namesilo域名+香港服务器+acme.sh给网站生成免费ssl证书流程步骤
文章标题可以不看,哈哈,这个acme.sh申请证书跟它们虽然有关系,但是关系不大,只要你有就行,
废话不多说,我这有个新站想养养,解析完上线之后就想给搞个ssl证书,之前我也有写过类似的文章,
虽然步骤一样但是比较官方:
https://www.zongscan.com/demo333/89509.html
下面是我真实的项目操作,直接就把我用acme生成ssl的操作步骤记录之。
说明一下环境:
域名:namesilo
香港服务器
acme.shps:
这里多说一句,网站是hyperf框架做的,环境是docker,
不过宿主机做nginx代理,所以对ssl生成没影响。
上面都ok了,网站也部署好,80端口可以访问了,其他就不多说了
进入步骤
安装acme,我这里是香港服务器,所以直接curl,后面跟自己的邮箱
[email protected]:~# curl https://get.acme.sh | sh -s [email protected]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1032 0 1032 0 0 5212 0 --:--:-- --:--:-- --:--:-- 5238
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 216k 100 216k 0 0 1574k 0 --:--:-- --:--:-- --:--:-- 1581k
[Tue Mar 7 03:00:32 PM CST 2023] Installing from online archive.
[Tue Mar 7 03:00:32 PM CST 2023] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Tue Mar 7 03:00:33 PM CST 2023] Extracting master.tar.gz
[Tue Mar 7 03:00:33 PM CST 2023] It is recommended to install socat first.
[Tue Mar 7 03:00:33 PM CST 2023] We use socat for standalone server if you use standalone mode.
[Tue Mar 7 03:00:33 PM CST 2023] If you don't use standalone mode, just ignore this warning.
[Tue Mar 7 03:00:33 PM CST 2023] Installing to /root/.acme.sh
[Tue Mar 7 03:00:33 PM CST 2023] Installed to /root/.acme.sh/acme.sh
[Tue Mar 7 03:00:33 PM CST 2023] Installing alias to '/root/.bashrc'
[Tue Mar 7 03:00:33 PM CST 2023] OK, Close and reopen your terminal to start using acme.sh
[Tue Mar 7 03:00:33 PM CST 2023] Installing cron job
no crontab for root
no crontab for root
[Tue Mar 7 03:00:33 PM CST 2023] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Mar 7 03:00:34 PM CST 2023] OK
[Tue Mar 7 03:00:34 PM CST 2023] Install success!
[email protected]:~# ll
total 2304
drwx------ 11 root root 4096 Mar 7 15:00 ./
drwxr-xr-x 19 root root 4096 Mar 7 14:28 ../
drwx------ 5 root root 4096 Mar 7 15:00 .acme.sh/
-rw------- 1 root root 7739 Mar 6 18:12 .bash_history
-rw-r--r-- 1 root root 3137 Mar 7 15:00 .bashrc
drwx------ 4 root root 4096 Mar 2 14:13 .cache/
drwx------ 4 root root 4096 Mar 2 14:13 .config/
-rw------- 1 root root 20 Mar 7 11:18 .lesshst
drwxr-xr-x 7 root root 4096 Mar 28 2022 lnmp1.9/
-rw-r--r-- 1 root root 202681 Jan 20 09:07 lnmp1.9.tar.gz
-rw-r--r-- 1 root root 2069203 Mar 2 14:14 lnmp-install.log
drwxr-xr-x 3 root root 4096 Mar 2 14:13 .local/
-rw------- 1 root root 1381 Mar 6 13:39 .mysql_history
-rw-r--r-- 1 root root 187 Mar 2 14:12 .pearrc
drwxr-xr-x 2 root root 4096 Dec 28 17:57 .pip/
-rw-r--r-- 1 root root 161 Jul 9 2019 .profile
-rw-r--r-- 1 root root 206 Mar 1 17:34 .pydistutils.cfg
drwxr-xr-x 2 root root 4096 Dec 28 17:49 .rpmdb/
drwx------ 4 root root 4096 Mar 2 09:58 snap/
drwx------ 2 root root 4096 Mar 2 11:41 .ssh/
创建bash的alias
[email protected]:~# alias acme.sh=~/.acme.sh/acme.sh
我这里宿主机用nginx做代理,那就是用nginx方式
错误示范
[email protected]:~# acme.sh --issue -d www.hofq.top --nginx
[Tue Mar 7 03:18:01 PM CST 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Tue Mar 7 03:18:01 PM CST 2023] Create account key ok.
