全自动。可申请3个月有效的泛域名证书。

DNS自动验证

这种方法可以全自动获取证书,无需将域名指向本机。

1. 获取Cloudflare Token和账户ID

创建令牌.png
选择模板.png
设置令牌参数.png

账户ID是登陆Cloudflare后,网址后面那串字符。https://dash.cloudflare.com/xxxxxxxxxxxxxxxxxx
将Token和ID设置到系统的环境变量。

export CF_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Account_ID="xxxxxxxxxxxxx"

2. 运行命令

root@ion:~# acme.sh --issue -d fly2x.cn -d *.fly2x.cn -d fly2x.com -d *.fly2x.com --dns dns_cf
[Mon 06 Mar 2023 09:44:39 AM CST] Using CA: https://acme.zerossl.com/v2/DV90
[Mon 06 Mar 2023 09:44:39 AM CST] Multi domain='DNS:fly2x.cn,DNS:*.fly2x.cn,DNS:fly2x.com,DNS:*.fly2x.com'
[Mon 06 Mar 2023 09:44:39 AM CST] Getting domain auth token for each domain
[Mon 06 Mar 2023 09:44:45 AM CST] Getting webroot for domain='fly2x.cn'
[Mon 06 Mar 2023 09:44:45 AM CST] Getting webroot for domain='*.fly2x.cn'
[Mon 06 Mar 2023 09:44:45 AM CST] Getting webroot for domain='fly2x.com'
[Mon 06 Mar 2023 09:44:45 AM CST] Getting webroot for domain='*.fly2x.com'
[Mon 06 Mar 2023 09:44:45 AM CST] Adding txt value: o7OkTjfKzPvAwP_7fTiBcJTlmMS4bSbK3EgggJZIZ1Y for domain:  _acme-challenge.fly2x.cn
[Mon 06 Mar 2023 09:44:46 AM CST] Adding record
[Mon 06 Mar 2023 09:44:46 AM CST] Added, OK
[Mon 06 Mar 2023 09:44:46 AM CST] The txt record is added: Success.
[Mon 06 Mar 2023 09:44:47 AM CST] Adding txt value: YTx6mc2viR7yCjVDoSjKOJvMcsz1KtuQmhvym-xuzUo for domain:  _acme-challenge.fly2x.cn
[Mon 06 Mar 2023 09:44:47 AM CST] Adding record
[Mon 06 Mar 2023 09:44:47 AM CST] Added, OK
[Mon 06 Mar 2023 09:44:47 AM CST] The txt record is added: Success.
[Mon 06 Mar 2023 09:44:47 AM CST] Adding txt value: Ri398ZgX9FB_gXIBeiomEbap65CKRIOlU1ZoV1Ac950 for domain:  _acme-challenge.fly2x.com
[Mon 06 Mar 2023 09:44:48 AM CST] Adding record
[Mon 06 Mar 2023 09:44:48 AM CST] Added, OK
[Mon 06 Mar 2023 09:44:48 AM CST] The txt record is added: Success.
[Mon 06 Mar 2023 09:44:48 AM CST] Adding txt value: RZhPMx5K6bRCfNfTfJnmhlh5f8CZziGRPRbb39lsH5A for domain:  _acme-challenge.fly2x.com
[Mon 06 Mar 2023 09:44:49 AM CST] Adding record
[Mon 06 Mar 2023 09:44:49 AM CST] Added, OK
[Mon 06 Mar 2023 09:44:49 AM CST] The txt record is added: Success.
[Mon 06 Mar 2023 09:44:49 AM CST] Let's check each DNS record now. Sleep 20 seconds first.
[Mon 06 Mar 2023 09:45:10 AM CST] You can use '--dnssleep' to disable public dns checks.
[Mon 06 Mar 2023 09:45:10 AM CST] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Mon 06 Mar 2023 09:45:10 AM CST] Checking fly2x.cn for _acme-challenge.fly2x.cn
[Mon 06 Mar 2023 09:45:11 AM CST] Domain fly2x.cn '_acme-challenge.fly2x.cn' success.
[Mon 06 Mar 2023 09:45:11 AM CST] Checking fly2x.cn for _acme-challenge.fly2x.cn
