首先,安装acme
curl https://get.acme.sh | sh
因为acme调整了默认证书为zerossl,需要将其改为let’s encrypt :
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
然后就按照顺序申请SSL证书就好了
输出解析验证TXT:
~/.acme.sh/acme.sh --issue -d example.com --dns \
--yes-I-know-dns-manual-mode-enough-go-ahead-please
验证解析并生成证书:
~/.acme.sh/acme.sh --renew -d example.com \
--yes-I-know-dns-manual-mode-enough-go-ahead-please
证书key和cer路径:root\.acme.sh\example.com
关于吊销:
如何吊销证书。
~/.acme.sh/acme.sh --revoke -d example.com
您还可以指定吊销原因(可选):
acme.sh --revoke -d example.com --revoke-reason 0
正当理由是, 请参阅:https://tools.ietf.org/html/rfc5280#section-5.3.10-10
unspecified (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
-- value 7 is not used
removeFromCRL (8),
privilegeWithdrawn (9),
aACompromise (10