openwrt手动acme.sh申请ssl证书

1：下载acme脚本：

wget -O -  https://get.acme.sh | sh

[Fri Feb  2 00:12:43 CST 2024] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Fri Feb  2 00:12:45 CST 2024] Extracting master.tar.gz
[Fri Feb  2 00:12:45 CST 2024] It is recommended to install socat first.
[Fri Feb  2 00:12:45 CST 2024] We use socat for standalone server if you use standalone mode.
[Fri Feb  2 00:12:45 CST 2024] If you don't use standalone mode, just ignore this warning.
[Fri Feb  2 00:12:45 CST 2024] Installing to /root/.acme.sh
[Fri Feb  2 00:12:45 CST 2024] Installed to /root/.acme.sh/acme.sh
[Fri Feb  2 00:12:45 CST 2024] No profile is found, you will need to go into /root/.acme.sh to use acme.sh
[Fri Feb  2 00:12:45 CST 2024] Installing cron job
[Fri Feb  2 00:12:45 CST 2024] Good, bash is found, so change the shebang to use bash as preferred.
[Fri Feb  2 00:12:47 CST 2024] OK
[Fri Feb  2 00:12:47 CST 2024] Install success!

2：设置邮箱：

cd /root/.acme.sh/
vi ./account.conf

3：修改证书机构：

./acme.sh --set-default-ca --server letsencrypt

4：获取txt值

./acme.sh  --issue  -d 你的域名 -d *.你的域名 --dns dns_dp --yes-I-know-dns-manual-mode-enough-go-ahead-please

5：添加【2个】txt记录到域名

Add the following TXT record:
[Fri Feb  2 00:52:41 CST 2024] Domain: '_acme-challenge.你的域名'
[Fri Feb  2 00:52:41 CST 2024] TXT value: 'txt值'
[Fri Feb  2 00:52:41 CST 2024] Please be aware that you prepend _acme-challenge. before your domain
[Fri Feb  2 00:52:41 CST 2024] so the resulting subdomain will be: _acme-challenge.你的域名
[Fri Feb  2 00:52:41 CST 2024] Add the following TXT record:
[Fri Feb  2 00:52:41 CST 2024] Domain: '_acme-challenge.你的域名'
[Fri Feb  2 00:52:42 CST 2024] TXT value: 'txt值'
[Fri Feb  2 00:52:42 CST 2024] Please be aware that you prepend _acme-challenge. before your domain
[Fri Feb  2 00:52:42 CST 2024] so the resulting subdomain will be: _acme-challenge.你的域名
[Fri Feb  2 00:52:42 CST 2024] Please add the TXT records to the domains, and re-run with --renew.
[Fri Feb  2 00:52:42 CST 2024] Please check log file for more details: /etc/acme/log.log

6：申请证书：

./acme.sh  --renew  -d 你的域名 -d *.你的域名 --dns dns_dp --yes-I-know-dns-manual-mode-enough-go-ahead-please

7：修改证书位置：

./acme.sh --installcert -d 你的域名 --key-file  "/etc/acme/ssl/key.key"  --fullchain-file "/etc/acme/ssl/cer.cer"

8:应用，比如Caddyfile

:443 {
    encode gzip
    tls /etc/acme/ssl/cer.cer /etc/acme/ssl/key.key
     respond "Blocked" 403
  }