[Mon 06 Mar 2023 09:45:11 AM CST] Domain fly2x.cn '_acme-challenge.fly2x.cn' success.
[Mon 06 Mar 2023 09:45:11 AM CST] Checking fly2x.com for _acme-challenge.fly2x.com
[Mon 06 Mar 2023 09:45:11 AM CST] Domain fly2x.com '_acme-challenge.fly2x.com' success.
[Mon 06 Mar 2023 09:45:11 AM CST] Checking fly2x.com for _acme-challenge.fly2x.com
[Mon 06 Mar 2023 09:45:11 AM CST] Domain fly2x.com '_acme-challenge.fly2x.com' success.
[Mon 06 Mar 2023 09:45:11 AM CST] All success, let's return
[Mon 06 Mar 2023 09:45:11 AM CST] Verifying: fly2x.cn
[Mon 06 Mar 2023 09:45:12 AM CST] Processing, The CA is processing your order, please just wait. (1/30)
[Mon 06 Mar 2023 09:45:16 AM CST] Success
[Mon 06 Mar 2023 09:45:16 AM CST] Verifying: *.fly2x.cn
[Mon 06 Mar 2023 09:45:17 AM CST] Processing, The CA is processing your order, please just wait. (1/30)
[Mon 06 Mar 2023 09:45:20 AM CST] Success
[Mon 06 Mar 2023 09:45:20 AM CST] Verifying: fly2x.com
[Mon 06 Mar 2023 09:45:21 AM CST] Processing, The CA is processing your order, please just wait. (1/30)
[Mon 06 Mar 2023 09:45:25 AM CST] Success
[Mon 06 Mar 2023 09:45:25 AM CST] Verifying: *.fly2x.com
[Mon 06 Mar 2023 09:45:26 AM CST] Processing, The CA is processing your order, please just wait. (1/30)
[Mon 06 Mar 2023 09:45:30 AM CST] Success
[Mon 06 Mar 2023 09:45:30 AM CST] Removing DNS records.
[Mon 06 Mar 2023 09:45:30 AM CST] Removing txt: o7OkTjfKzPvAwP_7fTiBcJTlmMS4bSbK3EgggJZIZ1Y for domain: _acme-challenge.fly2x.cn
[Mon 06 Mar 2023 09:45:31 AM CST] Removed: Success
[Mon 06 Mar 2023 09:45:31 AM CST] Removing txt: YTx6mc2viR7yCjVDoSjKOJvMcsz1KtuQmhvym-xuzUo for domain: _acme-challenge.fly2x.cn
[Mon 06 Mar 2023 09:45:32 AM CST] Removed: Success
[Mon 06 Mar 2023 09:45:32 AM CST] Removing txt: Ri398ZgX9FB_gXIBeiomEbap65CKRIOlU1ZoV1Ac950 for domain: _acme-challenge.fly2x.com
[Mon 06 Mar 2023 09:45:33 AM CST] Removed: Success
[Mon 06 Mar 2023 09:45:33 AM CST] Removing txt: RZhPMx5K6bRCfNfTfJnmhlh5f8CZziGRPRbb39lsH5A for domain: _acme-challenge.fly2x.com
[Mon 06 Mar 2023 09:45:34 AM CST] Removed: Success
[Mon 06 Mar 2023 09:45:34 AM CST] Verify finished, start to sign.
[Mon 06 Mar 2023 09:45:34 AM CST] Lets finalize the order.
[Mon 06 Mar 2023 09:45:34 AM CST] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/IEQL_pQ6rI9v5a9ZrNeOOA/finalize'
[Mon 06 Mar 2023 09:45:35 AM CST] Order status is processing, lets sleep and retry.
[Mon 06 Mar 2023 09:45:35 AM CST] Retry after: 15
[Mon 06 Mar 2023 09:45:51 AM CST] Polling order status: https://acme.zerossl.com/v2/DV90/order/IEQL_pQ6rI9v5a9ZrNeOOA
[Mon 06 Mar 2023 09:45:52 AM CST] Downloading cert.
[Mon 06 Mar 2023 09:45:52 AM CST] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/vgOJK7ITJcADMcPtou1rOw'
