{"id":292,"date":"2026-01-26T03:04:52","date_gmt":"2026-01-26T03:04:52","guid":{"rendered":"https:\/\/blog.gpst.net.cn:4008\/?p=292"},"modified":"2026-01-28T06:24:14","modified_gmt":"2026-01-28T06:24:14","slug":"%e4%bd%bf%e7%94%a8acme-sh%e5%85%8d%e8%b4%b9%e7%94%b3%e8%af%b7%e8%af%81%e4%b9%a6","status":"publish","type":"post","link":"https:\/\/opshub.com.cn\/?p=292","title":{"rendered":"\u4f7f\u7528acme.sh\u514d\u8d39\u7533\u8bf7\u8bc1\u4e66"},"content":{"rendered":"\n

\u56fd\u5185\u670d\u52a1\u5668\uff1a<\/p>\n\n\n\n

git clone https:\/\/gitee.com\/neilpang\/acme.sh.git\ncd acme.sh\n.\/acme.sh --install -m my@example.com<\/code><\/pre>\n\n\n\n
\u6d77\u5916\u670d\u52a1\u5668\uff1a<\/p>\n\n\n\n
wget https:\/\/raw.githubusercontent.com\/acmesh-official\/acme.sh\/master\/acme.sh\n.\/acme.sh --install -m my@example.com<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u81ea\u52a8\u4e3a\u4f60\u521b\u5efa cronjob, \u6bcf\u5929 0:00 \u70b9\u81ea\u52a8\u68c0\u6d4b\u6240\u6709\u7684\u8bc1\u4e66, \u5982\u679c\u5feb\u8fc7\u671f\u4e86, \u9700\u8981\u66f4\u65b0, \u5219\u4f1a\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66,\u5b89\u88c5\u8fc7\u7a0b\u4e0d\u4f1a\u6c61\u67d3\u5df2\u6709\u7684\u7cfb\u7edf\u4efb\u4f55\u529f\u80fd\u548c\u6587\u4ef6<\/strong>, \u6240\u6709\u7684\u4fee\u6539\u90fd\u9650\u5236\u5728\u5b89\u88c5\u76ee\u5f55\u4e2d: ~\/.acme.sh\/<\/p>\n\n\n\n
\u751f\u6210\u8bc1\u4e66:<\/p>\n\n\n\n
Tips\uff1aacme\u6307\u5b9aCA\u673a\u6784\uff1a\/root\/.acme.sh\/acme.sh –set-default-ca –server letsencrypt<\/p>\n\n\n\n
https:\/\/github.com\/acmesh-official\/acme.sh\/wiki\/Server<\/a><\/p>\n\n\n\n
acme.sh<\/strong>\u5b9e\u73b0\u4e86acme<\/strong>\u534f\u8bae\u652f\u6301\u7684\u6240\u6709\u9a8c\u8bc1\u534f\u8bae.<\/p>\n\n\n\n
\u4e00\u822c\u6709\u4e24\u79cd\u65b9\u5f0f\u9a8c\u8bc1: http \u548c dns \u9a8c\u8bc1.<\/p>\n\n\n\n
\u5982\u679c\u4f60\u7528\u7684nginx<\/strong>\u670d\u52a1\u5668, \u6216\u8005\u53cd\u4ee3,acme.sh<\/strong>\u8fd8\u53ef\u4ee5\u667a\u80fd\u7684\u4ecenginx<\/strong>\u7684\u914d\u7f6e\u4e2d\u81ea\u52a8\u5b8c\u6210\u9a8c\u8bc1, \u4f60\u4e0d\u9700\u8981\u6307\u5b9a\u7f51\u7ad9\u6839\u76ee\u5f55:<\/p>\n\n\n\n
apt-get install nginx<\/code><\/pre>\n\n\n\n
\/etc\/nginx\/sites-enabled\/default:<\/p>\n\n\n\n
Tips\uff1aserver_name\u8981\u8bbe\u7f6e\u4e3a\u8ddf\/root\/.acme.sh\/acme.sh –issue -d <domain_name>\u4e00\u6837\u7684\u57df\u540d\uff0c\u5982\u679c\u4e0d\u4e00\u6837\u7684\u8bdd\uff0c\u914d\u7f6e\u6587\u4ef6\u8bc6\u522b\u4e0d\u4e86<\/p>\n\n\n\n
