SSL证书问题 Let’s Encrypt
Supported CA 服务器
- ZeroSSL.com CA(default)
- Letsencrypt.org CA
- BuyPass.com CA
- SSL.com CA
- Pebble strict Mode
- Any other RFC8555-compliant CA
证书安装
git clone https://github.com/acmesh-official/acme.sh.git cd ./acme.sh ./acme.sh --install -m my@example.com
证书申请 默认使用的CA服务器是https://acme.zerossl.com/
[root@k8s-master acme.sh]# ./acme.sh --issue -d hotline.liequgame.com --challenge-alias 91doctor.com --dns dns_ali --dnssleep 60 --force [Thu Nov 25 18:43:06 CST 2021] Using CA: https://acme.zerossl.com/v2/DV90 [Thu Nov 25 18:43:07 CST 2021] Creating domain key [Thu Nov 25 18:43:07 CST 2021] The domain key is here: /root/.acme.sh/hotline.liequgame.com/hotline.liequgame.com.key [Thu Nov 25 18:43:07 CST 2021] Single domain='hotline.liequgame.com' [Thu Nov 25 18:43:07 CST 2021] Getting domain auth token for each domain [Thu Nov 25 18:43:18 CST 2021] Getting webroot for domain='hotline.liequgame.com' [Thu Nov 25 18:43:18 CST 2021] Adding txt value: f1YwVO01OUlPWrjhuKbd0J0Vja9Is2ls9nouKu7FNBo for domain: _acme-challenge.91doctor.com [Thu Nov 25 18:43:21 CST 2021] The txt record is added: Success. [Thu Nov 25 18:43:21 CST 2021] Sleep 60 seconds for the txt records to take effect [Thu Nov 25 18:44:22 CST 2021] Verifying: hotline.liequgame.com [Thu Nov 25 18:44:26 CST 2021] Processing, The CA is processing your order, please just wait. (1/30) [Thu Nov 25 18:44:30 CST 2021] Success [Thu Nov 25 18:44:30 CST 2021] Removing DNS records. [Thu Nov 25 18:44:30 CST 2021] Removing txt: f1YwVO01OUlPWrjhuKbd0J0Vja9Is2ls9nouKu7FNBo for domain: _acme-challenge.91doctor.com [Thu Nov 25 18:44:33 CST 2021] Removed: Success [Thu Nov 25 18:44:33 CST 2021] Verify finished, start to sign. [Thu Nov 25 18:44:33 CST 2021] Lets finalize the order. [Thu Nov 25 18:44:33 CST 2021] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/iAataTZ2_OMP8Hv8hTuUPw/finalize'。 CA服务器 [Thu Nov 25 18:44:37 CST 2021] Order status is processing, lets sleep and retry. [Thu Nov 25 18:44:37 CST 2021] Retry after: 15 [Thu Nov 25 18:44:53 CST 2021] Polling order status: https://acme.zerossl.com/v2/DV90/order/iAataTZ2_OMP8Hv8hTuUPw [Thu Nov 25 18:44:55 CST 2021] Downloading cert. [Thu Nov 25 18:44:55 CST 2021] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/TCww3kQJlKW6bSB1opWUnQ' [Thu Nov 25 18:44:57 CST 2021] Cert success. -----BEGIN CERTIFICATE----- MIIGeDCCBGCgAwIBAgIQajjGuZ2CcQz5Y9+4XrQzTjANBgkqhkiG9w0BAQwFADBL MQswCQYDVQQGEwJBVDEQMA4GA1UEChMHWmVyb1NTTDEqMCgGA1UEAxMhWmVyb1NT TCBSU0EgRG9tYWluIFNlY3VyZSBTaXRlIENBMB4XDTIxMTEyNTAwMDAwMFoXDTIy