系统环境

标题 版本 备注
系统版本 ubuntu 22.04.3 LTS (Jammy Jellyfish) -
内核版本 5.15.0-91-generic #101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux -

Acme 简介

Acme 项目地址: https://github.com/acmesh-official/acme.sh

Acme 文档地址: https://github.com/acmesh-official/acme.sh/wiki/%E8%AF%B4%E6%98%8E

acme.sh 实现了 acme 协议, 可以从 letsencrypt 生成免费的证书.

Acme 安装

1.安装必要的依赖包

1
$ sudo apt install socat curl -y

2.执行命令 sudo sh -c 'curl https://get.acme.sh | sh' 安装 acme:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
$ sudo sh -c 'curl https://get.acme.sh | sh'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1032    0  1032    0     0   2181      0 --:--:-- --:--:-- --:--:--  2186
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  218k  100  218k    0     0   275k      0 --:--:-- --:--:-- --:--:--  275k
[Mon Apr 29 01:26:37 AM UTC 2024] Installing from online archive.
[Mon Apr 29 01:26:37 AM UTC 2024] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Mon Apr 29 01:26:38 AM UTC 2024] Extracting master.tar.gz
[Mon Apr 29 01:26:38 AM UTC 2024] Installing to /root/.acme.sh
[Mon Apr 29 01:26:38 AM UTC 2024] Installed to /root/.acme.sh/acme.sh
[Mon Apr 29 01:26:38 AM UTC 2024] Installing alias to '/root/.bashrc'
[Mon Apr 29 01:26:38 AM UTC 2024] OK, Close and reopen your terminal to start using acme.sh
[Mon Apr 29 01:26:38 AM UTC 2024] Installing cron job
no crontab for root
no crontab for root
[Mon Apr 29 01:26:38 AM UTC 2024] Good, bash is found, so change the shebang to use bash as preferred.
[Mon Apr 29 01:26:39 AM UTC 2024] OK
[Mon Apr 29 01:26:39 AM UTC 2024] Install success!

从上面的日志中我们可以看到, acme 被安装在了 root 根目录下!

Acme 使用

以下操作都以 root 用户执行

执行命令 sudo su - 切换到 root 用户下

1
$ sudo su -

注册账号

执行命令 ~/.acme.sh/acme.sh --register-account -m [email protected] ([email protected] 换成你自己的邮箱账号)注册账号:

1
2
3
4
5
6
root@Win10:~# ~/.acme.sh/acme.sh --register-account -m [email protected]
[Mon Apr 29 09:13:03 AM CST 2024] Create account key ok.
[Mon Apr 29 09:13:04 AM CST 2024] No EAB credentials found for ZeroSSL, let's get one
[Mon Apr 29 09:13:07 AM CST 2024] Registering account: https://acme.zerossl.com/v2/DV90
[Mon Apr 29 09:13:10 AM CST 2024] Registered
[Mon Apr 29 09:13:10 AM CST 2024] ACCOUNT_THUMBPRINT='-tT9z1_FIb9_yxyeLJC40pE0JvnSMZfsasdfawqm74'

在没有运行 web 服务的情况下申请证书

注意:域名一定要提前解析好,否则申请会失败

这种情况适用于服务器没有占用 80 端口。

直接运行命令 ~/.acme.sh/acme.sh --issue -d your-domain.com --standalone 

1
~/.acme.sh/acme.sh --issue -d your-domain.com --standalone

注意:如果你在申请过程中,出现了下面这种报错信息,则请检查你的域名是否有正确解析!或者根据提示在申请证书的命令后面加上 --debug--log 参数进行检查

1
2
3
4
5
6
7
8
[Mon Apr 29 09:13:49 AM CST 2024] Standalone mode server
[Mon Apr 29 09:13:53 AM CST 2024] Processing, The CA is processing your order, please just wait. (1/30)
[Mon Apr 29 09:13:57 AM CST 2024] Pending, The CA is processing your order, please just wait. (2/30)
... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...
[Mon Apr 29 09:16:12 AM CST 2024] Pending, The CA is processing your order, please just wait. (29/30)
[Mon Apr 29 09:16:17 AM CST 2024] acme.tufau.com:Timeout
[Mon Apr 29 09:16:17 AM CST 2024] Please add '--debug' or '--log' to check more details.
[Mon Apr 29 09:16:17 AM CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

在有运行 web 服务的情况下申请证书

这种适用于服务器已经安装了 web 服务的情况,即:如果你的服务器已经部署了网站环境。acme 会自动在网站的根目录下放置一个文件,通过访问该文件来验证域名的所有权。注意替换路径为你的网站根目录的绝对路径

1
~/.acme.sh/acme.sh --issue -d your-domain.com -d www.your-domain.com --webroot /home/wwwroot/your-domain.com/

更新证书

acme 会在证书到期时自动更新,无需任何操作

更新acme

手动更新

直接执行命令 ~/.acme.sh/acme.sh --upgrade

1
~/.acme.sh/acme.sh --upgrade

自动更新

直接执行命令 ~/.acme.sh/acme.sh --upgrade --auto-upgrade

1
~/.acme.sh/acme.sh --upgrade --auto-upgrade

参考文档

通过 ACME 脚本免费申请、自动更新 SSL 证书