[Tue Mar 7 03:18:01 PM CST 2023] No EAB credentials found for ZeroSSL, let's get one
[Tue Mar 7 03:18:03 PM CST 2023] Registering account: https://acme.zerossl.com/v2/DV90
[Tue Mar 7 03:18:05 PM CST 2023] Registered
[Tue Mar 7 03:18:06 PM CST 2023] ACCOUNT_THUMBPRINT='Nynom-6Dolwi59qXenoI1ci2HkTcmMO44fWybJu_hNM'
[Tue Mar 7 03:18:06 PM CST 2023] Creating domain key
[Tue Mar 7 03:18:06 PM CST 2023] The domain key is here: /root/.acme.sh/www.hofq.top_ecc/www.hofq.top.key
[Tue Mar 7 03:18:06 PM CST 2023] Single domain='www.hofq.top'
[Tue Mar 7 03:18:06 PM CST 2023] Getting domain auth token for each domain
[Tue Mar 7 03:18:09 PM CST 2023] Getting webroot for domain='www.hofq.top'
[Tue Mar 7 03:18:09 PM CST 2023] Verifying: www.hofq.top
[Tue Mar 7 03:18:09 PM CST 2023] Nginx mode for domain:www.hofq.top
[Tue Mar 7 03:18:09 PM CST 2023] Can not find nginx conf.
[Tue Mar 7 03:18:09 PM CST 2023] Please add '--debug' or '--log' to check more details.
[Tue Mar 7 03:18:09 PM CST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.shps:
这样会提示nginx配置文件找不到
Can not find nginx conf.
正确方式,指定nginx配置文件绝对路径,生成ssl证书
[email protected]:~# acme.sh --issue -d www.hofq.top --nginx /usr/local/nginx/conf/vhost/hofq.conf
[Tue Mar 7 03:25:18 PM CST 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Tue Mar 7 03:25:19 PM CST 2023] Single domain='www.hofq.top'
[Tue Mar 7 03:25:19 PM CST 2023] Getting domain auth token for each domain
[Tue Mar 7 03:25:23 PM CST 2023] Getting webroot for domain='www.hofq.top'
[Tue Mar 7 03:25:23 PM CST 2023] Verifying: www.hofq.top
[Tue Mar 7 03:25:23 PM CST 2023] Nginx mode for domain:www.hofq.top
[Tue Mar 7 03:25:23 PM CST 2023] Found conf file: /usr/local/nginx/conf/vhost/hofq.conf
[Tue Mar 7 03:25:23 PM CST 2023] Backup /usr/local/nginx/conf/vhost/hofq.conf to /root/.acme.sh/www.hofq.top_ecc/backup/www.hofq.top.nginx.conf
[Tue Mar 7 03:25:23 PM CST 2023] Check the nginx conf before setting up.
[Tue Mar 7 03:25:23 PM CST 2023] OK, Set up nginx config file
[Tue Mar 7 03:25:23 PM CST 2023] nginx conf is done, let's check it again.
[Tue Mar 7 03:25:23 PM CST 2023] Reload nginx
[Tue Mar 7 03:25:28 PM CST 2023] Processing, The CA is processing your order, please just wait. (1/30)
[Tue Mar 7 03:25:32 PM CST 2023] Success
[Tue Mar 7 03:25:32 PM CST 2023] Restoring from /root/.acme.sh/www.hofq.top_ecc/backup/www.hofq.top.nginx.conf to /usr/local/nginx/conf/vhost/hofq.conf
[Tue Mar 7 03:25:32 PM CST 2023] Reload nginx
[Tue Mar 7 03:25:32 PM CST 2023] Verify finished, start to sign.
[Tue Mar 7 03:25:32 PM CST 2023] Lets finalize the order.
[Tue Mar 7 03:25:32 PM CST 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/KHnhZRVcpwfdc7L25GVIMQ/finalize'
[Tue Mar 7 03:25:34 PM CST 2023] Order status is processing, lets sleep and retry.
[Tue Mar 7 03:25:34 PM CST 2023] Retry after: 15
[Tue Mar 7 03:25:50 PM CST 2023] Polling order status: https://acme.zerossl.com/v2/DV90/order/KHnhZRVcpwfdc7L25GVIMQ
[Tue Mar 7 03:25:51 PM CST 2023] Downloading cert.
[Tue Mar 7 03:25:51 PM CST 2023] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/5_hS63jJg-1LKPKD1mOWvQ'
[Tue Mar 7 03:25:53 PM CST 2023] Cert success.
