Let’s Encrypt免费泛域名证书申请

2019年6月5日

Let’s Encrypt免费泛域名证书安装步骤如下:

一、首先下载ACME.SH,以下四条命令任选一条即可,醒醒用的是第四条。

  1. curl https://get.acme.sh | sh
  2. wget -O - https://get.acme.sh | sh
  3. curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1 sh
  4. wget -O - https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1 sh

这里选择第四种方法

  1. wget -O -  https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1  sh

--2019-06-05 11:46:32--  https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.108.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.108.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 188066 (184K) [text/plain]
Saving to: ‘STDOUT’

-                                                           100%[========================================================================================================================================>] 183.66K  --.-KB/s    in 0.1s

2019-06-05 11:46:32 (1.67 MB/s) - written to stdout [188066/188066]

[Wed Jun  5 11:46:33 CST 2019] Installing from online archive.
[Wed Jun  5 11:46:33 CST 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Wed Jun  5 11:46:34 CST 2019] Extracting master.tar.gz
[Wed Jun  5 11:46:34 CST 2019] It is recommended to install socat first.
[Wed Jun  5 11:46:34 CST 2019] We use socat for standalone server if you use standalone mode.
[Wed Jun  5 11:46:34 CST 2019] If you don't use standalone mode, just ignore this warning.
[Wed Jun  5 11:46:34 CST 2019] Installing to /root/.acme.sh
[Wed Jun  5 11:46:34 CST 2019] Installed to /root/.acme.sh/acme.sh
[Wed Jun  5 11:46:34 CST 2019] Installing alias to '/root/.bashrc'
[Wed Jun  5 11:46:34 CST 2019] OK, Close and reopen your terminal to start using acme.sh
[Wed Jun  5 11:46:34 CST 2019] Installing cron job
no crontab for root
no crontab for root
[Wed Jun  5 11:46:34 CST 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Wed Jun  5 11:46:35 CST 2019] OK
[Wed Jun  5 11:46:35 CST 2019] Install success!

  1. cd /root/.acme.sh

生成 TXT 记录

  1. ./acme.sh  --issue -d  *.world-alive.win  --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

[Wed Jun  5 11:48:16 CST 2019] Create account key ok.
[Wed Jun  5 11:48:16 CST 2019] Registering account
[Wed Jun  5 11:48:18 CST 2019] Registered
[Wed Jun  5 11:48:18 CST 2019] ACCOUNT_THUMBPRINT='bA3LRvaapGJd_emkCspnkpvCz-FPAb1SNTNAikbclPE'
[Wed Jun  5 11:48:18 CST 2019] Creating domain key
[Wed Jun  5 11:48:18 CST 2019] The domain key is here: /root/.acme.sh/*.world-alive.win/*.world-alive.win.key
[Wed Jun  5 11:48:18 CST 2019] Multi domain='DNS:*.world-alive.win,DNS:world-alive.win'
[Wed Jun  5 11:48:18 CST 2019] Getting domain auth token for each domain
[Wed Jun  5 11:48:19 CST 2019] Getting webroot for domain='*.world-alive.win'
[Wed Jun  5 11:48:19 CST 2019] Getting webroot for domain='world-alive.win'
[Wed Jun  5 11:48:19 CST 2019] Add the following TXT record:
[Wed Jun  5 11:48:19 CST 2019] Domain: '_acme-challenge.world-alive.win'
[Wed Jun  5 11:48:19 CST 2019] TXT value: 'lS7Yf96IKzuyzgvh4CkangYC9BVmmU8VBPrN4VeAylw'
[Wed Jun  5 11:48:19 CST 2019] Please be aware that you prepend _acme-challenge. before your domain
[Wed Jun  5 11:48:19 CST 2019] so the resulting subdomain will be: _acme-challenge.world-alive.win
[Wed Jun  5 11:48:19 CST 2019] Add the following TXT record:
[Wed Jun  5 11:48:19 CST 2019] Domain: '_acme-challenge.world-alive.win'
[Wed Jun  5 11:48:19 CST 2019] TXT value: 'rl5YHaDw5BsxTD8liEwqx1G_mCyvwO-7pLdR_mGTOx8'
[Wed Jun  5 11:48:19 CST 2019] Please be aware that you prepend _acme-challenge. before your domain
[Wed Jun  5 11:48:19 CST 2019] so the resulting subdomain will be: _acme-challenge.world-alive.win
[Wed Jun  5 11:48:19 CST 2019] Please add the TXT records to the domains, and re-run with --renew.
[Wed Jun  5 11:48:19 CST 2019] Please add '--debug' or '--log' to check more details.
[Wed Jun  5 11:48:19 CST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

添加TXT 解析  稍等几分钟后 执行

  1.  ./acme.sh  --renew -d *.world-alive.win   --yes-I-know-dns-manual-mode-enough-go-ahead-please

     

     

     