server {\n        listen 80 default_server;\n        listen [::]:80 default_server;\n        root \/var\/www\/html;\n        index index.html index.htm index.nginx-debian.html;\n        server_name eset.update.apollo-sun.online;\n        location \/ {\n                try_files $uri $uri\/ =404;\n        }\n}<\/code><\/pre>\n\n\n\n
Tips\uff1a\u89e3\u6790\u57df\u540deset.update.apollo-sun.online\u5230\u672c\u670d\u52a1\u5668IP\u4e0a\uff0c\u5982\u679c\u4e0d\u89e3\u6790\u7684\u8bdd\uff0c\uff08The CA is processing your order\uff09\u9a8c\u8bc1\u4e0d\u4e86<\/p>\n\n\n\n
\/root\/.acme.sh\/acme.sh --issue -d eset.update.apollo-sun.online --nginx \/etc\/nginx\/sites-enabled\/default<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Tips\uff1a\u4ee5\u4e0a\u65b9\u5f0f\u7684\u597d\u5904\u662f\u53ef\u4ee5\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66\uff1a<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u624b\u52a8DNS\u65b9\u5f0f\uff1a<\/p>\n\n\n\n
Tips\uff1a\u624b\u52a8\u5728\u57df\u540d\u4e0a\u6dfb\u52a0\u4e00\u6761 txt \u89e3\u6790\u8bb0\u5f55, \u9a8c\u8bc1\u57df\u540d\u6240\u6709\u6743.<\/p>\n\n\n\n
\u8fd9\u79cd\u65b9\u5f0f\u7684\u597d\u5904\u662f, \u4f60\u4e0d\u9700\u8981\u4efb\u4f55\u670d\u52a1\u5668, \u4e0d\u9700\u8981\u4efb\u4f55\u516c\u7f51 ip, \u53ea\u9700\u8981 dns \u7684\u89e3\u6790\u8bb0\u5f55\u5373\u53ef\u5b8c\u6210\u9a8c\u8bc1.<\/p>\n\n\n\n
\u574f\u5904\u662f\uff0c\u5982\u679c\u4e0d\u540c\u65f6\u914d\u7f6e Automatic DNS API\uff0c\u4f7f\u7528\u8fd9\u79cd\u65b9\u5f0f acme.sh \u5c06\u65e0\u6cd5\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66\uff0c\u6bcf\u6b21\u90fd\u9700\u8981\u624b\u52a8\u518d\u6b21\u91cd\u65b0\u89e3\u6790\u9a8c\u8bc1\u57df\u540d\u6240\u6709\u6743\u3002<\/p>\n\n\n\n
acme.sh –issue –dns -dmydomain<\/a>.<\/a>com<\/a> –yes-I-know-dns-manual-mode-enough-go-ahead-please<\/p>\n\n\n\n
\u7136\u540e,acme.sh<\/strong>\u4f1a\u751f\u6210\u76f8\u5e94\u7684\u89e3\u6790\u8bb0\u5f55\u663e\u793a\u51fa\u6765, \u4f60\u53ea\u9700\u8981\u5728\u4f60\u7684\u57df\u540d\u7ba1\u7406\u9762\u677f\u4e2d\u6dfb\u52a0\u8fd9\u6761 txt \u8bb0\u5f55\u5373\u53ef.<\/p>\n\n\n\n
\u7b49\u5f85\u89e3\u6790\u5b8c\u6210\u4e4b\u540e, \u91cd\u65b0\u751f\u6210\u8bc1\u4e66:<\/p>\n\n\n\n
acme.sh –renew -dmydomain<\/a>.<\/a>com<\/a> –yes-I-know-dns-manual-mode-enough-go-ahead-please <\/p>\n\n\n\n
dns \u65b9\u5f0f\u7684\u771f\u6b63\u5f3a\u5927\u4e4b\u5904\u5728\u4e8e\u53ef\u4ee5\u4f7f\u7528\u57df\u540d\u89e3\u6790\u5546\u63d0\u4f9b\u7684 api \u81ea\u52a8\u6dfb\u52a0 txt \u8bb0\u5f55\u5b8c\u6210\u9a8c\u8bc1.<\/p>\n\n\n\n
https:\/\/github.com\/acmesh-official\/acme.sh\/wiki\/dnsapi<\/a><\/p>\n\n\n\n
