参考 github 官方操作 ,acme操作说明
说下我的操作
- 安装 acme.sh
curl https://get.acme.sh | sh
source ~/.bashrc
2.注册
acme.sh --register-account -m 123@qq.com
如果你在配置 acme.sh 时选择了其他 CA(如 Let’s Encrypt),你可以通过以下命令切换 CA:
下面命令二选一,我的服务器不支持第一种,所以直接用第二条命令执行,切换CA
~/. --set-default-ca letsencrypt
acme.sh --set-default-ca --server letsencrypt
3.使用 HTTP 验证
这里也给两条命令,我用第一个执行下来有问题,所以我直接用第二个命令
acme.sh --issue -d boss-dream.com -d www.boss.com --webroot /home/wwwroot/www.boss.com
acme.sh --issue -d boss-dream.com -d www.boss.com --webroot /home/wwwroot/www.boss.com --debug
4、执行完第三步,可能会报错,以下是错误的截图,错误的最后一部分:
Apache doesn't exist.
nginx:
nginx version: nginx/1.20.1
built by gcc 11.4.1 20231218 (Red Hat 11.4.1-3) (GCC)
built with OpenSSL 3.2.2 4 Jun 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-compat --with-debug --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-cc-opt='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-E'
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.1 on Apr 15 2024 00:00:00running on Linux version #1 SMP PREEMPT_DYNAMIC Thu Jul 11 13:03:28 UTC 2024, release 5.14.0-479.el9.x86_64, machine x86_64
features:#define WITH_STDIO 1#define WITH_FDNUM 1#define WITH_FILE 1#define WITH_CREAT 1#define WITH_GOPEN 1#define WITH_TERMIOS 1#define WITH_PIPE 1#define WITH_UNIX 1#define WITH_ABSTRACT_UNIXSOCKET 1#define WITH_IP4 1#define WITH_IP6 1#define WITH_RAWIP 1#define WITH_GENERICSOCKET 1#define WITH_INTERFACE 1#define WITH_TCP 1#define WITH_UDP 1#define WITH_SCTP 1#define WITH_LISTEN 1#define WITH_SOCKS4 1#define WITH_SOCKS4A 1#define WITH_VSOCK 1#define WITH_PROXY 1#define WITH_SYSTEM 1#define WITH_EXEC 1#define WITH_READLINE 1#define WITH_TUN 1#define WITH_PTY 1#define WITH_OPENSSL 1#undef WITH_FIPS#undef WITH_LIBWRAP#define WITH_SYCLS 1#define WITH_FILAN 1#define WITH_RETRY 1#define WITH_MSGLEVEL 0 /*debug*/
[root@ser615713358278 .acme.sh]# cd /home/wwwroot/
遇到这个错误后,需要在nginx配置里面加一个路由验签操作
location /.well-known/acme-challenge/ {root /home/wwwroot/www.boss.com;}# 注意需要放在location / 之前location / {root /usr/share/nginx/html;index index.html index.htm;try_files $uri $uri/ =404;}
然后重新执行这个命令
acme.sh --issue -d boss-dream.com -d www.boss.com --webroot /home/wwwroot/www.boss.com --debug
看到success 就ok了
续签命令
acme.sh --renew -d www.test.com --force