1:下载acme脚本:
wget -O - https://get.acme.sh | sh
[Fri Feb 2 00:12:43 CST 2024] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Fri Feb 2 00:12:45 CST 2024] Extracting master.tar.gz
[Fri Feb 2 00:12:45 CST 2024] It is recommended to install socat first.
[Fri Feb 2 00:12:45 CST 2024] We use socat for standalone server if you use standalone mode.
[Fri Feb 2 00:12:45 CST 2024] If you don't use standalone mode, just ignore this warning.
[Fri Feb 2 00:12:45 CST 2024] Installing to /root/.acme.sh
[Fri Feb 2 00:12:45 CST 2024] Installed to /root/.acme.sh/acme.sh
[Fri Feb 2 00:12:45 CST 2024] No profile is found, you will need to go into /root/.acme.sh to use acme.sh
[Fri Feb 2 00:12:45 CST 2024] Installing cron job
[Fri Feb 2 00:12:45 CST 2024] Good, bash is found, so change the shebang to use bash as preferred.
[Fri Feb 2 00:12:47 CST 2024] OK
[Fri Feb 2 00:12:47 CST 2024] Install success!
2:设置邮箱:
cd /root/.acme.sh/
vi ./account.conf
3:修改证书机构:
./acme.sh --set-default-ca --server letsencrypt
4:获取txt值
./acme.sh --issue -d 你的域名 -d *.你的域名 --dns dns_dp --yes-I-know-dns-manual-mode-enough-go-ahead-please
5:添加【2个】txt记录到域名
Add the following TXT record:
[Fri Feb 2 00:52:41 CST 2024] Domain: '_acme-challenge.你的域名'
[Fri Feb 2 00:52:41 CST 2024] TXT value: 'txt值'
[Fri Feb 2 00:52:41 CST 2024] Please be aware that you prepend _acme-challenge. before your domain
[Fri Feb 2 00:52:41 CST 2024] so the resulting subdomain will be: _acme-challenge.你的域名
[Fri Feb 2 00:52:41 CST 2024] Add the following TXT record:
[Fri Feb 2 00:52:41 CST 2024] Domain: '_acme-challenge.你的域名'
[Fri Feb 2 00:52:42 CST 2024] TXT value: 'txt值'
[Fri Feb 2 00:52:42 CST 2024] Please be aware that you prepend _acme-challenge. before your domain
[Fri Feb 2 00:52:42 CST 2024] so the resulting subdomain will be: _acme-challenge.你的域名
[Fri Feb 2 00:52:42 CST 2024] Please add the TXT records to the domains, and re-run with --renew.
[Fri Feb 2 00:52:42 CST 2024] Please check log file for more details: /etc/acme/log.log
6:申请证书:
./acme.sh --renew -d 你的域名 -d *.你的域名 --dns dns_dp --yes-I-know-dns-manual-mode-enough-go-ahead-please
7:修改证书位置:
./acme.sh --installcert -d 你的域名 --key-file "/etc/acme/ssl/key.key" --fullchain-file "/etc/acme/ssl/cer.cer"
8:应用,比如Caddyfile
:443 {
encode gzip
tls /etc/acme/ssl/cer.cer /etc/acme/ssl/key.key
respond "Blocked" 403
}