Last active
December 19, 2022 09:42
-
-
Save thesadabc/b86c721eddce5907842dc748b440da83 to your computer and use it in GitHub Desktop.
使用acme创建letsencrypt的免费https证书
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 1. 域名使用第三方服务解析, 总的来说,都差不多,值得注意的是--server参数,最好用的还是letsencrypt | |
# 最终证书路径为 out/xjp.in/fullchain.cer, 私钥为 out/xjp.in/xjp.in.key | |
# 国内访问不了letsencrypt需要加代理 | |
# aliyun 阿里云万网域名解析 | |
docker run --rm \ | |
-v "$(pwd)/out":/acme.sh \ | |
-e Ali_Key='xxxxxx' \ | |
-e Ali_Secret='yyyyyyyyy' \ | |
-e http_proxy=$http_proxy \ | |
-e https_proxy=$https_proxy \ | |
neilpang/acme.sh --issue --dns dns_ali -d xjp.in -d *.xjp.in --server letsencrypt | |
# godaddy | |
docker run --rm \ | |
-v "$(pwd)/out":/acme.sh \ | |
-e GD_Key='xxxxxx' \ | |
-e GD_Secret='yyyyyyyyy' \ | |
-e http_proxy=$http_proxy \ | |
-e https_proxy=$https_proxy \ | |
neilpang/acme.sh --issue --dns dns_gd -d xjp.in -d *.xjp.in --server letsencrypt | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 1. 域名使用自建DNS解析,使用nsupdate key认证, 指定域名解析服务 | |
cat > nsupdate.key << EOF | |
key "xjpinkey" { | |
algorithm hmac-sha256; | |
secret "xxxxxxxxxxxx"; | |
} | |
EOF | |
docker run --rm \ | |
-v "$(pwd)/out":/acme.sh \ | |
-v "$(pwd)/nsupdate.key":/tmp/nsupdate.key \ | |
-e NSUPDATE_SERVER="ns.xjp.in" \ | |
-e NSUPDATE_KEY="/tmp/nsupdate.key" \ | |
-e http_proxy=$http_proxy \ | |
-e https_proxy=$https_proxy \ | |
neilpang/acme.sh --issue --dns dns_nsupdate -d xjp.in -d *.xjp.in --server letsencrypt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 检测证书是否过期 | |
EXPIRE_DATETIME=$(openssl x509 -in "./out/xjp.in/fullchain.cer" -noout -dates | grep notAfter | awk -F '=' '{print $2}') | |
echo 证书将在$(date -d "$EXPIRE_DATETIME" +%Y-%m-%d)过期 | |
if [[ $(date -d "$EXPIRE_DATETIME" +%s) -lt $(date -d '+1 month' +%s) ]]; then | |
echo "证书将在一个月之内过期" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment