置

具體使用

拉取鏡像

運作容器

生成證書

繼續閱讀

在Centos中将apache httpd 服務加入系統服務

CentOS 6.5 部署 Apache 伺服器(httpd)

【CentOS】httpd子產品 Job for httpd.service failed because the control process exited with error c項目場景：問題描述：原因分析：解決步驟：

(SpringBoot)日志種類：log、monitor、access、out、gc、backup

伺服器配置——Apache

apache httpd 配置

centOS7 配置 vsftpd 虛拟使用者及權限Vsftpd配置虛拟使用者及權限

linux-svn解除安裝與安裝

vsftp虛拟多使用者多權限一鍵部署腳本

Shell程式設計——sort排序、uniq忽略重複、tr替換壓縮删除、cut指定删除字段、正規表達式元字元sort 指令uniq 指令tr 指令cut 指令正規表達式

配置網頁内容通路

艱難安裝LDAP,SSL認證

Apache配置SSLApache配置SSL

Windows下配置Apache的SSL服務

CentOS 7,docker安裝

【Docker】端口映射問題操作步驟