一,颁发证书
acme.sh --issue --dns -d api.caiqianhua.com --yes-I-know-dns-manual-mode-enough-go-ahead-please --keylength 2048返回如下
[Tue Nov 12 08:25:38 UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Nov 12 08:25:38 UTC 2024] Creating domain key
[Tue Nov 12 08:25:38 UTC 2024] The domain key is here: /root/.acme.sh/api.caiqianhua.com_ecc/api.caiqianhua.com.key
[Tue Nov 12 08:25:38 UTC 2024] Single domain='api.caiqianhua.com'
[Tue Nov 12 08:25:39 UTC 2024] Getting webroot for domain='api.caiqianhua.com'
[Tue Nov 12 08:25:39 UTC 2024] Add the following TXT record:
[Tue Nov 12 08:25:39 UTC 2024] Domain: '_acme-challenge.api.caiqianhua.com'
[Tue Nov 12 08:25:39 UTC 2024] TXT value: 'QTKu-NUQBYj6EGMvF0_OYA69rjIS6au4gyaCmxau0vA'
[Tue Nov 12 08:25:39 UTC 2024] Please make sure to prepend '_acme-challenge.' to your domain
[Tue Nov 12 08:25:39 UTC 2024] so that the resulting subdomain is: _acme-challenge.api.caiqianhua.com
[Tue Nov 12 08:25:39 UTC 2024] Please add the TXT records to the domains, and re-run with --renew.
[Tue Nov 12 08:25:39 UTC 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log验证域名
返回的代码中会看到如下
Domain: '_acme-challenge.api.caiqianhua.com'
TXT value: 'QTKu-NUQBYj6EGMvF0_OYA69rjIS6au4gyaCmxau0vA'这里就需要解析域名 注意选择记录类型为txt
下面是笔者在阿里云的域名解析
刷新
acme.sh --renew -d api.caiqianhua.com --yes-I-know-dns-manual-mode-enough-go-ahead-please --keylength 2048这里注意后缀是`–keylength 2048`
安装证书
首先创建文件夹,用来存放证书
mkdir -p ~/cert/api.caiqianhua.comacme.sh --install-cert -d api.caiqianhua.com --key-file ~/cert/api.caiqianhua.com/key.pem --fullchain-file ~/cert/api.caiqianhua.com/cert.pem --keylength 2048这样你就可以在~/cert/api.caiqianhua.com目录中看到你的证书了
发表回复
要发表评论,您必须先登录。