日志
使用 acme.sh 给 Nginx 安装 Let’ s Encrypt 泛域名SSL 证书
|
[root@iZuf6isx5qw3uwgno0qgmcZ /]# curl https://get.acme.sh | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 705 0 705 0 0 233 0 --:--:-- 0:00:03 --:--:-- 233
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 190k 100 190k 0 0 320k 0 --:--:-- --:--:-- --:--:-- 320k
[Fri Dec 20 13:42:14 CST 2019] Installing from online archive.
[Fri Dec 20 13:42:14 CST 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Fri Dec 20 13:42:21 CST 2019] Extracting master.tar.gz
[Fri Dec 20 13:42:21 CST 2019] It is recommended to install socat first.
[Fri Dec 20 13:42:21 CST 2019] We use socat for standalone server if you use standalone mode.
[Fri Dec 20 13:42:21 CST 2019] If you don't use standalone mode, just ignore this warning.
[Fri Dec 20 13:42:21 CST 2019] Installing to /root/.acme.sh
[Fri Dec 20 13:42:22 CST 2019] Installed to /root/.acme.sh/acme.sh
[Fri Dec 20 13:42:22 CST 2019] Installing alias to '/root/.bashrc'
[Fri Dec 20 13:42:22 CST 2019] OK, Close and reopen your terminal to start using acme.sh
[Fri Dec 20 13:42:22 CST 2019] Installing alias to '/root/.cshrc'
[Fri Dec 20 13:42:22 CST 2019] Installing alias to '/root/.tcshrc'
[Fri Dec 20 13:42:22 CST 2019] Installing cron job
[Fri Dec 20 13:42:22 CST 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Fri Dec 20 13:42:22 CST 2019] OK
[Fri Dec 20 13:42:22 CST 2019] Install success!
[root@iZuf6isx5qw3uwgno0qgmcZ /]# acme.sh --issue -d vbxx.com.cn -d *.vbxx.com.cn -w /www/wwwroot/vbxx.com.cn
-bash: acme.sh: command not found
[root@iZuf6isx5qw3uwgno0qgmcZ /]# source ~/.bashrc
[root@iZuf6isx5qw3uwgno0qgmcZ /]# acme.sh --issue -d vbxx.com.cn -d *.vbxx.com.cn -w /www/wwwroot/vbxx.com.cn
[Fri Dec 20 13:44:25 CST 2019] Create account key ok.
[Fri Dec 20 13:44:25 CST 2019] Registering account
[Fri Dec 20 13:44:29 CST 2019] Registered
[Fri Dec 20 13:44:29 CST 2019] ACCOUNT_THUMBPRINT='K7ZGLRdzM_lVFFw-_li1yfxCSXfrIPvQ7gXD1XRLi6I'
[Fri Dec 20 13:44:29 CST 2019] Creating domain key
[Fri Dec 20 13:44:29 CST 2019] The domain key is here: /root/.acme.sh/vbxx.com.cn/vbxx.com.cn.key
[Fri Dec 20 13:44:29 CST 2019] Multi domain='DNS:vbxx.com.cn,DNS:*.vbxx.com.cn'
[Fri Dec 20 13:44:29 CST 2019] Getting domain auth token for each domain
[Fri Dec 20 13:44:34 CST 2019] Getting webroot for domain='vbxx.com.cn'
[Fri Dec 20 13:44:34 CST 2019] Getting webroot for domain='*.vbxx.com.cn'
[Fri Dec 20 13:44:34 CST 2019] Error, can not get domain token entry *.vbxx.com.cn
[Fri Dec 20 13:44:34 CST 2019] The supported validation types are: dns-01 , but you specified: http-01
[Fri Dec 20 13:44:34 CST 2019] Please add '--debug' or '--log' to check more details.
[Fri Dec 20 13:44:34 CST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[root@iZuf6isx5qw3uwgno0qgmcZ /]# export DP_Id="id值"
[root@iZuf6isx5qw3uwgno0qgmcZ /]# export DP_Key="id对应秘钥"
[root@iZuf6isx5qw3uwgno0qgmcZ /]# acme.sh --issue -d vbxx.com.cn -d *.vbxx.com.cn --dns dns_dp
[Fri Dec 20 13:46:07 CST 2019] Multi domain='DNS:vbxx.com.cn,DNS:*.vbxx.com.cn'
[Fri Dec 20 13:46:07 CST 2019] Getting domain auth token for each domain
[Fri Dec 20 13:46:11 CST 2019] Getting webroot for domain='vbxx.com.cn'
[Fri Dec 20 13:46:11 CST 2019] Getting webroot for domain='*.vbxx.com.cn'
[Fri Dec 20 13:46:12 CST 2019] Adding txt value: hG6mh9i66_hlWtkdgHDqh8daFib9XJzYTz-ZqWrvIGA for domain: _acme-challenge.vbxx.com.cn
[Fri Dec 20 13:46:12 CST 2019] Adding record
[Fri Dec 20 13:46:12 CST 2019] The txt record is added: Success.
[Fri Dec 20 13:46:12 CST 2019] Adding txt value: ZiNHfpMdxnYObsBOjiRr9AS8ab75vFkGklE5TBtKo2A for domain: _acme-challenge.vbxx.com.cn
[Fri Dec 20 13:46:13 CST 2019] Adding record
[Fri Dec 20 13:46:13 CST 2019] The txt record is added: Success.
[Fri Dec 20 13:46:13 CST 2019] Let's check each dns records now. Sleep 20 seconds first.
