acme.sh申请报错
咋回事
nginx要使用acme.sh申请证书,证书申请失败导致nginx无法启动。
仔细观察了一下输出日志
[Mon Sep 5 02:20:49 UTC 2022] Standalone mode.
[Mon Sep 5 02:20:49 UTC 2022] No EAB credentials found for ZeroSSL, let's get one
[Mon Sep 5 02:20:49 UTC 2022] acme.sh is using ZeroSSL as default CA now.
[Mon Sep 5 02:20:49 UTC 2022] Please update your account with an email address first.
[Mon Sep 5 02:20:49 UTC 2022] acme.sh --register-account -m my@example.com
[Mon Sep 5 02:20:49 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA
[Mon Sep 5 02:20:49 UTC 2022] Please add '--debug' or '--log' to check more details.
[Mon Sep 5 02:20:49 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Please update your account with an email address first.
这句话已经告诉你了
卸载
[root@qwq ~]# cd ./.acme.sh/
[root@qwq.acme.sh]# ls
account.conf acme.sh acme.sh.csh acme.sh.env ca deploy dnsapi http.header notify us1.us1.top
[root@qwq.acme.sh]# ./acme.sh --uninstall
修改脚本
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --issue -d $your_domain --standalone
~/.acme.sh/acme.sh --installcert -d $your_domain \
--key-file /etc/nginx/ssl/$your_domain.key \
--fullchain-file /etc/nginx/ssl/fullchain.cer
添加邮箱
修改后:
curl https://get.acme.sh | sh -s email=4933@qq.com
~/.acme.sh/acme.sh --issue -d $your_domain --standalone
~/.acme.sh/acme.sh --installcert -d $your_domain \
--key-file /etc/nginx/ssl/$your_domain.key \
--fullchain-file /etc/nginx/ssl/fullchain.cer
别忘记配置临时变量
[root@qwq.acme.sh]# export your_domain=us1.us1.top
手动执行
curl https://get.acme.sh | sh -s email=4933@qq.com
~/.acme.sh/acme.sh --issue -d $your_domain --standalone
~/.acme.sh/acme.sh --installcert -d $your_domain \
--key-file /etc/nginx/ssl/$your_domain.key \
--fullchain-file /etc/nginx/ssl/fullchain.cer
又咋回事?
acme.sh申请证书,证书申请失败。
[Mon Sep 5 11:40:36 CST 2022] OK
[Mon Sep 5 11:40:36 CST 2022] Install success!
[OK] 安装 SSL 证书生成脚本 完成
[Mon Sep 5 11:40:37 CST 2022] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
Usage: acme.sh --issue --domain <domain.tld> --webroot <directory>
[错误] SSL 证书生成失败
咋解决
报错信息输出太少,尝试自行手动解决
先看看脚本
敏感词已修改为qwq
acme() {
"$HOME"/.acme.sh/acme.sh --set-default-ca --server letsencrypt
if "$HOME"/.acme.sh/acme.sh --issue --insecure -d "${domain}" --standalone -k ec-256 --force; then
echo -e "${OK} ${GreenBG} SSL 证书生成成功 ${Font}"
sleep 2
mkdir /data
if "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath /data/qwq.crt --keypath /data/qwq.key --ecc --force; then
echo -e "${OK} ${GreenBG} 证书配置成功 ${Font}"
sleep 2
if [[ -n $(type -P wgcf) && -n $(type -P wg-quick) ]]; then
wg-quick up wgcf >/dev/null 2>&1
echo -e "${OK} ${GreenBG} 已启动 wgcf-warp ${Font}"
fi
fi
else
echo -e "${Error} ${RedBG} SSL 证书生成失败 ${Font}"
rm -rf "$HOME/.acme.sh/${domain}_ecc"
if [[ -n $(type -P wgcf) && -n $(type -P wg-quick) ]]; then
wg-quick up wgcf >/dev/null 2>&1
echo -e "${OK} ${GreenBG} 已启动 wgcf-warp ${Font}"
fi
exit 1
fi
}
手动搞定他
开整
敏感词已修改为qwq
请把us1.us1.top修改为自己的域名
[root@qwq ~]# cd ./.acme.sh/
[root@qwq.acme.sh]# ls
account.conf acme.sh acme.sh.csh acme.sh.env ca deploy dnsapi http.header notify
[root@qwq ~]# ./acme.sh --set-default-ca --server letsencrypt
[root@qwq ~]# export domain=us1.us1.top
[root@qwq ~]# ./acme.sh --issue --insecure -d "${domain}" --standalone -k ec-256 --force
[root@qwq ~]# mkdir /data
[root@qwq ~]# ./acme.sh --installcert -d "${domain}" --fullchainpath /data/qwq.crt --keypath /data/qwq.key --ecc --force
再次执行安装脚本。
[OK] web 站点伪装 完成
/data 目录下证书文件已存在
[OK] 是否删除 [Y/N]?
n
证书文件已存在
[OK] Nginx systemd ServerFile 添加 完成