MDIyMzIzNTk1OVowIDEeMBwGA1UEAxMVaG90bGluZS5saWVxdWdhbWUuY29tMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpAYuazV+G6GiM3VyroNN7ub z7k/gGgyWWM8hwSZsjVpLDHuU1KC6SSXDQoWbJb8HLnpeZpZM0ZTbSgiMG/gX1EM 7E6eo1pZ2Ymfbq9BYU1mfaBhtHold++LRmUhJf/stCT+6uQTCIIerZbywdNYz4iY ljfrOHo/2IQFocBqDRRXxpRi6NNf+6OaGz1EkLuHrxrLpdImfyogS1W+6OQBPqUt vGg6pO8tOS7nGItC/v+7aZNY9kFU3MDQcE+Kb6r5/0ltXMNyocFEXFTDiI9nt00f ZwBLH5GPeK3LK1OnYUVSV1qMpTV6WXvo0mrrDYPOE2sNTX6VE0rBX8JYXdoCpwID AQABo4ICgTCCAn0wHwYDVR0jBBgwFoAUyNl4aKLZGWjVPXLeXwo+3LWGhqYwHQYD VR0OBBYEFETymeF40Sbdwnetugv5HM3Tf2DeMA4GA1UdDwEB/wQEAwIFoDAMBgNV HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAE QjBAMDQGCysGAQQBsjEBAgJOMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGln by5jb20vQ1BTMAgGBmeBDAECATCBiAYIKwYBBQUHAQEEfDB6MEsGCCsGAQUFBzAC hj9odHRwOi8vemVyb3NzbC5jcnQuc2VjdGlnby5jb20vWmVyb1NTTFJTQURvbWFp blNlY3VyZVNpdGVDQS5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly96ZXJvc3NsLm9j c3Auc2VjdGlnby5jb20wggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBGpVXrdfqR IDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAX1WsoF+AAAEAwBHMEUCIC7wftg5 1sZLcy5xUBsVCeOLFWC1p/xLCm9nKIgbDOeQAiEA4zR5yN68AYjiwxmkWIMbA6jh udmIBCWkDRc5Gt2vjNYAdgBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG 9gAAAX1WsoGIAAAEAwBHMEUCIQCa/Us3aZ1CiHFqedeNb3SCGkWkzSF3zUsHda+n RJdFYQIgTD6EhmKczygBjRGPyqyQ4KKRIIEpDRtGx4/9Wit4N6AwIAYDVR0RBBkw F4IVaG90bGluZS5saWVxdWdhbWUuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBKigEm c9wBD9AWsXVZN+Cq8BnKjHH/uPOQcIQJeZucBtAxWJy0WwxJIrzor2ScHsMoFn6E Es+nOoOFm5cop2i1cAkcjmcyz3mvB1HiNUzqyq0/x7LGY5kc1txgRPKDU4p1Z6gZ iX9fAIRTKw+NTv9AQJcq1ecl2X2cHiOin2H73eek9eM8F8zlRYGZM62bPyOQIjIN v5gqF8X9cwTbAPLUxtoy/NfTMAz8f2D4jxL665Z11ak4e/YG4aG6b7oDlrxFlD/h xhuIrRc6/Wo0P0ZtSEt49P/ikSn9omuTp6V719Sh5YelIY6NOK5Q111sGn/eSaP1 p1gnFYbp05pS+UwRq8anLCvi+H6pDJw+P0mDrTH68/cYrFO2v2iK7NnjJQu9XZdz fHfDiOHKqM0Qg/TTPD37xNv0t1fmb0u/YxkfaeziWZN+gTOie3rWwG3iFKF4xnPN O6DkeG7snrobPe+OID8Kgb6f6762dorB0h8h4UuOubKV9A9s5cQ91ScPO6Abc6ON XZetrNj7hJFuP70djJAAZLdBVs1YGMA/1Qc2rvnzNNAnxdZQwZrRZsFE2gXZWCfa 8DcRRPo+MRkBJgCEZXxifcfxTJNITl+uLxvQaw/kb8Xim8BHwNJvVmOZPqsn1TAa IAh7U3Ltpvm7B1bQjZlTQYUTen+OxEKvFI5t2g== -----END CERTIFICATE----- [Thu Nov 25 18:44:57 CST 2021] Your cert is in: /root/.acme.sh/hotline.liequgame.com/hotline.liequgame.com.cer [Thu Nov 25 18:44:57 CST 2021] Your cert key is in: /root/.acme.sh/hotline.liequgame.com/hotline.liequgame.com.key [Thu Nov 25 18:44:57 CST 2021] The intermediate CA cert is in: /root/.acme.sh/hotline.liequgame.com/ca.cer [Thu Nov 25 18:44:57 CST 2021] And the full chain certs is there: /root/.acme.sh/hotline.liequgame.com/fullchain.cer [root@k8s-master acme.sh]#