acme.sh<\/strong>\u76ee\u524d\u652f\u6301 cloudflare, dnspod, cloudxns, godaddy \u4ee5\u53ca ovh \u7b49\u6570\u5341\u79cd\u89e3\u6790\u5546\u7684\u81ea\u52a8\u96c6\u6210.\u4ee5 dnspod \u4e3a\u4f8b, \u4f60\u9700\u8981\u5148\u767b\u5f55\u5230 dnspod \u8d26\u53f7, \u751f\u6210\u4f60\u7684 api id \u548c api key, \u90fd\u662f\u514d\u8d39\u7684.<\/p>\n\n\n\n
export DP_Id=\"1234\"\n\n\n\n\nexport DP_Key=\"sADDsdasdgdsf\"\n\n\n\n\nacme.sh   --issue   --dns dns_dp   -d aa.com  -d www.aa.com<\/code><\/pre>\n\n\n\n
\u8bc1\u4e66\u5c31\u4f1a\u81ea\u52a8\u751f\u6210\u4e86. \u8fd9\u91cc\u7ed9\u51fa\u7684 api id \u548c api key \u4f1a\u88ab\u81ea\u52a8\u8bb0\u5f55\u4e0b\u6765, \u5c06\u6765\u4f60\u5728\u4f7f\u7528 dnspod api \u7684\u65f6\u5019, \u5c31\u4e0d\u9700\u8981\u518d\u6b21\u6307\u5b9a\u4e86.<\/p>\n\n\n\n
\u76f4\u63a5\u751f\u6210\u5c31\u597d\u4e86:<\/p>\n\n\n\n
acme.sh --issue -d mydomain2.com --dns dns_dp<\/code><\/pre>\n\n\n\n
Use Aliyun domain API to automatically issue cert<\/h2>\n\n\n\n
First you need to login to your Aliyun account to get your RAM API key.https:\/\/ram.console.aliyun.com\/users<\/a><\/p>\n\n\n\n
export Ali_Key=\"<key>\"\nexport Ali_Secret=\"<secret>\"<\/code><\/pre>\n\n\n\n
Ok, let’s issue a cert now:<\/p>\n\n\n\n
.\/acme.sh --issue --dns dns_ali -d www.example.com<\/code><\/pre>\n\n\n\n
The Ali_Key and Ali_Secret will be saved in ~\/.acme.sh\/account.conf and will be reused when needed.<\/p>\n\n\n\n
\u6587\u4ef6\u540d<\/td>\u5185\u5bb9<\/td><\/tr>
cert.pem<\/td>\u670d\u52a1\u7aef\u8bc1\u4e66<\/td><\/tr>
chain.pem<\/td>\u6d4f\u89c8\u5668\u9700\u8981\u7684\u6240\u6709\u8bc1\u4e66\u4f46\u4e0d\u5305\u62ec\u670d\u52a1\u7aef\u8bc1\u4e66\uff0c\u6bd4\u5982\u6839\u8bc1\u4e66\u548c\u4e2d\u95f4\u8bc1\u4e66<\/td><\/tr>
fullchain.pem<\/td>\u5305\u62ec\u4e86cert.pem\u548cchain.pem\u7684\u5185\u5bb9<\/td><\/tr>
privkey.pem<\/td>\u8bc1\u4e66\u7684\u79c1\u94a5<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\u4f7f\u7528alidns\u7684api\u7533\u8bf7SSL\u8bc1\u4e66\uff1a<\/p>\n\n\n\n
#!\/bin\/bash\nexport Ali_Key=\"\"\nexport Ali_Secret=\"\"\nDomain=\"iftop.top\"\nHost=$1\n.\/acme.sh --issue --force --dns dns_ali -d \"$Host.$Domain\"<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
