{"id":101,"date":"2022-11-29T20:02:57","date_gmt":"2022-11-29T12:02:57","guid":{"rendered":"https:\/\/www.yyaan.top\/?p=101"},"modified":"2022-11-29T20:03:01","modified_gmt":"2022-11-29T12:03:01","slug":"acme-sh%e7%ad%be%e5%8f%91zerossl%e8%af%81%e4%b9%a6%e5%b9%b6%e8%87%aa%e5%8a%a8%e7%bb%ad%e7%ad%be","status":"publish","type":"post","link":"https:\/\/www.yyaan.com\/?p=101","title":{"rendered":"acme.sh\u7b7e\u53d1ZeroSSL\u8bc1\u4e66\u5e76\u81ea\u52a8\u7eed\u7b7e"},"content":{"rendered":"\n<p><a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/github.com\/acmesh-official\/acme.sh\"><br>acme.sh<\/a>\u662f\u4e00\u4e2a\u57fa\u4e8eShell\u811a\u672c\u7f16\u5199\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u7528\u4e8e\u83b7\u53d6SSL\/TLS\u8bc1\u4e66\uff0c\u53ef\u4ee5\u5b9e\u73b0\u81ea\u52a8\u7533\u8bf7\u3001\u7eed\u7b7e\u3001\u5b89\u88c5\u8bc1\u4e66\uff0c\u8ba9\u7f51\u7ad9\u5b9e\u73b0https\u8bbf\u95ee\u3002<\/p>\n\n\n\n<p><strong>acme.sh\u7684\u547d\u4ee4\u683c\u5f0f\uff1a<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>acme.sh \u547d\u4ee4 ... &#91;\u53c2\u6570] ...<\/code><\/pre>\n\n\n\n<p>\u4e3b\u8981\u547d\u4ee4<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--help<\/code>&nbsp;\u6216&nbsp;<code>-h<\/code>&nbsp;\uff1a\u663e\u793a\u5e2e\u52a9\u4fe1\u606f<\/li>\n\n\n\n<li><code>--version<\/code>&nbsp;\u6216&nbsp;<code>-v<\/code>&nbsp;\uff1a\u663e\u793a\u7248\u672c\u4fe1\u606f<\/li>\n\n\n\n<li><code>--upgrade<\/code>&nbsp;\uff1a\u68c0\u67e5\u66f4\u65b0<\/li>\n\n\n\n<li><code>--list<\/code>&nbsp;\uff1a\u5217\u51fa\u8bc1\u4e66<\/li>\n\n\n\n<li><code>--issue<\/code>&nbsp;\uff1a\u7533\u8bf7\u8bc1\u4e66<\/li>\n\n\n\n<li><code>--renew<\/code>&nbsp;\u6216&nbsp;<code>-r<\/code>&nbsp;\uff1a\u66f4\u65b0\u8bc1\u4e66<\/li>\n\n\n\n<li><code>--revoke<\/code>&nbsp;\uff1a\u540a\u9500\u8bc1\u4e66<\/li>\n\n\n\n<li><code>--remove<\/code>&nbsp;\uff1a\u5220\u9664\u8bc1\u4e66<\/li>\n\n\n\n<li><code>--install-cert<\/code>&nbsp;\uff1a\u5b89\u88c5\u8bc1\u4e66<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>acme.sh\u7684\u9ad8\u7ea7\u529f\u80fd\u8f83\u591a\uff0c\u5b83\u4eec\u7684\u5177\u4f53\u4f7f\u7528\u53ef\u7528\u67e5\u9605<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/acmesh-official\/acme.sh\/wiki\">\u5b98\u65b9Wiki<\/a>\u548c<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/acmesh-official\/acme.sh\/wiki\/Options-and-Params\">\u53c2\u6570\u8bf4\u660e<\/a><\/p>\n\n\n\n<p>\u4f46\u662f\u5b83\u7684\u4f7f\u7528\u975e\u5e38\u7b80\u5355\uff0c\u4e3b\u8981\u5206\u4e3a&nbsp;<code>\u5b89\u88c5\u811a\u672c<\/code>\u3001<code>\u7533\u8bf7\u8bc1\u4e66<\/code>\u3001<code>\u5b89\u88c5\u8bc1\u4e66<\/code>&nbsp;\u4e09\u90e8\u5206\u3002<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"\u5b89\u88c5acme-sh\">\u5b89\u88c5acme.sh<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#%E5%AE%89%E8%A3%85acme-sh\"><\/a><\/h2>\n\n\n\n<p>\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u81ea\u52a8\u5b89\u88c5<\/p>\n\n\n\n<p>\u4f7f\u7528 curl \u6216 wget \u65b9\u5f0f\u83b7\u53d6\uff0c\u7cfb\u7edf\u9700\u8981\u5b89\u88c5\u8f6f\u4ef6<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl https:\/\/get.acme.sh | sh<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -O - https:\/\/get.acme.sh | sh<\/code><\/pre>\n\n\n\n<p>\u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u91cd\u542f\u7a97\u53e3\u8ba9&nbsp;<code>acme.sh<\/code>&nbsp;\u6307\u5411&nbsp;<code>~\/.acme.sh\/acme.sh<\/code>&nbsp;\uff0c\u6b64\u540e\u5c31\u53ef\u76f4\u63a5\u4f7f\u7528&nbsp;<code>acme.sh<\/code>&nbsp;\u547d\u4ee4<\/p>\n\n\n\n<p>\u63a5\u7740\u91cd\u65b0\u52a0\u8f7d Bash<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>source ~\/.bashrc<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>acme.sh\u7684\u5b89\u88c5\u4e0d\u9700\u8981root\u6743\u9650\uff0c\u5b89\u88c5\u8fc7\u7a0b\u4e0d\u4f1a\u6c61\u67d3\u5df2\u6709\u7684\u7cfb\u7edf\u4efb\u4f55\u529f\u80fd\u548c\u6587\u4ef6\uff0c\u6240\u6709\u7684\u4fee\u6539\u90fd\u88ab\u9650\u5236\u5728&nbsp;<code>~\/.acme.sh\/<\/code>&nbsp;\u4e2d<\/p>\n<\/blockquote>\n\n\n\n<p>\u5982\u679c\u4f60\u60f3\u5728\u5b89\u88c5\u7684\u65f6\u5019\u6307\u5b9a\u5404\u79cd\u53c2\u6570\uff0c\u4e5f\u53ef\u4ee5\u514b\u9686GitHub\u4ed3\u5e93\u624b\u52a8\u5b89\u88c5\uff0c\u66f4\u591a\u8be6\u7ec6\u53c2\u6570\u53ef\u53c2\u8003<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/acmesh-official\/acme.sh\/wiki\/How-to-install#4-advanced-installation\">\u5b98\u65b9\u8bf4\u660e<\/a><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>shell&gt; git clone https:\/\/github.com\/acmesh-official\/acme.sh.git\n# \u5982\u679c\u56fd\u5185\u901f\u5ea6\u8fde\u63a5\u5931\u8d25\u6216\u8005\u901f\u5ea6\u592a\u6162\uff0c\u53ef\u6362\u7528\u5982\u4e0b\u547d\u4ee4\n# shell&gt; git clone https:\/\/hub.fastgit.org\/acmesh-official\/acme.sh.git\nshell&gt; cd .\/acme.sh\nshell&gt; .\/acme.sh --install \\\n  --home \u00b7\u00b7\u00b7 \\\n  --config-home \u00b7\u00b7\u00b7 \\\n  --cert-home  \u00b7\u00b7\u00b7 \\\n  --accountemail  \u00b7\u00b7\u00b7 \\\n  \u00b7\u00b7\u00b7<\/code><\/pre>\n\n\n\n<p>\u8f93\u5165&nbsp;<code>acme.sh --help<\/code>&nbsp;\u5373\u53ef\u67e5\u770b acme.sh \u7684\u5e2e\u52a9\u547d\u4ee4<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>root@sb-blog ~ <em># acme.sh --help\n<\/em><em><\/em>https:\/\/github.com\/Neilpang\/acme.sh\nv2.7.8\nUsage: acme.sh  command ...&#91;parameters]....\nCommands:\n  --help, -h               Show this help message.\n  --version, -v            Show version info.\n  --install                Install acme.sh to your system.\n  --uninstall              Uninstall acme.sh, and uninstall the cron job.\n  --upgrade                Upgrade acme.sh to the latest code from https:\/\/github.com\/Neilpang\/acme.sh.\n  --issue                  Issue a cert.\n  --signcsr                Issue a cert from an existing csr.\n  --deploy                 Deploy the cert to your server.