[Wed Jun  5 13:39:05 CST 2019] Renew: '*.world-alive.win'
[Wed Jun  5 13:39:08 CST 2019] Single domain='*.world-alive.win'
[Wed Jun  5 13:39:08 CST 2019] Getting domain auth token for each domain
[Wed Jun  5 13:39:08 CST 2019] Verifying: *.world-alive.win
[Wed Jun  5 13:39:11 CST 2019] Success
[Wed Jun  5 13:39:11 CST 2019] Verify finished, start to sign.
[Wed Jun  5 13:39:11 CST 2019] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/58572411/511310071
[Wed Jun  5 13:39:13 CST 2019] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/03d2b6fd7d55af17fb9068cc65c3789e0388
[Wed Jun  5 13:39:18 CST 2019] Cert success.
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISA9K2/X1Vrxf7kGjMZcN4ngOIMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA2MDUwNDM5MTJaFw0x
OTA5MDMwNDM5MTJaMBwxGjAYBgNVBAMMESoud29ybGQtYWxpdmUud2luMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45gFX6Zq95ZwSPXAXXDi0Lg+yStf
0Tf5MuKZaXAZ3Yoj0z1gQBhDd1n2fWeVgiRdl67lWuFhcWuoscnE0w58c3YBpAAr
KQLiW2kYjxUyoWbIEgsKmyJoVm1lWemSF7zNy8vBtZPODppfQaZMs7Fjx/Yp5N6p
1S4x3rMJ7SAMpG173VRG8mrCnAMVBZdcgbRyBVW8u3x4L4H5IXDO+LX8P5CN/unO
10ri3aG6H1l0cgPYMoN5a2IuoM4gI6XxdltjbR60ylkTMQlWojQwuoeEx7jxG0Bu
AJwKFkIBDmbB8eSbRWlqrQ20hXrPBwRYouoi/gdRCelHxLkz4637+2kmZQIDAQAB
o4ICZjCCAmIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSuWwICe/8N2EhDPTTqaqIE
rRS1gDAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB
AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw
dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw
dC5vcmcvMBwGA1UdEQQVMBOCESoud29ybGQtYWxpdmUud2luMEwGA1UdIARFMEMw
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAdH7a
gzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFrJiX/4QAABAMARzBFAiBq
e7Q3F2SLgaApqDCE2R3utwJ4nRUXqYO6ePvZvg2MSgIhALo3tjk79C3ojA/+KzxT
IvyrF8Q5E+bxaVldE+LYFP3yAHYAY/Lbzeg7zCzPC3KEJ1drM6SNYXePvXWmOLHH
aFRL2I0AAAFrJiYAAAAABAMARzBFAiBRT5MWjuvwUSJsAtChWQREvvL1H3g3uvhX
NYVluXmiogIhAMBgkA/tx5712GBqaMNdmgtlNuBZzrXJEjLMzAYqcWhFMA0GCSqG
SIb3DQEBCwUAA4IBAQCPWg24ADx0y6avmKaly/yI+RX+V+f84NZbqAaQnjJat+R9
9SNAhz6U7zTlbV7r2IlQ3MpXHh/n3ZP3TeSHrBfFQ6RZ7k0HByLU0qQD8i/uI83k
ZxpnzuLddNWHyd/WpSc9tY0LLz6w339MSzBtUHEyEkTSMZsLl8ej3EKbCuvB2HLF
VLfBzpWEoe9UzYmka6oFaUzeNgpp4cJYQvfZK8medwKMm/ffZdIXuhio37IVLogg
MRlbkin246bWVXzM0tjnKuITvkohY+1MdzM+iX7ismbi5GP9r3k8Chfd9p9k9K5a
lBgH/S5f8hxBGMTi5JbsyVdYzYzaS/1LnsiKrR7x
-----END CERTIFICATE-----
[Wed Jun  5 13:39:18 CST 2019] Your cert is in  /root/.acme.sh/*.world-alive.win/*.world-alive.win.cer
[Wed Jun  5 13:39:18 CST 2019] Your cert key is in  /root/.acme.sh/*.world-alive.win/*.world-alive.win.key
[Wed Jun  5 13:39:18 CST 2019] The intermediate CA cert is in  /root/.acme.sh/*.world-alive.win/ca.cer
[Wed Jun  5 13:39:18 CST 2019] And the full chain certs is there:  /root/.acme.sh/*.world-alive.win/fullchain.cer
[Wed Jun  5 13:39:18 CST 2019] It seems that you are using dns manual mode. please take care: The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead.
[Wed Jun  5 13:39:18 CST 2019] Call hook error.

将会生成 对应域名的文件夹 

[root@debian .acme.sh]# ll
total 216
drwxr-xr-x 2 root root   4096 Jun  5 13:39 *.world-alive.win
-rw-r--r-- 1 root root    269 Jun  5 13:39 account.conf
-rwxr-xr-x 1 root root 188060 Jun  5 11:46 acme.sh
-rw-r--r-- 1 root root     78 Jun  5 11:46 acme.sh.env
drwxr-xr-x 3 root root   4096 Jun  5 11:48 ca
drwxr-xr-x 2 root root   4096 Jun  5 11:46 deploy
drwxr-xr-x 2 root root   4096 Jun  5 11:46 dnsapi
-rw-r--r-- 1 root root    463 Jun  5 13:39 http.header
drwxr-xr-x 2 root root   4096 Jun  5 11:46 notify

Nginx 配置如下

  1.         ssl_certificate /root/.acme.sh/*.world-alive.win/fullchain.cer;
  2.         ssl_certificate_key /root/.acme.sh/*.world-alive.win/*.world-alive.win.key;
  3.         ssl_protocols TLSv1.2;

参考:

https://www.xxorg.com/archives/4870

https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode

没有评论

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注