acme

发表于 阅读次数: 本文字数: 1.2k 阅读时长 ≈ 1 分钟

官网

https://letsencrypt.org/zh-cn/getting-started/

certbot实现

安装

https://certbot.eff.org/instructions?ws=nginx&os=centosrhel7

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
yum install epel-release -y
yum install yum-plugin-copr -y
yum copr enable ngompa/snapcore-el7
yum -y install snapd
systemctl enable --now snapd.socket
# 关闭selinux
sudo setenforce 0
sudo snap install core; sudo snap refresh core
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
# 这一步服务器必须有nginx
# 这个命令会让你注册ACME
certbot --manual --preferred-challenges dns certonly -d <domain>
# 这里会让你解析txt记录
# 解析号后会生成秘钥文件
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/xxxxx.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/xxxxx.com/privkey.pem

acme.sh实现

https://blog.csdn.net/yedajiang44/article/details/121173526

1
2
3
4
5
6
7
8
9
curl  https://get.acme.sh | sh -s email=my@example.com
ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
export Ali_Key="xxx"
export Ali_Secret="xxx"
# 时间大概2分钟
acme.sh --issue --dns dns_ali -d xxx.xxx.com --debug
# 会生成一个crontab
[15:54:04 root@centos7 ~] #crontab -l
53 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

ingress cert manager实现

https://blog.csdn.net/weixin_47003048/article/details/123947855