如何更换CA服务器申请证书
将CA服务器更换为https://api.buypass.com/
1、注册账号
[root@k8s-master acme.sh]# ./acme.sh --server https://api.buypass.com/acme/directory --register-account --accountemail geyanan@xianlai-inc.com [Thu Nov 25 18:51:13 CST 2021] Registering account: https://api.buypass.com/acme/directory [Thu Nov 25 18:51:16 CST 2021] Already registered [Thu Nov 25 18:51:16 CST 2021] ACCOUNT_THUMBPRINT='R0L0HzzZuTYvPWObtYA3xEyBzgsZ5ML62oECj_Or2M4' [root@k8s-master acme.sh]#
2、申请证书 会发现ca服务器已经发生了改变
[root@k8s-master acme.sh]# ./acme.sh --server https://api.buypass.com/acme/directory --issue -d hotline.liequgame.com --challenge-alias 91doctor.com --dns dns_ali --dnssleep 60 --force [Thu Nov 25 18:38:09 CST 2021] Using CA: https://api.buypass.com/acme/directory [Thu Nov 25 18:38:09 CST 2021] Single domain='hotline.liequgame.com' [Thu Nov 25 18:38:09 CST 2021] Getting domain auth token for each domain [Thu Nov 25 18:38:16 CST 2021] Getting webroot for domain='hotline.liequgame.com' [Thu Nov 25 18:38:16 CST 2021] Adding txt value: 6qi2sLb9Z2lgfDZ0PoK5amSq5pLReyGPA_xQGYvoVMg for domain: _acme-challenge.91doctor.com [Thu Nov 25 18:38:19 CST 2021] The txt record is added: Success. [Thu Nov 25 18:38:19 CST 2021] Sleep 60 seconds for the txt records to take effect [Thu Nov 25 18:39:20 CST 2021] Verifying: hotline.liequgame.com [Thu Nov 25 18:39:23 CST 2021] Success [Thu Nov 25 18:39:23 CST 2021] Removing DNS records. [Thu Nov 25 18:39:23 CST 2021] Removing txt: 6qi2sLb9Z2lgfDZ0PoK5amSq5pLReyGPA_xQGYvoVMg for domain: _acme-challenge.91doctor.com [Thu Nov 25 18:39:26 CST 2021] Removed: Success [Thu Nov 25 18:39:26 CST 2021] Verify finished, start to sign. [Thu Nov 25 18:39:26 CST 2021] Lets finalize the order. [Thu Nov 25 18:39:26 CST 2021] Le_OrderFinalize='https://api.buypass.com/acme/order/ZqEYvsRxrcSNQ5jqZfLhYYHXUAErZYImNCNpzhemdGY/finalize' CA服务器 [Thu Nov 25 18:39:33 CST 2021] Downloading cert. [Thu Nov 25 18:39:33 CST 2021] Le_LinkCert='https://api.buypass.com/acme-v02/cert/YgIcNSt8yIs' [Thu Nov 25 18:39:34 CST 2021] Cert success. -----BEGIN CERTIFICATE----- MIIGYjCCBEqgAwIBAgILAZJcrZTrjeyNRGcwDQYJKoZIhvcNAQELBQAwSzELMAkG A1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYDVQQD DBRCdXlwYXNzIENsYXNzIDIgQ0EgNTAeFw0yMTExMjUxMDM5MjhaFw0yMjA1MjMy MTU5MDBaMCAxHjAcBgNVBAMMFWhvdGxpbmUubGllcXVnYW1lLmNvbTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbi/v7hG3g26u0mTCA7z7kKlMUUJC0e