\n  --install-cert           Install the issued cert to apache\/nginx or any other server.\n  --renew, -r              Renew a cert.\n  --renew-all              Renew all the certs.\n  --revoke                 Revoke a cert.\n  --remove                 Remove the cert from list of certs known to acme.sh.\n  --list                   List all the certs.\n  --showcsr                Show the content of a csr.\n  --install-cronjob        Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.\n  --uninstall-cronjob      Uninstall the cron job. The 'uninstall' command can do this automatically.\n  --cron                   Run cron job to renew all the certs.\n  --toPkcs                 Export the certificate and key to a pfx file.\n  --toPkcs8                Convert to pkcs8 format.\n  --update-account         Update account info.\n  --register-account       Register account key.\n  --deactivate-account     Deactivate the account.\n  --create-account-key     Create an account private key, professional use.\n  --create-domain-key      Create an domain private key, professional use.\n  --createCSR, -ccsr       Create CSR , professional use.\n  --deactivate             Deactivate the domain authz, professional use.\n\nParameters:\n  --domain, -d   domain.tld         Specifies a domain, used to issue, renew or revoke etc.\n  --challenge-alias domain.tld      The challenge domain alias for DNS alias mode: https:\/\/github.com\/Neilpang\/acme.sh\/wiki\/DNS-alias-mode\n  --domain-alias domain.tld         The domain alias for DNS alias mode: https:\/\/github.com\/Neilpang\/acme.sh\/wiki\/DNS-alias-mode\n  --force, -f                       Used to force to install or force to renew a cert immediately.\n  --staging, --test                 Use staging server, just for test.\n  --debug                           Output debug info.\n  --output-insecure                 Output all the sensitive messages. By default all the credentials\/sensitive messages are hidden from the output\/debug\/log for secure.\n  --webroot, -w  \/path\/to\/webroot   Specifies the web root folder for web root mode.\n  --standalone                      Use standalone mode.\n  --stateless                       Use stateless mode, see: https:\/\/github.com\/Neilpang\/acme.sh\/wiki\/Stateless-Mode\n  --apache                          Use apache mode.\n  --dns &#91;dns_cf|dns_dp|dns_cx|\/path\/to\/api\/file]   Use dns mode or dns api.\n  --dnssleep  &#91;120]                  The time in seconds to wait for all the txt records to take effect in dns api mode. Default 120 seconds.\n\n  --keylength, -k &#91;2048]            Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.\n  --accountkeylength, -ak &#91;2048]    Specifies the account key length.\n  --log    &#91;\/path\/to\/logfile]       Specifies the log file. The default is: \"\/root\/.acme.sh\/acme.sh.log\" if you don't give a file path here.\n  --log-level 1|2                   Specifies the log level, default is 1.\n  --syslog &#91;0|3|6|7]                Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.\n\n  These parameters are to install the cert to nginx\/apache or anyother server after issue\/renew a cert:\n\n  --cert-file                       After issue\/renew, the cert will be copied to this path.\n  --key-file                        After issue\/renew, the key will be copied to this path.\n  --ca-file                         After issue\/renew, the intermediate cert will be copied to this path.\n  --fullchain-file                  After issue\/renew, the fullchain cert will be copied to this path.\n\n  --reloadcmd \"service nginx reload\" After issue\/renew, it's used to reload the server.\n\n  --server SERVER                   ACME Directory Resource URI. (default: https:\/\/acme-v01.api.letsencrypt.org\/directory)\n  --accountconf                     Specifies a customized account config file.\n  --home                            Specifies the home dir for acme.sh .\n  --cert-home                       Specifies the home dir to save all the certs, only valid for '--install' command.\n  --config-home                     Specifies the home dir to save all the configurations.\n  --useragent                       Specifies the user agent string. it will be saved for future use too.\n  --accountemail                    Specifies the account email, only valid for the '--install' and '--update-account' command.\n  --accountkey                      Specifies the account key path, only valid for the '--install' command.\n  --days                            Specifies the days to renew the cert when using '--issue' command. The max value is 60 days.\n  --httpport                        Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.\n  --local-address                   Specifies the standalone\/tls server listening address, in case you have multiple ip addresses.\n  --listraw                         Only used for '--list' command, list the certs in raw format.\n  --stopRenewOnError, -se           Only valid for '--renew-all' command. Stop if one cert has error in renewal.\n  --insecure                        Do not check the server certificate, in some devices, the api server's certificate may not be trusted.\n  --ca-bundle                       Specifies the path to the CA certificate bundle to verify api server's certificate.\n  --ca-path                         Specifies directory containing CA certificates in PEM format, used by wget or curl.\n  --nocron                          Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.\n  --no-color                        Do not output color text.\n  --ecc                             Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'\n  --csr                             Specifies the input csr.\n  --pre-hook                        Command to be run before obtaining any certificates.\n  --post-hook                       Command to be run after attempting to obtain\/renew certificates. No matter the obtain\/renew is success or failed.\n  --renew-hook                      Command to be run once for each successfully renewed certificate.\n  --deploy-hook                     The hook file to deploy cert\n  --ocsp-must-staple, --ocsp        Generate ocsp must Staple extension.\n  --always-force-new-domain-key     Generate new domain key when renewal. Otherwise, the domain key is not changed by default.\n  --auto-upgrade   &#91;0|1]            Valid for '--upgrade' command, indicating whether to upgrade automatically in future.\n  --listen-v4                       Force standalone\/tls server to listen at ipv4.\n  --listen-v6                       Force standalone\/tls server to listen at ipv6.\n  --openssl-bin                     Specifies a custom openssl bin location.\n  --use-wget                        Force to use wget, if you have both curl and wget installed.<\/code><\/pre>\n\n\n\n<p>\u66f4\u65b0acme.sh<\/p>\n\n\n\n<p>acme\u53d8\u5f97\u633a\u5feb\u7684\uff0c\u66f4\u65b0\u5c31\u7528\u8fd9\u4e2a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>acme<\/strong>.sh <strong>--upgrade<\/strong>\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><em># \u81ea\u52a8\u66f4\u65b0<\/em>\nacme.sh  <em>--upgrade  --auto-upgrade<\/em>\n<em># \u5173\u95ed\u81ea\u52a8\u66f4\u65b0<\/em>\nacme.sh  <em>--upgrade  --auto-upgrade 0<\/em><\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"DNS-API\u6a21\u5f0f\">DNS API\u6a21\u5f0f<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#DNS-API%E6%A8%A1%E5%BC%8F\"><\/a><\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u8fd9\u4e2a\u6a21\u5f0f\u53ea\u9700\u8981\u4f60\u8f93\u5165\u57df\u540d\u670d\u52a1\u5546\u63d0\u4f9b\u7684&nbsp;<code>Key<\/code>\uff08\u6709\u7684\u8fd8\u9700\u8981&nbsp;<code>Secret<\/code>\uff09\uff0c\u5176\u4f59\u5de5\u4f5c\u7531acme.sh\u81ea\u52a8\u5b8c\u6210\uff08\u5305\u62ec\u7533\u8bf7\u3001\u7eed\u7b7e\u3001\u5b89\u88c5\u7b49\uff09<\/p>\n<\/blockquote>\n\n\n\n<p>\u5404\u5bb6\u5bf9\u57df\u540d\u7684&nbsp;<code>API Key<\/code>&nbsp;\u7684\u79f0\u547c\u4e0d\u5927\u76f8\u540c\uff0cacme.sh\u7684<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/acmesh-official\/acme.sh\/wiki\/dnsapi\">\u6587\u6863<\/a>\u4e2d\u7ed9\u51fa\u4e86\u5404\u670d\u52a1\u5546\u7684\u7533\u8bf7\u65b9\u5f0f\u3002<\/p>\n\n\n\n<p>\u4e00\u822c\u60c5\u51b5\u4e0b\uff0c\u4f60\u4f1a\u4ece\u57df\u540d\u670d\u52a1\u5546\u62ff\u5230\u8bbf\u95ee\u8bb8\u53ef\uff0c\u7136\u540e\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u5c06\u8bb8\u53ef\u4fe1\u606f\u5199\u5165\u4e34\u65f6\u73af\u5883\u53d8\u91cf\uff0c\u53ef\u7528env\u547d\u4ee4\u67e5\u770b\nshell&gt; export \u00b7\u00b7\u00b7=\u00b7\u00b7\u00b7\nshell&gt; export \u00b7\u00b7\u00b7=\u00b7\u00b7\u00b7\n# \u6267\u884c\u7533\u8bf7\nshell&gt; acme.sh --issue --dns dns_\u00b7\u00b7\u00b7 -d \u57df\u540d1 -d \u57df\u540d2 \u00b7\u00b7\u00b7<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"\u817e\u8baf\u4e91\">\u817e\u8baf\u4e91<\/h2>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/www.dnspod.cn\/console\/user\/security\n<\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>\nexport DP_Id=\"API Token \u7684 ID\"\nexport DP_Key=\"API Token\"\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>acme<\/strong>.sh <strong>--issue<\/strong> <strong>--dns<\/strong> <strong>dns_dp<\/strong> <strong>-d<\/strong> example.com <strong>-d<\/strong> *.example.com<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"\u963f\u91cc\u4e91\">\u963f\u91cc\u4e91<\/h2>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/ak-console.aliyun.com\/#\/accesskey\n<\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>\nexport Ali_Key=\"xxx\"\nexport Ali_Secret=\"xxxx\"\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>acme<\/strong>.sh <strong>--issue<\/strong> <strong>--dns<\/strong> <strong>dns_ali<\/strong> <strong>-d<\/strong> example.com <strong>-d<\/strong> *.example.com <\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"\u817e\u8baf\u4e91\">Cloudflare<\/h2>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/dash.cloudflare.com\/profile\/api-tokens\n<\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>\nexport CF_Key=\"Global API Key\"\nexport CF_Email=\"Cloudflare Email\"\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>acme<\/strong>.sh <strong>--issue<\/strong> <strong>--dns<\/strong> <strong>dns_dp<\/strong> <strong>-d<\/strong> example.com <strong>-d<\/strong> *.example.com<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code># \u963f\u91cc\u4e91\u57df\u540d\u8bbf\u95ee\u7684AccessKey\nshell&gt; export Ali_Key=\"\u00b7\u00b7\u00b7\"\nshell&gt; export Ali_Secret=\"\u00b7\u00b7\u00b7\"\n# \u7533\u8bf7\u4e3b\u57df\u540d\u8bc1\u4e66\u548c\u6cdb\u57df\u540d\u8bc1\u4e66\nshell&gt; acme.sh --issue --dns dns_ali -d example.com -d *.example.com\n\u00b7\u00b7\u00b7\nCert success.\n\u00b7\u00b7\u00b7\nYour cert is in  \/root\/.acme.sh\/xxx.com\/xxx.com.cer\nYour cert key is in  \/root\/.acme.sh\/xxx.com\/xxx.com.key\nThe intermediate CA cert is in  \/root\/.acme.sh\/xxx.com\/ca.cer\nAnd the full chain certs is there:  \/root\/.acme.sh\/xxx.com\/fullchain.cer \n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u6ce8\u610f\uff1a\u57df\u540d\u670d\u52a1\u5546\u7ed9\u4f60\u7684\u8bbf\u95ee\u8bb8\u53ef\u975e\u5e38\u91cd\u8981\uff0c\u5343\u4e07\u4e0d\u8981\u6cc4\u9732\uff0c\u5426\u5219\u5176\u4ed6\u4eba\u5c06\u4f1a\u62ff\u5230\u4f60\u7684\u57df\u540d\u63a7\u5236\u6743\uff1b\u5efa\u8bae\u6267\u884c\u5b8c\u4e0a\u8ff0\u547d\u4ee4\u8bf7\u91cd\u542f\u7a97\u53e3\u9500\u6bc1\u4e34\u65f6\u73af\u5883\u53d8\u91cf\u3002<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"DNS\u624b\u52a8\u6a21\u5f0f\"><a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#DNS%E6%89%8B%E5%8A%A8%E6%A8%A1%E5%BC%8F\"><\/a>DNS\u624b\u52a8\u6a21\u5f0f<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#DNS%E6%89%8B%E5%8A%A8%E6%A8%A1%E5%BC%8F\"><\/a><\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u8fd9\u4e2a\u6a21\u5f0f\u9700\u8981\u4f60\u586b\u5165\u8981\u7533\u8bf7\u7684\u57df\u540d\uff0cacme.sh\u4f1a\u8fd4\u56de\u4e00\u4e2a\u5b50\u57df\u540d\u548c\u4e00\u4e32TXT\u6570\u636e\uff0c\u4f60\u9700\u8981\u624b\u52a8\u628a\u5b83\u4eec\u6dfb\u52a0\u5230\u4f60\u7684\u57df\u540d\u89e3\u6790\u4e2d\uff0c\u7136\u540e\u56de\u6765\u7533\u8bf7\u8bc1\u4e66\u3002<\/p>\n<\/blockquote>\n\n\n\n<p>\u5982\u679c\u4f60\u662f\u7b2c\u4e00\u6b21\u7533\u8bf7\u8be5\u57df\u540d\uff0c\u9700\u8981\u4f60\u52a0\u4e0a&nbsp;<code>--yes-I-know-dns-manual-mode-enough-go-ahead-please<\/code>&nbsp;\u53c2\u6570\uff0c\u5176\u4ed6\u8981\u6c42\u53ef\u7528\u53c2\u8003<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/acmesh-official\/acme.sh\/wiki\/dns-manual-mode\">\u5b98\u65b9\u6587\u6863<\/a>\u3002<\/p>\n\n\n\n<p>\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u53d1\u8d77\u7533\u8bf7\nshell&gt; acme.sh --issue --dns -d \u57df\u540d1 -d \u57df\u540d2 \u00b7\u00b7\u00b7\n# \u7b2c\u4e00\u6b21\u7533\u8bf7\u5728\u540e\u9762\u52a0\u4e0a\"--yes-I-know-dns-manual-mode-enough-go-ahead-please\"\n\u00b7\u00b7\u00b7\nAdd the following TXT record:\nDomain: '_acme-challenge.\u00b7\u00b7\u00b7'\nTXT value: '\u00b7\u00b7\u00b7'\n\u00b7\u00b7\u00b7\n# \u624b\u52a8\u628a\u5b83\u4eec\u6dfb\u52a0\u5230\u4f60\u7684\u57df\u540d\u89e3\u6790\u4e2d\u518d\u6267\u884c\u4e0b\u5217\u6b65\u9aa4\n# \u7533\u8bf7\u8bc1\u4e66\nshell&gt; acme.sh --issue --renew -d \u57df\u540d1 -d \u57df\u540d2 \u00b7\u00b7\u00b7\n# \u7b2c\u4e00\u6b21\u4e5f\u8981\u52a0\u4e0a\"--yes-I-know-dns-manual-mode-enough-go-ahead-please\"\n\u00b7\u00b7\u00b7\nCert success.\n\u00b7\u00b7\u00b7<\/code><\/pre>\n\n\n\n<p>\u6b64\u5904\u4ee5&nbsp;<code>example.com<\/code>&nbsp;\u4e3a\u4f8b\uff0c\u7533\u8bf7\u8be5\u57df\u540d\u7684\u5168\u90e8\u8bc1\u4e66\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u53d1\u8d77\u7533\u8bf7\nshell&gt; acme.sh --issue --dns -d example.com -d *.example.com\n\u00b7\u00b7\u00b7\nAdd the following TXT record:\nDomain: '_acme-challenge.example.com'\nTXT value: '\u00b7\u00b7\u00b7'\n\u00b7\u00b7\u00b7\n# \u5c06TXT\u8bb0\u5f55\u6dfb\u52a0\u5230\u57df\u540d\u89e3\u6790\u4e2d\n# \u7533\u8bf7\u8bc1\u4e66\nshell&gt; acme.sh --issue --renew -d example.com -d *.example.com\n\u00b7\u00b7\u00b7\nCert success.\n\u00b7\u00b7\u00b7\nYour cert is in  \/root\/.acme.sh\/xxx.com\/xxx.com.cer\nYour cert key is in  \/root\/.acme.sh\/xxx.com\/xxx.com.key\nThe intermediate CA cert is in  \/root\/.acme.sh\/xxx.com\/ca.cer\nAnd the full chain certs is there:  \/root\/.acme.sh\/xxx.com\/fullchain.cer <\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u6ce8\u610f\uff1a\u8fd9\u4e2a\u6a21\u5f0f\u9700\u8981\u4f60\u624b\u52a8\u6dfb\u52a0TXT\u8bb0\u5f55\u505a\u9a8c\u8bc1\uff0c\u7531\u4e8eLet\u2019s Encrypt\u7684\u8bc1\u4e66\u9700\u8981\u6bcf\u4e09\u4e2a\u6708\u7eed\u7b7e\u4e00\u6b21\uff0c\u5fd8\u8bb0\u7eed\u7b7e\u5c31\u4f1a\u5bfc\u81f4\u8bc1\u4e66\u8fc7\u671f\u4ece\u800c\u4f7fhttps\u8fde\u63a5\u51fa\u9519\uff0c\u56e0\u6b64\u4e0d\u5efa\u8bae\u672c\u65b9\u5f0f\u957f\u671f\u4f7f\u7528\u3002<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Web\u670d\u52a1\u5668\u6a21\u5f0f\"><a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%A8%A1%E5%BC%8F\"><\/a>Web\u670d\u52a1\u5668\u6a21\u5f0f<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%A8%A1%E5%BC%8F\"><\/a><\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u8fd9\u4e2a\u6a21\u5f0f\u9700\u8981\u4f60\u5c06\u57df\u540d\u6307\u5411\u4f60\u7684Web\u670d\u52a1\u5668\uff0c\u5e76\u5c06\u7f51\u7ad9\u6839\u76ee\u5f55\u5730\u5740\u63d0\u4ea4\u7ed9acme.sh\uff0c\u4e4b\u540e\u82e5\u9700\u8981\u6b63\u5e38\u7eed\u7b7e\u9700\u8981\u4fdd\u6301\u8be5\u76ee\u5f55\u4e0d\u53d8\u3002<\/p>\n\n\n\n<p>\u6ce8\u610f\uff1a\u672c\u65b9\u5f0f\u4e0d\u652f\u6301\u6cdb\u57df\u540d\u8bc1\u4e66\u3002<\/p>\n<\/blockquote>\n\n\n\n<p>\u6267\u884c\u547d\u4ee4\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>shell&gt; acme.sh --issue -d \u57df\u540d --webroot \u7f51\u7ad9\u6839\u76ee\u5f55\u5730\u5740\n\u00b7\u00b7\u00b7\nCert success.\n\u00b7\u00b7\u00b7<\/code><\/pre>\n\n\n\n<p>\u6b64\u5904\u4ee5&nbsp;<code>example.com<\/code>&nbsp;\u4e3a\u4f8b\uff0c\u7533\u8bf7\u8be5\u57df\u540d\u7684\u8bc1\u4e66\uff1b\u7533\u8bf7\u524d\u5148\u5c06&nbsp;<code>example.com<\/code>&nbsp;\u6307\u5411\u672c\u673a\uff0c\u5e76\u7528nginx\u4ee3\u7406\u5230&nbsp;<code>\/var\/www\/example.com\/<\/code>&nbsp;\u4e0b\u9762\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>shell&gt; acme.sh --issue -d example.com --webroot \/var\/www\/example.com\/\n\u00b7\u00b7\u00b7\nCert success.\n\u00b7\u00b7\u00b7\nYour cert is in  \/root\/.acme.sh\/xxx.com\/xxx.com.cer\nYour cert key is in  \/root\/.acme.sh\/xxx.com\/xxx.com.key\nThe intermediate CA cert is in  \/root\/.acme.sh\/xxx.com\/ca.cer\nAnd the full chain certs is there:  \/root\/.acme.sh\/xxx.com\/fullchain.cer <\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u5982\u679c\u4f60\u672c\u673a\u6ca1\u6709web\u4ee3\u7406\u5de5\u5177\uff0c\u53ef\u4ee5\u4f7f\u7528&nbsp;<code>--standalone<\/code>&nbsp;\u53c2\u6570\u81ea\u52a8\u83b7\u53d6\uff08\u9700\u5b89\u88c5&nbsp;<code>socat<\/code>&nbsp;\u5de5\u5177\uff09\uff0c\u540c\u65f6\u53ef\u7528&nbsp;<code>--httpport<\/code>&nbsp;\u6307\u5b9ahttp\u7aef\u53e3\uff1b\u5982\u679c\u4f60\u662fTLS\u670d\u52a1\u5668\uff0c\u53ef\u7528\u4f7f\u7528&nbsp;<code>--alpn<\/code>&nbsp;\u53c2\u6570\u81ea\u52a8\u83b7\u53d6\uff0c\u540c\u65f6\u53ef\u7528&nbsp;<code>--tlsport<\/code>&nbsp;\u6307\u5b9ahttps\u7aef\u53e3\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u4f60\u672c\u673a\u6709Nginx\u6216\u8005Apache\u670d\u52a1\uff0c\u4f7f\u7528&nbsp;<code>--nginx<\/code>&nbsp;\u6216&nbsp;<code>--apache<\/code>&nbsp;\u53c2\u6570\u53ef\u7528\u81ea\u52a8\u8bc6\u522b\u5176\u914d\u7f6e\u6587\u4ef6\u5e76\u627e\u5230\u7f51\u7ad9\u6839\u76ee\u5f55\u3002<\/p>\n\n\n\n<p>\u66f4\u591a\u7528\u6cd5\u8bf7\u53c2\u8003<