https://letsencrypt.org/zh-cn/getting-started/
https://letsencrypt.org/zh-cn/docs/client-options/
https://github.com/acmesh-official/get.acme.sh
https://gh.llkk.cc/https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh
======在windows 下获取 ssl
1. 安装 GIT , https://www.git-scm.com/download/win
2. 打开 git bash,执行如下命令,注意替换对应域名,apnode.win
mkdir /c/.acme.sh
cd /c/.acme.sh
git clone https://gitee.com/apnode/acme.sh.git
cd acme.sh
#
# 设置默认ca
# acme.sh --set-default-ca --server letsencrypt
./acme.sh --home /c/.acme.sh/home --register-account -m admin@apnode.win
# 执行正常注册
./acme.sh --home /c/.acme.sh/home --ecc --keylength ec-256 --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --issue -d 'apnode.win'
./acme.sh --home /c/.acme.sh/home --ecc --keylength ec-256 --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew -d 'apnode.win'
./acme.sh --home /c/.acme.sh/home --ecc --keylength ec-256 --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --issue -d 'apnode.win' -d '*.apnode.win'
./acme.sh --home /c/.acme.sh/home --ecc --keylength ec-256 --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew -d 'apnode.win' -d '*.apnode.win' --force
./acme.sh --home /c/.acme.sh/home --installcert --ecc --keylength ec-256 -d 'apnode.win' --fullchainpath /c/.acme.sh/install/apnode.win-full.crt --keypath /c/.acme.sh/install/apnode.win-full.key
Linux操作
alias acme.sh='/root/.acme.sh/acme.sh --home /root/.acme.sh '
# acme.sh --set-default-ca --server letsencrypt
# acme.sh --set-default-ca --server buypass
# acme.sh --set-default-ca --server google
# acme.sh --register-account --server zerossl -m admin@apnode.win
# acme.sh --register-account --server buypass -m admin@apnode.win
# acme.sh --register-account --server google -m admin@apnode.win
#
# 通配符证书
export Tencent_SecretId="XXXXXXXXXXXXXXXXX"
export Tencent_SecretKey="VVVVVVVVVVVVVVVVV"
acme.sh --issue --dns dns_tencent -d apnode.win -d *.apnode.win
# acme.sh --update-account
# 执行正常注册
acme.sh --ecc --keylength ec-256 --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --issue -d 'apnode.win'
acme.sh --ecc --keylength ec-256 --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew -d 'apnode.win'
acme.sh --ecc --keylength ec-256 --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --issue -d 'apnode.win' -d '*.apnode.win'
acme.sh --ecc --keylength ec-256 --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew -d 'apnode.win' -d '*.apnode.win' --force
acme.sh --installcert --ecc --keylength ec-256 -d 'apnode.win' --fullchainpath ./apnode.win-full.crt --keypath ./apnode.win-full.key
acme.sh --standalone --httpport 8888 --issue -d {domain}
acme.sh --installcert -d {domain} --fullchainpath /root/{domain}.crt --keypath /root/{domain}.key
acme.sh --issue -d {domain} -w /app/vhost/{domain}/webroot/
acme.sh --installcert -d {domain} --fullchainpath /app/vhost/{domain}.crt --keypath /app/vhost/{domain}.key
附录-设置默认使用的CA
参考文档:https://github.com/acmesh-official/acme.sh/wiki/Server
letsencrypt https://acme-v02.api.letsencrypt.org/directory
buypass https://api.buypass.com/acme/directory
zerossl https://acme.zerossl.com/v2/DV90
sslcom https://acme.ssl.com/sslcom-dv-rsa, https://acme.ssl.com/sslcom-dv-ecc
root@localhost:~# acme.sh --set-default-ca --server letsencrypt
===========
参考
https://www.cnblogs.com/network-ren/p/15849756.html