项目主页:https://github.com/Neilpang/acme.sh
acme.sh是一个纯 unix shell 兼容的 脚本, 实现了 acme 协议, 可以从 letsencrypt 自动生成并更新 ssl 证书.可以通过多种方式验证域名所有者,支持众多dns api。
安装直接看README.md
https://github.com/Neilpang/acme.sh#1-how-to-install

1
curl https://get.acme.sh | sh

输出如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[email protected]:~# curl https://get.acme.sh | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 705 100 705 0 0 675 0 0:00:01 0:00:01 --:--:-- 675
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 164k 100 164k 0 0 2157k 0 --:--:-- --:--:-- --:--:-- 2188k
[Tue Apr 24 16:08:44 CEST 2018] Installing from online archive.
[Tue Apr 24 16:08:44 CEST 2018] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Tue Apr 24 16:08:45 CEST 2018] Extracting master.tar.gz
[Tue Apr 24 16:08:45 CEST 2018] It is recommended to install socat first.
[Tue Apr 24 16:08:45 CEST 2018] We use socat for standalone server if you use standalone mode.
[Tue Apr 24 16:08:45 CEST 2018] If you don't use standalone mode, just ignore this warning.
[Tue Apr 24 16:08:45 CEST 2018] Installing to /root/.acme.sh
[Tue Apr 24 16:08:45 CEST 2018] Installed to /root/.acme.sh/acme.sh
[Tue Apr 24 16:08:45 CEST 2018] Installing alias to '/root/.bashrc'
[Tue Apr 24 16:08:45 CEST 2018] OK, Close and reopen your terminal to start using acme.sh
[Tue Apr 24 16:08:45 CEST 2018] Installing cron job
no crontab for root
no crontab for root
[Tue Apr 24 16:08:45 CEST 2018] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Apr 24 16:08:45 CEST 2018] OK
[Tue Apr 24 16:08:45 CEST 2018] Install success!

有个warning:建议安装socat

1
apt install socat

我是用的cloudflare,cf的 API key申请

申请好了后
临时导入到环境变量

1
2
3
export CF_Key="*******************"
export CF_Email="********@****.com"
acme.sh --issue -d 0w0.trade -d *.0w0.trade --dns dns_cf

其中有个需要等待120秒验证记录的过程

申请好了后,证书文件会在/root/.acme.sh/0w0.trade/

nginx使用证书

1
2
3
4
5
6
7
8
9
10
server{
listen 443;
server_name 0w0.trade;
ssl on;
ssl_certificate /root/.acme.sh/0w0.trade/fullchain.cer;
ssl_certificate_key /root/.acme.sh/0w0.trade/0w0.trade.key;
root /var/www/html/;
index index.html index.htm;

}

刚刚发现,还有对群晖的设置,非常贴心了
https://github.com/Neilpang/acme.sh/wiki/Synology-NAS-Guide

更多的教程请查看
https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials