安装 acme.sh

1
$ curl  https://get.acme.sh | sh

dns-api 验证

腾讯云

访问 https://www.dnspod.cn

添加密钥并记录

1
2
3
$ export DP_Id="ID"
$ export DP_Key="TOKEN"
$ acme.sh --issue -d zuweiye.com -d *.zuweiye.com --dns dns_dp

阿里云

1
2
3
$ export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
$ export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"
$ acme.sh --issue --dns dns_ali -d zuweiye.com -d *.zuweiye.com

配置 nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# http(80) -> https(443/ssl)
server {
    listen 80;
    server_name *.zuweiye.com;
    rewrite ^(.*)$ https://$host$request_uri;
}
# *.zuweiye.com
server {
    listen 443;
    server_name *.zuweiye.com;
    include ssl/zuweiye.ssl.conf;

    location / {
        # todo
    }
}

安装证书到 nginx certs 目录

1
2
3
4
acme.sh --install-cert -d www.psvmc.cn \
--key-file       /etc/nginx/cert/key.pem  \
--fullchain-file /etc/nginx/cert/cert.pem \
--reloadcmd     "service nginx force-reload"

添加后的域名证书会自动刷新