-----BEGIN CERTIFICATE-----
MIID+zCCA4GgAwIBAgIRAL55qDrr5rE5RElnxyvq7PkwCgYIKoZIzj0EAwMwSzEL
MAkGA1UEBhMCQVQxEDAOBgNVBAoTB1plcm9TU0wxKjAoBgNVBAMTIVplcm9TU0wg
RUNDIERvbWFpbiBTZWN1cmUgU2l0ZSBDQTAeFw0yMzAzMDcwMDAwMDBaFw0yMzA2
MDUyMzU5NTlaMBcxFTATBgNVBAMTDHd3dy5ob2ZxLnRvcDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABMpAkoNIWRUrMMVCZ1swOgYR5f2WhGu98knka+MdZNu90/Tt
HCiW1JfPB8BDNZkLfavG10E8EdcAsjp8dV7NccWjggJ4MIICdDAfBgNVHSMEGDAW
gBQPa+ZLzjlHrvZ+kB558DCRkshfozAdBgNVHQ4EFgQUvWcalrvftp6CWCTzrwc1
YfUFAE4wDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAk4wJTAj
BggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGI
BggrBgEFBQcBAQR8MHowSwYIKwYBBQUHMAKGP2h0dHA6Ly96ZXJvc3NsLmNydC5z
ZWN0aWdvLmNvbS9aZXJvU1NMRUNDRG9tYWluU2VjdXJlU2l0ZUNBLmNydDArBggr
BgEFBQcwAYYfaHR0cDovL3plcm9zc2wub2NzcC5zZWN0aWdvLmNvbTCCAQQGCisG
AQQB1nkCBAIEgfUEgfIA8AB2AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr
3IKKAAABhrr2FaMAAAQDAEcwRQIhAPAUK0Un0iFJRa8Dwf7tICOmcixCCW+Zp+0k
n8NC4DAFAiBN/ytKB6nS3fdIW0nzOmDE06hNaozMLLeDoKyv/wZmvwB2AHoyjFTY
ty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhrr2FgwAAAQDAEcwRQIgaP3K
22Otxo37sfXb3qrKfsHRuu6bz8G6+bi99s+mdG0CIQC4NfVTT4rxt08a+KvxegdF
uT0YGbh76r+oWA5Iquxq/DAXBgNVHREEEDAOggx3d3cuaG9mcS50b3AwCgYIKoZI
zj0EAwMDaAAwZQIwVlIzlsPh+AJcunWkZHXmb9a9e984uPX+DpiPRHRbrFNucszP
X6qhPa6SymBuC3QXAjEA71C0O1Naud84tQe5Gl6XW8r/E33dVvThmYe5Qn4obb3s
OU4dIyUEMJAdihIz6l49
-----END CERTIFICATE-----
[Tue Mar 7 03:25:53 PM CST 2023] Your cert is in: /root/.acme.sh/www.hofq.top_ecc/www.hofq.top.cer
[Tue Mar 7 03:25:53 PM CST 2023] Your cert key is in: /root/.acme.sh/www.hofq.top_ecc/www.hofq.top.key
[Tue Mar 7 03:25:53 PM CST 2023] The intermediate CA cert is in: /root/.acme.sh/www.hofq.top_ecc/ca.cer
[Tue Mar 7 03:25:53 PM CST 2023] And the full chain certs is there: /root/.acme.sh/www.hofq.top_ecc/fullchain.cer
看到以上信息:
Cert success.就生成成功了
把生成的证书cp到指定位置,就是你nginx配置文件上指向证书的位置
比如我这里是:
/usr/local/nginx/conf/cert
[email protected]:~# acme.sh --install-cert -d www.hofq.top \
> --key-file /usr/local/nginx/conf/cert/key.pem \
> --fullchain-file /usr/local/nginx/conf/cert/cert.pem \
> --reloadcmd "/usr/local/nginx/sbin/nginx -s reload"
[Tue Mar 7 03:29:28 PM CST 2023] The domain 'www.hofq.top' seems to have a ECC cert already, lets use ecc cert.
[Tue Mar 7 03:29:29 PM CST 2023] Installing key to: /usr/local/nginx/conf/cert/key.pem
[Tue Mar 7 03:29:29 PM CST 2023] Installing full chain to: /usr/local/nginx/conf/cert/cert.pem
[Tue Mar 7 03:29:29 PM CST 2023] Run reload cmd: /usr/local/nginx/sbin/nginx -s reload
[Tue Mar 7 03:29:29 PM CST 2023] Reload successps:
最后一个--reloadcmd就是字面意思重载nginx配置文件立即生效
在一次提示注意:
上面的命令注意把邮箱,域名改成自己的,别cc cv.
这样就ok了,访问一下看看效果
相关文章