A, install,

Refer to the acme.sh documentation

$ curl  https://get.acme.sh | sh
Copy the code

The above method cannot be downloaded in Ali cloud server, so use the following method:

$ curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1  sh
Copy the code

Use the source ~/.bashrc command to put alias into effect, or again

$ alias acme.sh=~/.acme.sh/acme.sh
Copy the code

Add DNSAPI key

I use ali Cloud domain name, so DIRECTLY add ali Cloud DNSAPI, log in Ali Cloud console-avatar-AccessKeys, or directly open the link after login, add and obtain AccessKeyID and AccessKeySecret, existing old can also be directly used.

For other types, refer to the DNSAPI documentation

3. Generate a certificate

The DNS of Aliyun is used, so the following DNS parameter is dns_ali. For example, we apply for the pan-domain certificate of zqyu.com

$export Ali_Key="[AccessKeyID]" "$export Ali_Secret="[AccessKeySecret]" $acme.sh --issue -- DNS dns_ali  -d zqyu.com -d *.zqyu.comCopy the code

If the download fails, you can print more information with the –debug argument, for example

$ acme.sh --issue --dns dns_ali -d zqyu.com-d *.zqyu.com --debug
Copy the code

After the certificate is downloaded and saved, all files used by acme.sh are stored in ~/.acme.sh/, and all downloaded certificates are also stored here.

Iv. Install certificates

The official documentation does not recommend using files in this directory directly. Therefore, run commands to install the generated certificate in another directory.

Nginx use certificate, for example, use the following command copies certificate to/etc/letsencrypt/zqyu.com/nginx directory

$ acme.sh --install-cert -d zqyu.com \
--key-file       /etc/letsencrypt/zqyu.com/nginx/key.pem  \
--fullchain-file /etc/letsencrypt/zqyu.com/nginx/cert.pem
Copy the code

Use certificates in Nginx

ssl_certificate /etc/letsencrypt/zqyu.com/nginx/cert.pem; ssl_certificate_key /etc/letsencrypt/zqyu.com/nginx/key.pem;

Reload the nginx configuration

$ nginx -s reload
Copy the code

5. Certificate renewal

Acme. sh is installed with a scheduled task that automatically updates the certificate

57 0 * * * “~/.acme.sh”/acme.sh –cron –home “~/.acme.sh” > /dev/null

So the certificate is automatically updated, above dnsapi account information to the ~ /. Acme. Sh/the conf file, install directory to save to the ~ /. Acme.sh/zqyu.com/zqyu.com.conf, automatic updates will read these information.

After updating the certificate, you need to reload the nginx configuration

$ nginx -s reload
Copy the code

You can also add commands to scheduled tasks

57 0 * * * “~/.acme.sh”/acme.sh –cron –home “~/.acme.sh” > /dev/null && nginx -s reload

Vi.acme.shupdate

Manual update

$ acme.sh --upgrade
Copy the code

Setting automatic updates

acme.sh --upgrade --auto-upgrade
Copy the code

Canceling automatic updates

acme.sh --upgrade --auto-upgrade 0
Copy the code

Seven,acme.shuninstall

  1. Delete folders~/.acme.sh
  2. usecrontab -eExample Delete a scheduled task
  3. To delete an aliasunalias acme.sh
  4. delete~/.bashrcIn the. "/root/.acme.sh/acme.sh.env"