\u56fd\u5185\u670d\u52a1\u5668\uff1a \u6d77\u5916\u670d\u52a1\u5668\uff1a \u81ea\u52a8\u4e3a\u4f60\u521b\u5efa cronjob, \u6bcf\u5929 0:00 \u70b9\u81ea\u52a8\u68c0\u6d4b\u6240\u6709\u7684\u8bc1\u4e66, \u5982\u679c\u5feb\u8fc7\u671f\u4e86, \u9700\u8981\u66f4\u65b0, \u5219\u4f1a\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66,\u5b89\u88c5\u8fc7\u7a0b\u4e0d\u4f1a\u6c61\u67d3\u5df2\u6709\u7684\u7cfb\u7edf\u4efb\u4f55\u529f\u80fd\u548c\u6587\u4ef6, \u6240\u6709\u7684\u4fee\u6539\u90fd\u9650\u5236\u5728\u5b89\u88c5\u76ee\u5f55\u4e2d: ~\/.acme.sh\/ \u751f\u6210\u8bc1\u4e66: Tips\uff1aacme\u6307\u5b9aCA\u673a\u6784\uff1a\/root\/.acme.sh\/acme.sh –set-default-ca –server letsencrypt https:\/\/github.com\/acmesh-official\/acme.sh\/wiki\/Server acme.sh\u5b9e\u73b0\u4e86acme\u534f\u8bae\u652f\u6301\u7684\u6240\u6709\u9a8c\u8bc1\u534f\u8bae. \u4e00\u822c\u6709\u4e24\u79cd\u65b9\u5f0f\u9a8c\u8bc1: http \u548c dns \u9a8c\u8bc1. \u5982\u679c\u4f60\u7528\u7684nginx\u670d\u52a1\u5668, \u6216\u8005\u53cd\u4ee3,acme.sh\u8fd8\u53ef\u4ee5\u667a\u80fd\u7684\u4ecenginx\u7684\u914d\u7f6e\u4e2d\u81ea\u52a8\u5b8c\u6210\u9a8c\u8bc1, \u4f60\u4e0d\u9700\u8981\u6307\u5b9a\u7f51\u7ad9\u6839\u76ee\u5f55: \/etc\/nginx\/sites-enabled\/default: Tips\uff1aserver_name\u8981\u8bbe\u7f6e\u4e3a\u8ddf\/root\/.acme.sh\/acme.sh –issue -d <domain_name>\u4e00\u6837\u7684\u57df\u540d\uff0c\u5982\u679c\u4e0d\u4e00\u6837\u7684\u8bdd\uff0c\u914d\u7f6e\u6587\u4ef6\u8bc6\u522b\u4e0d\u4e86 Tips\uff1a\u89e3\u6790\u57df\u540deset.update.apollo-sun.online\u5230\u672c\u670d\u52a1\u5668IP\u4e0a\uff0c\u5982\u679c\u4e0d\u89e3\u6790\u7684\u8bdd\uff0c\uff08The CA is processing your order\uff09\u9a8c\u8bc1\u4e0d\u4e86 Tips\uff1a\u4ee5\u4e0a\u65b9\u5f0f\u7684\u597d\u5904\u662f\u53ef\u4ee5\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66\uff1a \u624b\u52a8DNS\u65b9\u5f0f\uff1a Tips\uff1a\u624b\u52a8\u5728\u57df\u540d\u4e0a\u6dfb\u52a0\u4e00\u6761 txt \u89e3\u6790\u8bb0\u5f55, \u9a8c\u8bc1\u57df\u540d\u6240\u6709\u6743. \u8fd9\u79cd\u65b9\u5f0f\u7684\u597d\u5904\u662f, \u4f60\u4e0d\u9700\u8981\u4efb\u4f55\u670d\u52a1\u5668, \u4e0d\u9700\u8981\u4efb\u4f55\u516c\u7f51 ip, \u53ea\u9700\u8981 dns \u7684\u89e3\u6790\u8bb0\u5f55\u5373\u53ef\u5b8c\u6210\u9a8c\u8bc1. \u574f\u5904\u662f\uff0c\u5982\u679c\u4e0d\u540c\u65f6\u914d\u7f6e Automatic DNS API\uff0c\u4f7f\u7528\u8fd9\u79cd\u65b9\u5f0f […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-292","post","type-post","status-publish","format-standard","hentry","category-9"],"_links":{"self":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=292"}],"version-history":[{"count":3,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/292\/revisions"}],"predecessor-version":[{"id":629,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/292\/revisions\/629"}],"wp:attachment":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}