[Mon 06 Mar 2023 09:45:53 AM CST] Cert success.
-----BEGIN CERTIFICATE-----
MIIEFDCCA5ugAwIBAgIRAOzrv8NOg47HjGNZFQVbqbEwCgYIKoZIzj0EAwMwSzEL
MAkGA1UEBhMCQVQxEDAOBgNVBAoTB1plcm9TU0wxKjAoBgNVBAMTIVplcm9TU0wg
RUNDIERvbWFpbiBTZWN1cmUgU2l0ZSBDQTAeFw0yMzAzMDYwMDAwMDBaFw0yMzA2
MDQyMzU5NTlaMBMxETAPBgNVBAMTCGZseTJ4LmNuMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAESS7Byx9vfz8Jp4PdUYJpuUW8zLqwcYzUHwYX3ZTHipvIBXXcSLvp
KwawH3TW3mqioaNM3QlGWOG0KGt15STwoaOCApYwggKSMB8GA1UdIwQYMBaAFA9r
5kvOOUeu9n6QHnnwMJGSyF+jMB0GA1UdDgQWBBSrmu/PWyHMssSEmeSHhBKmMjU1
8zAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICTjAlMCMGCCsG
AQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEwgYgGCCsG
AQUFBwEBBHwwejBLBggrBgEFBQcwAoY/aHR0cDovL3plcm9zc2wuY3J0LnNlY3Rp
Z28uY29tL1plcm9TU0xFQ0NEb21haW5TZWN1cmVTaXRlQ0EuY3J0MCsGCCsGAQUF
BzABhh9odHRwOi8vemVyb3NzbC5vY3NwLnNlY3RpZ28uY29tMIIBAgYKKwYBBAHW
eQIEAgSB8wSB8ADuAHUArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooA
AAGGtJh7DgAABAMARjBEAiBL+xalQfWQCuD0rTBzm9XjbXqFPJ5MLXs58f/FbPSK
JQIgLU1NVyV8f6HntbhkgJivgpMDqWliK2qrzAUYyZpUKnkAdQB6MoxU2LcttiDq
OOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYa0mHtrAAAEAwBGMEQCIFFR3PHssTB+
D/lcLW9fu1G2VMrYujrIoDm9vNIzG278AiAukbglwFE4pC/7sNFcm7MyWlI/KkK6
V1GjxuHMLzok0zA3BgNVHREEMDAugghmbHkyeC5jboIKKi5mbHkyeC5jboILKi5m
bHkyeC5jb22CCWZseTJ4LmNvbTAKBggqhkjOPQQDAwNnADBkAjBCJN0hj30li+dX
DDNEj5izEUQrv3dem8Zieijg4q6rUNitEZ+RQYWmZQOs23KhsvUCMF/WBGhwATtb
8PUqqS0mmo8POVy3/hviA0/52wkdm5SPzVHsjioT4r9kr9O8kcPWsg==
-----END CERTIFICATE-----
[Mon 06 Mar 2023 09:45:53 AM CST] Your cert is in: /root/.acme.sh/fly2x.cn_ecc/fly2x.cn.cer
[Mon 06 Mar 2023 09:45:53 AM CST] Your cert key is in: /root/.acme.sh/fly2x.cn_ecc/fly2x.cn.key
[Mon 06 Mar 2023 09:45:53 AM CST] The intermediate CA cert is in: /root/.acme.sh/fly2x.cn_ecc/ca.cer
[Mon 06 Mar 2023 09:45:53 AM CST] And the full chain certs is there: /root/.acme.sh/fly2x.cn_ecc/fullchain.cer

3. 安装证书

root@ion:/etc/ssl# /root/.acme.sh/acme.sh  --installcert  -d fly2x.cn -d *.fly2x.cn -d fly2x.com -d *.fly2x.com   --key-file   /etc/ssl/fly2x.key --fullchain-file /etc/ssl/fly2x.cer
[Mon 06 Mar 2023 10:10:25 AM CST] The domain 'fly2x.cn' seems to have a ECC cert already, lets use ecc cert.
[Mon 06 Mar 2023 10:10:25 AM CST] Installing key to: /etc/ssl/fly2x.key
[Mon 06 Mar 2023 10:10:25 AM CST] Installing full chain to: /etc/ssl/fly2x.cer

/etc/ssl/fly2x.cer/etc/ssl/fly2x.key 就可以拿来用了。

4. 续期

~/.acme.sh/acme.sh --renew --dns dns_cf -d fly2x.cn -d *.fly2x.cn -d fly2x.com -d *.fly2x.com

参考链接

https://51.ruyo.net/8077.html
https://github.com/acmesh-official/acme.sh/wiki/dnsapi
https://github.com/acmesh-official/acme.sh/issues/2398

文章目录