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/acmesh-official\/acme.sh\/wiki\/How-to-issue-a-cert\">\u5b98\u65b9\u6587\u6863<\/a><\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"\u5b89\u88c5\u8bc1\u4e66\"><a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#%E5%AE%89%E8%A3%85%E8%AF%81%E4%B9%A6\"><\/a>\u5b89\u88c5\u8bc1\u4e66<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#%E5%AE%89%E8%A3%85%E8%AF%81%E4%B9%A6\"><\/a><\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u6ce8\u610f\uff1a\u4e0d\u8981\u76f4\u63a5\u7528&nbsp;<code>.acme.sh\/<\/code>\u5185\u7684\u8bc1\u4e66\u6587\u4ef6\uff0c\u91cc\u9762\u76ee\u5f55\u7ed3\u6784\u968f\u4f7f\u53ef\u80fd\u4f1a\u56e0\u4e3a\u811a\u672c\u81ea\u52a8\u66f4\u65b0\u800c\u53d8\u52a8\u3002<\/p>\n<\/blockquote>\n\n\n\n<p>\u5b98\u65b9\u6709\u63d0\u4f9b\u4e86\u5173\u4e8eNginx\/Apache\u7684<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/acmesh-official\/acme.sh#3-install-the-cert-to-apachenginx-etc\">\u5b89\u88c5\u65b9\u6cd5<\/a><\/p>\n\n\n\n<p>\u9700\u8981\u7684\u547d\u4ee4\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--install-cert<\/code>&nbsp;\uff1a\u5b89\u88c5\u8bc1\u4e66<\/li>\n\n\n\n<li><code>--list<\/code>&nbsp;\uff1a\u5217\u51fa\u6240\u6709\u7533\u8bf7\u7684\u8bc1\u4e66<\/li>\n<\/ul>\n\n\n\n<p>\u5bf9\u5e94\u7684\u53c2\u6570\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--key-file<\/code>&nbsp;\uff1a\u79c1\u94a5\u6587\u4ef6\u5b89\u88c5\u5730\u5740<\/li>\n\n\n\n<li><code>--cert-file<\/code>&nbsp;\uff1a\u8bc1\u4e66\u6587\u4ef6\u5b89\u88c5\u5730\u5740<\/li>\n\n\n\n<li><code>--fullchain-file<\/code>&nbsp;\uff1a\u8bc1\u4e66\u94fe\u6587\u4ef6\u5b89\u88c5\u5730\u5740<\/li>\n\n\n\n<li><code>--reloadcmd<\/code>&nbsp;\uff1a\u91cd\u542f\u547d\u4ee4\u5185\u5bb9<\/li>\n<\/ul>\n\n\n\n<p>\u4e0b\u9762\u4ee5nginx\u8bc1\u4e66\u5b89\u88c5\u4e3a\u4f8b\uff1a<\/p>\n\n\n\n<p>\u5148\u914d\u7f6enginx<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u5b58\u653e\u914d\u7f6e\u7684\u6587\u4ef6\u5939\u4e00\u822c\u4e3a&nbsp;<code>\/etc\/nginx\/conf.d\/<\/code>\uff0c\u5728\u5176\u4e0b\u65b0\u5efa&nbsp;<code>example.com.conf<\/code>&nbsp;\u6587\u4ef6\uff1b<\/p>\n<\/blockquote>\n\n\n\n<pre class=\"wp-block-code\"><code>server {\n    listen 80; # \u76d1\u542c80\u7aef\u53e3(http)\n    server_name example.com;\n    return 301 https:\/\/$server_name$request_uri; # \u8fd4\u56de301\u547d\u4ee4\uff0c\u5c06\u5730\u5740\u91cd\u5199\u5230https\u4e0a\n}\n\nserver {\n    listen 443 ssl; # \u76d1\u542c443\u7aef\u53e3(https)\n    server_name example.com;\n    root \/var\/www\/example.com; # \u6307\u5b9a\u7f51\u7ad9\u6839\u76ee\u5f55\n    ssl_certificate \/etc\/nginx\/ssl\/fullchain.pem; # \u6307\u5b9aSSL\/TLS\u8bc1\u4e66\n    ssl_certificate_key \/etc\/nginx\/ssl\/privkey.pem;\n\n    location \/ {\n        index index.html; # \u9ed8\u8ba4\u52a0\u8f7d\u6587\u4ef6\n    }\n}<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u6ce8\u610f\uff0c\u8bf7\u786e\u8ba4\u4f60\u7684\u670d\u52a1\u5668\u9632\u706b\u5899\u662f\u5426\u62e6\u622a&nbsp;<code>80<\/code>&nbsp;\u548c&nbsp;<code>443<\/code>&nbsp;\u7aef\u53e3\uff0c\u5305\u62ec\u4e91\u670d\u52a1\u5546\u63d0\u4f9b\u7684\u9632\u706b\u5899\u548c\u7cfb\u7edf\u4e0a\u5b89\u88c5\u7684\u9632\u706b\u5899\u3002<\/p>\n<\/blockquote>\n\n\n\n<p>\u5c06&nbsp;<code>example.com.key<\/code>&nbsp;\u7684&nbsp;<code>A\u8bb0\u5f55<\/code>&nbsp;\u6307\u5411\u672c\u673aIP\u5730\u5740\uff0c\u6b64\u914d\u7f6e\u5c06\u8ba9\u5176\u4ee3\u7406\u5230&nbsp;<code>\/var\/www\/example.com.key\/<\/code>&nbsp;\u6587\u4ef6\u5939\u4e0b\uff0c\u540c\u65f6\u4f7f\u7528&nbsp;<code>\/etc\/nginx\/ssl\/<\/code>&nbsp;\u5185\u7684\u8bc1\u4e66\u6587\u4ef6\uff1b<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u6ce8\u610f\uff1a\u82e5nginx\u7248\u672c\u4f4e\u4e8ev1.15.x\uff0c\u52a1\u5fc5\u5c06&nbsp;<code>listen 443 ssl<\/code>&nbsp;\u6539\u4e3a&nbsp;<code>listen 443<\/code>\uff0c\u5e76\u5728\u4e0b\u65b9\u52a0\u5165\u547d\u4ee4&nbsp;<code>ssl on<\/code>\uff1b<\/p>\n<\/blockquote>\n\n\n\n<p>\u67e5\u770b\u8bc1\u4e66\u7533\u8bf7\u72b6\u6001\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u5217\u51fa\u5168\u90e8\u8bc1\u4e66\nshell&gt; acme.sh --list\nMain_Domain   KeyLength  SAN_Domains     CA               Created   Renew\nexample.com           *.example.com  LetsEncrypt.org  \u00b7\u00b7\u00b7       \u00b7\u00b7\u00b7<\/code><\/pre>\n\n\n\n<p>\u5b89\u88c5\u8bc1\u4e66\u5230nginx\uff0c\u5b89\u88c5\u5b8c\u6210\u540e\u4f1a\u91cd\u542fnginx\u4f7f\u547d\u4ee4\u751f\u6548\u3002<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u6ce8\u610f\u6b64\u5904\u8981\u7528&nbsp;<code>force-reload<\/code>&nbsp;\u547d\u4ee4\uff0c\u5426\u5219nginx\u4e0d\u4f1a\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66\u6587\u4ef6\u3002<\/p>\n<\/blockquote>\n\n\n\n<pre class=\"wp-block-code\"><code># \u521b\u5efa\u6587\u4ef6\u5939\nshell&gt; mkdir -p \/etc\/nginx\/ssl\n# \u5b89\u88c5\u8bc1\u4e66\nshell&gt;\nacme.sh --install-cert -d example.com \\\n--cert-file      \/etc\/nginx\/ssl\/cert.pem  \\\n--key-file       \/etc\/nginx\/ssl\/privkey.pem  \\\n--fullchain-file \/etc\/nginx\/ssl\/fullchain.pem \\\n--reloadcmd     \"service nginx force-reload\"\n\u00b7\u00b7\u00b7\nInstalling key to:\/etc\/nginx\/ssl\/example.com\/privkey.pem\nInstalling full chain to:\/etc\/nginx\/ssl\/example.com\/fullchain.pem\nRun reload cmd: systemctl force-reload nginx\nReload success<\/code><\/pre>\n\n\n\n<p>\u4e3a\u4e86\u786e\u4fdd\u670d\u52a1\u542f\u52a8\u6210\u529f\uff0c\u53ef\u4ee5\u67e5\u770bnginx\u76d1\u542c\u7aef\u53e3\u7684\u72b6\u6001<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u67e5\u770b80\u7aef\u53e3(http)\u72b6\u6001\nshell&gt; netstat -tlnp | grep 80\ntcp     0     0 0.0.0.0:80       0.0.0.0:*     LISTEN      7227\/nginx: master\ntcp6    0     0 :::80            :::*          LISTEN      7227\/nginx: master\n# \u67e5\u770b443\u7aef\u53e3(https)\u72b6\u6001\nshell&gt; netstat -tlnp | grep 443\ntcp     0     0 0.0.0.0:443      