curl https://get.acme.sh | sh
安装好之后,需要先断开终端,重新连接一次,以使命令生效
acme.sh --upgrade --auto-upgrade --accountemail "admin@kper.net"
添加文件:/root/.acme.sh/cloudkey-renew-hook.sh
#!/bin/bash # Renew-hook for ACME / Let's encrypt echo "** Configuring new Let's Encrypt certs" cd /etc/ssl/private rm -f /etc/ssl/private/cert.tar /etc/ssl/private/unifi.keystore.jks /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/fullchain.pem openssl pkcs12 -export -in /etc/ssl/private/cloudkey.crt -inkey /etc/ssl/private/cloudkey.key -out /etc/ssl/private/cloudkey.p12 -name unifi -password pass:aircontrolenterprise keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -srckeystore /etc/ssl/private/cloudkey.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi rm -f /etc/ssl/private/cloudkey.p12 tar -cvf cert.tar * chown root:ssl-cert /etc/ssl/private/* chmod 640 /etc/ssl/private/* echo "** Testing Nginx and restarting" /usr/sbin/nginx -t /etc/init.d/nginx restart ; /etc/init.d/unifi restart
export HE_Username="username" export HE_Password="password" acme.sh --issue --dns dns_he -d ac.kper.net --pre-hook "touch /etc/ssl/private/cert.tar; tar -zcvf /root/.acme.sh/CloudKeySSL_`date +%Y-%m-%d_%H.%M.%S`.tgz /etc/ssl/private/*" --fullchainpath /etc/ssl/private/cloudkey.crt --keypath /etc/ssl/private/cloudkey.key --reloadcmd "sh /root/.acme.sh/cloudkey-renew-hook.sh"
搞定!
我的微信
我的微信
微信扫一扫
评论