qrGg7Hgp1kJsKaqzRvnvqKZ2Qv0eZPX/PvK5ZYg810Pq2fbHaroorTNpMWoL8X5R BHyRrP743MQ2PW85E+WTm5gAMRGWMg1ZKaTMFJ/vrAsHMy0tVyRX2FVzNoSlU02w 3agQu09a6EYhrHuSuaRgoDsn0nfNZrHBKQgCVI4TJ6uFY9ad4ArmeDVPq/Nt2jpB bSDJ4+pK5ejKRjfDeRWchV7HjGtcGXqU3fOmbRuQsxfr7rHwYNezLDlDKqj0y+J/ HxzDPdVLuvsCRNqPiXgQkvFxcwCwN69VPnHfs1FbYS1jkjUv/K7pemECAwEAAaOC AnAwggJsMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUJ1Kkby0qq0CTkOzWacv+fGE7 fEIwHQYDVR0OBBYEFKt34rQyJ4exgttxbHaNYrDOEwRNMA4GA1UdDwEB/wQEAwIF oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0gBBgwFjAKBghg hEIBGgECBzAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5i dXlwYXNzLm5vL2NybC9CUENsYXNzMkNBNS5jcmwwIAYDVR0RBBkwF4IVaG90bGlu ZS5saWVxdWdhbWUuY29tMGoGCCsGAQUFBwEBBF4wXDAjBggrBgEFBQcwAYYXaHR0 cDovL29jc3AuYnV5cGFzcy5jb20wNQYIKwYBBQUHMAKGKWh0dHA6Ly9jcnQuYnV5 cGFzcy5uby9jcnQvQlBDbGFzczJDQTUuY2VyMIIBAwYKKwYBBAHWeQIEAgSB9ASB 8QDvAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF9Vq3I2gAA BAMARjBEAiAh8a9ljHgsFyLyprHl88vJQKL9zG3ubhmmQdTs5t8UEAIgQcyc+EYV ppuIfYPaT0UGdiJq9sZT3v3YXKcEv4IpfG8AdgBByMqx3yJGShDGoToJQodeTjGL GwPr60vHaPCQYpYG9gAAAX1WrciEAAAEAwBHMEUCIEwzlZPnlnUOPTV6DzAX/l3P bn9UNAg2aEkaAaSJbPOBAiEA7JPA9C/DyDOXeChjH83j3hXNpKf01+R8JIKe1+JH l8MwDQYJKoZIhvcNAQELBQADggIBACDRdsvcjJFzI6ZMWYqp8T1z0D0hjZzkOQ+t R/7TtdRZMp+YNYG7vsoMG1Kjjg9cc7QQgdm/UiBxAp+hj6Pe4FyTbK0oKBY8dK7a uDoC4t1qqw4Zmrn6kedqB8yct5XXg5S76PYeNH6uvfL+l/cKTrX5Df34LPVuv5Cw DJbOS6yXqJKVjbDKb0mEsIf8VwSq2x8Cau1N3hFoeJlHu1p4mNFxE2RsOXnZ8N6r 2zSeAcZuiayVkhScELUs8rZtCfGPK/uOAAdUW7B3sstvOE22fWzjN8t4nxyn6rgC zr2v3lnpB+5zuawOcokwuuMsFj+eHtSOm9xa+aGPW/KJCBVHYhcs1YhxPxBYBuxM fKIzO/KwSYJr6SxvmYFckK0QMeSqMBVjUDhw6VKM+e8ST2hgYlQWjWoMryekS+au MI/6fK4MuMho3ORZ8r6WrHYASw1LhYu21XEWuKiUwX+rFF0jy1LGtMOpvLNJavcm ajqGkyJxxicJLJXzffKYOqGD9/WtCvBoAls1+KdWuN1pvfyzAsvVX2PTt6qDTSi6 6xb0P8az6f0HNJ+OoZzbJcTQREJ/PWVg/NbCqrnzQYi8D8Q0uvBFVUg6JRktMPyI fnuOm3u8p3x+lMI8Y7gkCntgpugQP+1MbI7HBkGLfihp+BzEpaRQoXggNEZPkxC7 wPK8inAp -----END CERTIFICATE----- [Thu Nov 25 18:39:34 CST 2021] Your cert is in: /root/.acme.sh/hotline.liequgame.com/hotline.liequgame.com.cer [Thu Nov 25 18:39:34 CST 2021] Your cert key is in: /root/.acme.sh/hotline.liequgame.com/hotline.liequgame.com.key [Thu Nov 25 18:39:34 CST 2021] The intermediate CA cert is in: /root/.acme.sh/hotline.liequgame.com/ca.cer [Thu Nov 25 18:39:34 CST 2021] And the full chain certs is there: /root/.acme.sh/hotline.liequgame.com/fullchain.cer
转载自:https://github.com/acmesh-official/acme.sh
https://letsencrypt.org/zh-cn/getting-started/