0.0.0.0:*     LISTEN      7227\/nginx: master<\/code><\/pre>\n\n\n\n<p>\u8bc1\u4e66\u5b89\u88c5\u4fe1\u606f\u4f1a\u8bb0\u5f55\u5728&nbsp;<code>~\/.acme.sh\/example.com\/example.com.conf<\/code>&nbsp;\u4e2d\uff0c\u53ef\u4ee5\u53d1\u73b0\u8be5\u6587\u4ef6\u672b\u5c3e\u6dfb\u52a0\u4e86\u5982\u4e0b\u4fe1\u606f\uff1a<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><code>Le_ReloadCmd<\/code>&nbsp;\u4e2d\u5c06\u547d\u4ee4\u8bb0\u5f55\u4e3a&nbsp;<code>base64<\/code>&nbsp;\u683c\u5f0f<\/p>\n<\/blockquote>\n\n\n\n<pre class=\"wp-block-code\"><code># \u67e5\u770b\u5b89\u88c5\u4fe1\u606f\nshell&gt; cat ~\/.acme.sh\/example.com\/example.com.conf\n\u00b7\u00b7\u00b7\nLe_RealCertPath=''\nLe_RealCACertPath=''\nLe_RealKeyPath='\/etc\/nginx\/ssl\/example.com\/privkey.pem'\nLe_ReloadCmd='__ACME_BASE64__START_c3lzdGVtY3RsIGZvcmNlLXJlbG9hZCBuZ2lueA==__ACME_BASE64__END_'\nLe_RealFullChainPath='\/etc\/nginx\/ssl\/example.com\/fullchain.pem'\n# \u67e5\u770b\u5b89\u88c5\u76ee\u5f55\u60c5\u51b5\nshell&gt; ls \/etc\/nginx\/ssl\/example.com\/\nfullchain.pem  privkey.pem<\/code><\/pre>\n\n\n\n<p>\u5982\u679c\u4f60\u60f3\u4fee\u6539\u5b89\u88c5\u914d\u7f6e\uff0c\u53ef\u4fee\u6539\u4e0a\u8ff0\u6587\u4ef6\uff0c\u6216\u76f4\u63a5\u8fd0\u884c\u65b0\u7684\u5b89\u88c5\u547d\u4ee4\uff0c\u5373\u53ef\u8986\u76d6\u4e0a\u4e00\u6b21\u7684\u914d\u7f6e\uff1b\u5982\u679c\u60f3\u5220\u9664\u5b89\u88c5\u914d\u7f6e\uff0c\u53ef\u76f4\u63a5\u8fd0\u884c\u65e0\u53c2\u6570\u7684\u5b89\u88c5\u547d\u4ee4\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u5220\u9664\u4e4b\u524d\u7684\u5b89\u88c5\u4fe1\u606f\nshell&gt; acme.sh --install-cert -d example.com\n# \u4f46\u662f\u4e0d\u4f1a\u5220\u9664\u5df2\u5b89\u88c5\u7684\u8bc1\u4e66\uff0c\u9700\u8981\u4f60\u624b\u52a8\u5220\u9664<\/code><\/pre>\n\n\n\n<p>\u5982\u679c\u662f Apache 2.4.8 \u4ee5\u4e0a\u7248\u672c\u7684\u8bdd\uff0c\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e2a\u547d\u4ee4<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#%E6%9B%B4%E6%96%B0%E8%AF%81%E4%B9%A6\"><\/a><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>acme.sh --install-cert -d example.com \\\n--key-file \/etc\/apache2\/ssl\/example.com.key \\\n--fullchain-file \/etc\/apache2\/ssl\/example.com.crt \\\n--reloadcmd \"service apache2 force-reload\"<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"\u66f4\u65b0\u8bc1\u4e66\">\u66f4\u65b0\u8bc1\u4e66<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#%E6%9B%B4%E6%96%B0%E8%AF%81%E4%B9%A6\"><\/a><\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u4f60\u53ef\u4ee5\u624b\u52a8\u66f4\u65b0\u8bc1\u4e66\uff0c\u4f46\u662f\u5982\u679c\u65f6\u95f4\u8fd8\u6ca1\u5230\u4f60\u9700\u8981\u52a0\u4e0a&nbsp;<code>--force<\/code>&nbsp;\u53c2\u6570<\/p>\n<\/blockquote>\n\n\n\n<p>\u547d\u4ee4\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--renew<\/code>&nbsp;\u6216&nbsp;<code>-r<\/code>&nbsp;\uff1a\u66f4\u65b0\u8bc1\u4e66<\/li>\n<\/ul>\n\n\n\n<p>\u5bf9\u5e94\u53c2\u6570\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--domain<\/code>&nbsp;\u6216&nbsp;<code>-d<\/code>&nbsp;\uff1a\u6307\u5b9a\u57df\u540d<\/li>\n\n\n\n<li><code>--force<\/code>&nbsp;\uff1a\u5f3a\u5236\u66f4\u65b0<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># \u66f4\u65b0\u8bc1\u4e66\nshell&gt; acme.sh --renew -d example.com --force\nRenew: 'example.com'\n\u00b7\u00b7\u00b7\nCert success.\n\u00b7\u00b7\u00b7\nYour cert is in  \/root\/.acme.sh\/xxx.com\/xxx.com.cer\nYour cert key is in  \/root\/.acme.sh\/xxx.com\/xxx.com.key\nThe intermediate CA cert is in  \/root\/.acme.sh\/xxx.com\/ca.cer\nAnd the full chain certs is there:  \/root\/.acme.sh\/xxx.com\/fullchain.cer <\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"\u540a\u9500\u8bc1\u4e66\"><a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#%E5%90%8A%E9%94%80%E8%AF%81%E4%B9%A6\"><\/a>\u540a\u9500\u8bc1\u4e66<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#%E5%90%8A%E9%94%80%E8%AF%81%E4%B9%A6\"><\/a><\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u5982\u679c\u4f60\u7684\u79c1\u94a5\u6587\u4ef6\u6cc4\u9732\u6216\u8005\u4e0d\u518d\u4f7f\u7528\uff0c\u53ef\u4ee5\u9009\u62e9\u540a\u9500\u8be5\u8bc1\u4e66<\/p>\n\n\n\n<p>\u6ce8\u610f\uff1a\u5173\u4e8eOCSP\u670d\u52a1\u5668\u88ab\u5899\u95ee\u9898\uff0c\u8bf7\u67e5\u770b\u4e0b\u65b9<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#OCSP%E9%97%AE%E9%A2%98\">OCSP<\/a>\u7684\u5185\u5bb9<\/p>\n<\/blockquote>\n\n\n\n<p>\u547d\u4ee4\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--revoke<\/code>&nbsp;\uff1a\u540a\u9500\u8bc1\u4e66<\/li>\n<\/ul>\n\n\n\n<p>\u5bf9\u5e94\u53c2\u6570\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--domain<\/code>&nbsp;\u6216&nbsp;<code>-d<\/code>&nbsp;\uff1a\u6307\u5b9a\u57df\u540d<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># \u540a\u9500\u8bc1\u4e66\nshell&gt; acme.sh --revoke -d example.com\nTry domain key first.\nRevoke success.<\/code><\/pre>\n\n\n\n<p>\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\u53ef\u53c2\u8003<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/acmesh-official\/acme.sh\/wiki\/revokecert\">\u5b98\u65b9\u6587\u6863<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"\u5220\u9664\u8bc1\u4e66\"><a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#%E5%88%A0%E9%99%A4%E8%AF%81%E4%B9%A6\"><\/a>\u5220\u9664\u8bc1\u4e66<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#%E5%88%A0%E9%99%A4%E8%AF%81%E4%B9%A6\"><\/a><\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u7528\u4e8e\u4eceacme.sh\u4e2d\u79fb\u9664\u8be5\u8bc1\u4e66\uff0c\u4f46\u5e76\u4e0d\u540a\u9500\u8be5\u8bc1\u4e66<\/p>\n<\/blockquote>\n\n\n\n<p>\u547d\u4ee4\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--remove<\/code>&nbsp;\uff1a\u79fb\u9664\u8bc1\u4e66<\/li>\n<\/ul>\n\n\n\n<p>\u5bf9\u5e94\u53c2\u6570\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>--domain<\/code>&nbsp;\u6216&nbsp;<code>-d<\/code>&nbsp;\uff1a\u6307\u5b9a\u57df\u540d<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># \u79fb\u9664\u8bc1\u4e66\nshell&gt; acme.sh --remove -d example.com\nexample.com is removed, the key and cert files are in \/root\/.acme.sh\/xxx.com\/example.com\nYou can remove them by yourself.