[Fri Dec 20 13:46:34 CST 2019] Checking vbxx.com.cn for _acme-challenge.vbxx.com.cn
[Fri Dec 20 13:46:40 CST 2019] Domain vbxx.com.cn '_acme-challenge.vbxx.com.cn' success.
[Fri Dec 20 13:46:40 CST 2019] Checking vbxx.com.cn for _acme-challenge.vbxx.com.cn
[Fri Dec 20 13:46:44 CST 2019] Domain vbxx.com.cn '_acme-challenge.vbxx.com.cn' success.
[Fri Dec 20 13:46:44 CST 2019] All success, let's return
[Fri Dec 20 13:46:44 CST 2019] Verifying: vbxx.com.cn
[Fri Dec 20 13:46:48 CST 2019] Success
[Fri Dec 20 13:46:48 CST 2019] Verifying: *.vbxx.com.cn
[Fri Dec 20 13:46:52 CST 2019] Pending
[Fri Dec 20 13:46:56 CST 2019] Success
[Fri Dec 20 13:46:56 CST 2019] Removing DNS records.
[Fri Dec 20 13:46:56 CST 2019] Removing txt: hG6mh9i66_hlWtkdgHDqh8daFib9XJzYTz-ZqWrvIGA for domain: _acme-challenge.vbxx.com.cn
[Fri Dec 20 13:46:57 CST 2019] Removed: Success
[Fri Dec 20 13:46:58 CST 2019] Removing txt: ZiNHfpMdxnYObsBOjiRr9AS8ab75vFkGklE5TBtKo2A for domain: _acme-challenge.vbxx.com.cn
[Fri Dec 20 13:46:59 CST 2019] Removed: Success
[Fri Dec 20 13:46:59 CST 2019] Verify finished, start to sign.
[Fri Dec 20 13:46:59 CST 2019] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/74176041/1801972625
[Fri Dec 20 13:47:01 CST 2019] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/03a5fdcc92df2e5a1c1e53bf8d759ba2a19a
[Fri Dec 20 13:47:03 CST 2019] Cert success.
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISA6X9zJLfLlocHlO/jXWboqGaMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMjAwNDQ3MDFaFw0y
MDAzMTkwNDQ3MDFaMBYxFDASBgNVBAMTC3ZieHguY29tLmNuMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUiB6UF0nI9uQ4Wi46BkmT0QhIqPYBYYxg+W
sI4w6QJM+a5EcjAwQSFX9CX8ARA64EQSmF5AHmZCZ1tDRcMClgSkcqya5vEwg7yP
KIkwg8lf+51lE3cHmYmmexWdnPfvp1mi3kV2fwC2Mp/9t+ZGlGgCD8pK6daUbITp
2rdHkZFAdZ+Q+opzDNW0XYOQuZQvGMtsZd4r+hLTmFMg3xqGH2HyysUUAwffikha
9u19issf9Bey3rtf3PnBaLYIwXTxPeh3lPJBigjlO4HzLIcyM3+91/v5B1QYUq/T
FydF3gUZ+qsRxFVnl2DG9w2N4PvSBByHJ13CllzHoqop9d6/xQIDAQABo4ICbzCC
AmswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTPqN89VMxleGA3a72cZcP7DTCzyTAf
BgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEw
LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcw
LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv
MCUGA1UdEQQeMByCDSoudmJ4eC5jb20uY26CC3ZieHguY29tLmNuMEwGA1UdIARF
MEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6
Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUA
Xqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFvIdhOIAAABAMARjBE
AiBoxFrApv6VAkRExBaMEbJe9nZGfFzQal/GTRYW0pHcEQIgSe1wGnOte8RriEwc
JeWxyjEO2L8kfnpRpP+3mHGZlDYAdwAHt1wb5X1o//Gwxh0jFce65ld8V5S3au68
YToaadOiHAAAAW8h2E4+AAAEAwBIMEYCIQDTmMR+kCqC7EGathjsd97+p3DGoC/W
NJccDZSrXUoabAIhAOZJ45BfyBo8vYA9fB15HjtqDJDodsHnk3YyZ5/Y9RYJMA0G
CSqGSIb3DQEBCwUAA4IBAQCOcn+gIy8vGJKg10UeEUjqUrj98civNcglX+vy4UPk
8pmckuaxqt3KKAth+4xuEqikccs8epBeReFyWkXqgt831Of3EkM6rYepa25nRx4E
fU0ITofa1WrO8LlgvA/2vuh0TkGmcd1BvOSROUyutRqyqiRsQ9S0vpLy2drdMCVe
Ik//NmR/JBeny0sPYrKNW2/PIuN4sNRtgy7NvpODIONHP7gB6dCehS0OBh333z7T
8UOcusBIvBNzk7rGsZWcNXthh+O/D1OS44jUtIRloFxg+ciTSbL9B1YToTBK5yMd
fSLxIuJxU1w5n+XgSiQTanISDHkULMNQvpOb+YE7sbkn
-----END CERTIFICATE-----
[Fri Dec 20 13:47:03 CST 2019] Your cert is in /root/.acme.sh/vbxx.com.cn/vbxx.com.cn.cer
[Fri Dec 20 13:47:03 CST 2019] Your cert key is in /root/.acme.sh/vbxx.com.cn/vbxx.com.cn.key
[Fri Dec 20 13:47:03 CST 2019] The intermediate CA cert is in /root/.acme.sh/vbxx.com.cn/ca.cer
[Fri Dec 20 13:47:03 CST 2019] And the full chain certs is there: /root/.acme.sh/vbxx.com.cn/fullchain.cer
参考文献:https://ruby-china.org/topics/31983
https://cloud.tencent.com/developer/article/1500063