<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u6267\u884c\u8bc1\u4e66\u79fb\u9664\u547d\u4ee4\u540e\uff0cacme.sh\u4ec5\u4e0d\u518d\u53c2\u4e0e\u8be5\u8bc1\u4e66\u7684\u5de5\u4f5c\uff0c\u4f46\u8bc1\u4e66\u6587\u4ef6\u4ecd\u7136\u5728&nbsp;<code>~\/acme.sh<\/code>&nbsp;\u6587\u4ef6\u5939\u4e0b\uff0c\u9700\u8981\u7528\u6237\u624b\u52a8\u5220\u9664\u3002<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ECC\u8bc1\u4e66\"><a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#ECC%E8%AF%81%E4%B9%A6\"><\/a>ECC\u8bc1\u4e66<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#ECC%E8%AF%81%E4%B9%A6\"><\/a><\/h2>\n\n\n\n<p>\u76ee\u524d\u6700\u5e38\u7528\u7684\u5bc6\u94a5\u4ea4\u6362\u7b97\u6cd5\u6709&nbsp;<code>RSA<\/code>&nbsp;\u548c&nbsp;<code>ECDHE<\/code>\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>RSA\u5386\u53f2\u60a0\u4e45\uff0c\u517c\u5bb9\u6027\u597d\uff0c\u4f46\u8ba1\u7b97\u76f8\u5bf9\u8f83\u6162\uff1b<\/li>\n\n\n\n<li>ECDHE\u4f7f\u7528\u4e86ECC\u7b97\u6cd5\uff0c\u8ba1\u7b97\u901f\u5ea6\u5feb\uff0c\u4f46\u517c\u5bb9\u6027\u76f8\u5bf9\u8f83\u5dee\uff1b<\/li>\n<\/ul>\n\n\n\n<p>\u5185\u7f6eECDSA\u516c\u94a5\u7684\u8bc1\u4e66\u4e00\u822c\u88ab\u79f0\u4e4b\u4e3aECC\u8bc1\u4e66\uff0c\u5185\u7f6eRSA\u516c\u94a5\u7684\u8bc1\u4e66\u79f0\u4e3aRSA\u8bc1\u4e66\uff1bECC\u7b97\u6cd5\u5728\u8ba1\u7b97\u590d\u6742\u5ea6\u8fdc\u5c0f\u4e8eRSA\uff0c\u4f46\u662f\u5374\u80fd\u5728\u66f4\u5c0f\u7684\u957f\u5ea6\u4e0a\u5f97\u5230RSA\u7684\u540c\u6b3e\u5b89\u5168\u7b49\u7ea7\uff0c\u4e00\u822c\u8ba4\u4e3a 256 \u4f4d&nbsp;<code>ECC Key<\/code>&nbsp;\u5728\u5b89\u5168\u6027\u4e0a\u7b49\u540c\u4e8e 3072 \u4f4d&nbsp;<code>RSA Key<\/code>\uff0c\u6240\u4ee5ECC\u8bc1\u4e66\u4e0d\u4ec5\u4f53\u79ef\u5c0f\uff0c\u8fd0\u7b97\u901f\u5ea6\u4e5f\u66f4\u5feb\u3002<\/p>\n\n\n\n<p>\u8bda\u7136\uff0cECC\u8bc1\u4e66\u6709\u538b\u5012\u6027\u7684\u4f18\u52bf\uff0c\u4f46\u662f\u7531\u4e8e\u5386\u53f2\u539f\u56e0\uff0c\u5b83\u5728\u65e7\u7cfb\u7edf\u7684\u517c\u5bb9\u6027\u4e0a\u5b58\u5728\u4e0d\u5c11\u95ee\u9898\uff0c\u6bd4\u5982XP\u53ca\u4e4b\u524d\u7684Windows\u7cfb\u7edf\u90fd\u539f\u751f\u4e0d\u652f\u6301\uff08\u706b\u72d0\u6d4f\u89c8\u5668\u9664\u5916\uff09\uff0c\u4f46\u662f\u5982\u679c\u4f60\u4e0d\u6253\u7b97\u517c\u5bb9\u8001\u7cfb\u7edf\uff0c\u4f7f\u7528ECC\u65e0\u7591\u66f4\u6709\u4f18\u52bf\u3002<\/p>\n\n\n\n<p>\u4f60\u53ef\u4ee5\u5728<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/imququ.com\/post\/ecc-certificate.html\">\u8fd9\u91cc<\/a>\u83b7\u53d6\u66f4\u591a\u5173\u4e8eECC\u8bc1\u4e66\u7684\u77e5\u8bc6\u3002<\/p>\n\n\n\n<p>acme.sh\u4e5f\u7533\u8bf7ECC\u8bc1\u4e66\uff0c\u4ec5\u9700\u52a0\u4e0a\u4e00\u4e9b\u53c2\u6570\uff0c\u64cd\u4f5c\u4e0a\u5e76\u65e0\u592a\u5927\u53d8\u5316\uff1b\u76ee\u524dacme.sh\u652f\u6301\u4ee5\u4e0b\u4e09\u7c7b\u53ef\u9009\u957f\u5ea6\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ec-256\uff08\u63a8\u8350\u4f7f\u7528\uff09<\/li>\n\n\n\n<li>ec-384<\/li>\n\n\n\n<li>ec-521\uff08\u4e0d\u5b8c\u5584\uff09<\/li>\n<\/ul>\n\n\n\n<p>\u540c\u6837\u4f7f\u7528\u4e0a\u9762\u7684\u793a\u4f8b\uff0c\u6211\u4eec\u5c1d\u8bd5\u4e3a&nbsp;<code>example.com<\/code>&nbsp;\u7533\u8bf7\u4e3b\u57df\u540d\u548c\u6cdb\u57df\u540d\u8bc1\u4e66\uff1a<\/p>\n\n\n\n<p>\u7533\u8bf7\u8bc1\u4e66\u4f7f\u7528DNS API\u6a21\u5f0f\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u6dfb\u52a0AccessKey\nshell&gt; export Ali_Key=\"\u00b7\u00b7\u00b7\"\nshell&gt; export Ali_Secret=\"\u00b7\u00b7\u00b7\"\n# \u4f7f\u7528DNS API\u7533\u8bf7ECC\u8bc1\u4e66\uff0c\u8fd9\u91cc\u4f7f\u7528ec-256\uff0c\u4ec5\u9700\u6dfb\u52a0--keylength\u53c2\u6570\nshell&gt; acme.sh --issue --dns dns_ali -d example.com -d *.example.com --keylength ec-256\n\u00b7\u00b7\u00b7\nYour cert is in  \/root\/.acme.sh\/xxx.com\/xxx.com.cer\nYour cert key is in  \/root\/.acme.sh\/xxx.com\/xxx.com.key\nThe intermediate CA cert is in  \/root\/.acme.sh\/xxx.com\/ca.cer\nAnd the full chain certs is there:  \/root\/.acme.sh\/xxx.com\/fullchain.cer \n# \u751f\u6210\u5728 `~\/.acme.sh\/` \u4e0b\u7684\u8bc1\u4e66\u6587\u4ef6\u5939\u4f1a\u52a0\u4e0a `_ecc` \u540e\u7f00<\/code><\/pre>\n\n\n\n<p>\u8bc1\u4e66\u5b89\u88c5\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u521b\u5efa\u8bc1\u4e66\u6587\u4ef6\u5939\nshell&gt; mkdir -p \/etc\/ssl\/certs\/example.com\/\n# \u5b89\u88c5\u65f6\u52a0\u4e0a--ecc\u53c2\u6570\nshell&gt; acme.sh --install-cert -d example.com --ecc \\\n--key-file       \/etc\/ssl\/certs\/example.com\/privkey.pem \\\n--fullchain-file \/etc\/ssl\/certs\/example.com\/fullchain.pem \\\n--reloadcmd      \"systemctl force-reload nginx\"\n\u00b7\u00b7\u00b7\nInstalling key to:\/etc\/ssl\/certs\/example.com\/privkey.pem\nInstalling full chain to:\/etc\/ssl\/certs\/example.com\/fullchain.pem\nRun reload cmd: systemctl force-reload nginx\nReload success<\/code><\/pre>\n\n\n\n<p>\u5176\u4ed6\u51e0\u4e2a\u547d\u4ee4\u4e5f\u90fd\u662f\u52a0\u4e0a&nbsp;<code>--ecc<\/code>&nbsp;\u53c2\u6570\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u66f4\u65b0\u8bc1\u4e66\uff0c\u52a0\u4e0a--ecc\u53c2\u6570\nshell&gt; acme.sh --renew -d example.com --force --ecc\nRenew: 'example.com'\n\u00b7\u00b7\u00b7\nCert success.\n\u00b7\u00b7\u00b7\nYour cert is in  \/root\/.acme.sh\/xxx.com\/xxx.com.cer\nYour cert key is in  \/root\/.acme.sh\/xxx.com\/xxx.com.key\nThe intermediate CA cert is in  \/root\/.acme.sh\/xxx.com\/ca.cer\nAnd the full chain certs is there:  \/root\/.acme.sh\/xxx.com\/fullchain.cer <\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code># \u540a\u9500\u8bc1\u4e66\uff0c\u52a0\u4e0a--ecc\u53c2\u6570\nshell&gt; acme.sh --revoke -d example.com --ecc\nTry domain key first.\nRevoke success.<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code># \u79fb\u9664\u8bc1\u4e66\uff0c\u52a0\u4e0a--ecc\u53c2\u6570\nshell&gt; acme.sh --remove -d example.com --ecc\nexample.com is removed, the key and cert files are in \/root\/.acme.sh\/example.com\nYou can remove them by yourself.<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"nsupdate\u65b9\u5f0f\"><a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#nsupdate%E6%96%B9%E5%BC%8F\"><\/a>nsupdate\u65b9\u5f0f<a href=\"https:\/\/blog.dnomd343.top\/acme.sh-usage\/#nsupdate%E6%96%B9%E5%BC%8F\"><\/a><\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u5982\u679c\u57df\u540d\u4f7f\u7528\u81ea\u5efaDNS\u670d\u52a1\u5668\u89e3\u6790\uff08\u4ee5BIND\u4e3a\u4f8b\uff09\uff0c\u7531\u4e8e\u6ca1\u6709\u7279\u5b9a\u7684API\u63a5\u53e3\uff0c\u6211\u4eec\u4e00\u822c\u501f\u52a9\u4e8e&nbsp;<code>nsupdate<\/code>&nbsp;\u65b9\u5f0f\u6dfb\u52a0\u9a8c\u8bc1\u8bb0\u5f55\u3002<\/p>\n<\/blockquote>\n\n\n\n<p>\u8fd9\u79cd\u65b9\u5f0f\u672c\u8d28\u662f\u4e0a\u6587\u8bb2\u7684&nbsp;<code>DNS API\u6a21\u5f0f<\/code>&nbsp;\uff0c\u5373\u4f7f\u7528\u57df\u540dDNS\u89e3\u6790\u4e2d\u7684TXT\u8bb0\u5f55\u6765\u9a8c\u8bc1\u6240\u6709\u6743\uff0c\u800c&nbsp;<code>nsupdate<\/code>&nbsp;\u6307\u4ee4\u6b63\u662f\u8bbe\u8ba1\u7528\u6765\u5411\u6743\u5a01\u540d\u79f0\u670d\u52a1\u5668\u6dfb\u52a0DNS\u8bb0\u5f55\u7684\u3002<\/p>\n\n\n\n<p>\u9996\u5148\uff0c\u6211\u4eec\u5fc5\u987b\u5148\u914d\u7f6eBind\u670d\u52a1\uff0c\u751f\u6210&nbsp;<code>TSIG key<\/code>&nbsp;\u9a8c\u8bc1\u5bc6\u94a5\uff0c\u5efa\u8bae\u4f7f\u7528&nbsp;<code>HMAC-SHA512<\/code>&nbsp;\u52a0\u5bc6\u65b9\u5f0f<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u4fdd\u5b58\u4e3a.sh\u6587\u4ef6\u6267\u884c\u5373\u53ef\u751f\u6210\u5bc6\u94a5\n# \u6307\u5b9aurandom\u4f5c\u4e3a\u968f\u673a\u6570\u53d1\u751f\u5668\u53ef\u4ee5\u907f\u514d\u90e8\u5206\u673a\u5b50\u957f\u65f6\u95f4\u65e0\u6cd5\u751f\u6210\n# \u82e5\u6709\u9ad8\u5b89\u5168\u6027\u8981\u6c42\uff0c\u8bf7\u66ff\u6362\u4e3arandom\u53d1\u751f\u5668\nread -p \"KEY_NAME: \" KEY_NAME\nread -p \"FILE_NAME: \" FILE_NAME\nb=$(dnssec-keygen -a hmac-sha512 -b 512 -r \/dev\/urandom -n USER -K \/tmp foo)\ncat &gt; \\.\/$FILE_NAME\\.key &lt;&lt;EOF\nkey \"$KEY_NAME\" {\n    algorithm hmac-sha512;\n    secret \"$(awk '\/^Key\/{print $2}' \/tmp\/$b.private)\";\n};\nEOF\nrm -f \/tmp\/$b.{private,key}\necho \"Output as $(pwd)\/$FILE_NAME.key\"<\/code><\/pre>\n\n\n\n<p>\u5c06\u751f\u6210\u7684\u5bc6\u94a5\u6587\u4ef6\u5305\u542b\u5230Bind\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u5e76\u5728\u5bf9\u5e94\u57df\u91cc\u4fe1\u4efb\u8be5\u5bc6\u94a5\uff0c\u793a\u4f8b\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\u00b7\u00b7\u00b7\nzone \"example.com\" {\n    type master;\n    allow-update { key \"update\"; };\n};\n# \u4e0a\u4e0b\u4e24\u79cd\u65b9\u5f0f\u5747\u53ef\u884c\uff0c\u4e0b\u9762\u65b9\u6848\u6743\u9650\u8f83\u4e3a\u7ec6\u5316\nzone \"example.com\" {\n    type master;\n    update-policy {\n        grant update subdomain example.com.;\n    };\n}\n\u00b7\u00b7\u00b7\n# \u6dfb\u52a0\u4e0a\u4e00\u6b65\u751f\u6210\u7684\u5bc6\u94a5\ninclude \"\/var\/named\/tsig_keys\/acme.key\";\n\u00b7\u00b7\u00b7<\/code><\/pre>\n\n\n\n<p>\u4fee\u6539\u5b8c\u6bd5\u540e\u91cd\u542fBind\u670d\u52a1\u751f\u6548\uff0c\u5e76\u5c06\u5bc6\u94a5\u6587\u4ef6\u590d\u5236\u5230\u7533\u8bf7\u8bc1\u4e66\u7684\u673a\u5b50\u4e0a\uff0c\u4e0b\u65b9\u4ee5&nbsp;<code>\/root\/.acme.sh\/nsupdate.key<\/code>&nbsp;\u4e3a\u4f8b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u5148\u624b\u52a8\u6d4b\u8bd5\u5de5\u4f5c\u72b6\u6001\nshell&gt; nsupdate -k \/root\/.acme.sh\/nsupdate.key\n# \u6307\u5b9a\u8fd0\u884cBind\u7684\u540d\u79f0\u670d\u52a1\u5668\n&gt; server ns1.example.com\n# \u5c1d\u8bd5\u6dfb\u52a0TXT\u8bb0\u5f55\n&gt; update add demo.example.com 600 TXT \"test ok\"\n# \u663e\u793a\u5373\u5c06\u6dfb\u52a0\u7684\u8bf7\u6c42\n&gt; show\n# \u53d1\u9001\u6dfb\u52a0\u8bf7\u6c42\n&gt; send\n# \u6267\u884cdig TXT demo.example.com\u547d\u4ee4\u6d4b\u8bd5\u662f\u5426\u6210\u529f\u6dfb\u52a0\n# \u79fb\u9664\u6dfb\u52a0\u7684\u8bb0\u5f55\n&gt; update delete demo.example.com TXT\n# \u53d1\u9001\u8bf7\u6c42\n&gt; send\n&gt; quit<\/code><\/pre>\n\n\n\n<p>\u6d4b\u8bd5\u6210\u529f\u540e\uff0c\u4f7f\u7528&nbsp;<code>acme.sh<\/code>&nbsp;\u7533\u8bf7\u8bc1\u4e66<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u6307\u5b9a\u540d\u79f0\u670d\u52a1\u5668\nshell&gt; export NSUPDATE_SERVER=\"ns1.example.com\"\n# \u6307\u5b9aTSIG\u5bc6\u94a5\nshell&gt; export NSUPDATE_KEY=\"\/root\/.acme.sh\/nsupdate.key\"\n# \u6307\u5b9a\u9a8c\u8bc1\u7684\u57df\u540d\nshell&gt; export NSUPDATE_ZONE=\"343.re\"\n# \u7533\u8bf7\u8bc1\u4e66\nshell&gt; acme.sh --issue --dns dns_nsupdate -d 343.re -d *.343.re<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>acme.sh\u662f\u4e00\u4e2a\u57fa\u4e8eShell\u811a\u672c\u7f16\u5199\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u7528\u4e8e\u83b7\u53d6SSL\/TLS\u8bc1\u4e66\uff0c\u53ef\u4ee5\u5b9e\u73b0\u81ea\u52a8\u7533\u8bf7\u3001 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-101","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.yyaan.com\/index.php?rest_route=\/wp\/v2\/posts\/101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yyaan.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yyaan.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yyaan.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yyaan.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=101"}],"version-history":[{"count":1,"href":"https:\/\/www.yyaan.com\/index.php?rest_route=\/wp\/v2\/posts\/101\/revisions"}],"predecessor-version":[{"id":102,"href":"https:\/\/www.yyaan.com\/index.php?rest_route=\/wp\/v2\/posts\/101\/revisions\/102"}],"wp:attachment":[{"href":"https:\/\/www.yyaan.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yyaan.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yyaan.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}