字体：大中小

自动续签免费https ssl证书

优秀/资源网站　2025/6/19 20:51:29　　点击：不统计

现在市面上已经没有免费的https ssl证书了,免费的ssl证书一般都是三个月的，比如阿里云等，既然阿里云等都支持3个月的证书，可以通过连续续签(重新申请)实现整年的证书。看到github 有个acme.sh https://github.com/acmesh-official/acme.sh 实现了通过定时任务自动续签免费ssl 证书

1. 系统安装 acme.sh (注意 root 用户和非root 用户不一样)

如果用root https://github.com/acmesh-official/acme.sh/wiki/%E8%AF%B4%E6%98%8E

如果用非root https://github.com/acmesh-official/acme.sh/wiki/sudo

2. 通过阿里云AccessKey进行 DNS 管理

dns_ali 表示阿里云DNS服务管理，其他的参考： https://github.com/Neilpang/acme.sh/tree/master/dnsapi

阿里dns管理：配置到 acme.sh.env 文件中,新增

export Ali_Key="*****“

export Ali_Secret=”*******"

然后source acme.sh.env

然用运行 env 确认系统环境是否存在

3. 开始创建证书

./acme.sh --issue --dns dns_ali -d microheart.cn -d *.microheart.cn

[Thu Jun 19 10:53:14 AM CST 2025] Using CA: https://acme.zerossl.com/v2/DV90

[Thu Jun 19 10:53:14 AM CST 2025] Account key creation OK.

[Thu Jun 19 10:53:14 AM CST 2025] No EAB credentials found for ZeroSSL, let's obtain them

[Thu Jun 19 10:53:16 AM CST 2025] Registering account: https://acme.zerossl.com/v2/DV90

[Thu Jun 19 10:53:18 AM CST 2025] Registered

[Thu Jun 19 10:53:18 AM CST 2025] ACCOUNT_THUMBPRINT='r3e0MSP_zXsWaam1KCFifI-0krwp_i9bdpdVweiduHg'

[Thu Jun 19 10:53:18 AM CST 2025] Creating domain key

[Thu Jun 19 10:53:18 AM CST 2025] The domain key is here: /home/ecs-user/.acme.sh/microheart.cn_ecc/microheart.cn.key

[Thu Jun 19 10:53:18 AM CST 2025] Multi domain='DNS:microheart.cn,DNS:*.microheart.cn'

[Thu Jun 19 10:53:22 AM CST 2025] Getting webroot for domain='microheart.cn'

[Thu Jun 19 10:53:22 AM CST 2025] Getting webroot for domain='*.microheart.cn'

[Thu Jun 19 10:53:22 AM CST 2025] Adding TXT value: DyNPvSIYcRhkj278i3I0kl8je7WcN7Dc42eWw6LTGqg for domain: _acme-challenge.microheart.cn

[Thu Jun 19 10:53:23 AM CST 2025] The TXT record has been successfully added.

[Thu Jun 19 10:53:23 AM CST 2025] Adding TXT value: PIeBwYRamMKBOVLdBF1Qnunq3PvODxU4qLjy8D6AQXA for domain: _acme-challenge.microheart.cn

[Thu Jun 19 10:53:25 AM CST 2025] The TXT record has been successfully added.

[Thu Jun 19 10:53:25 AM CST 2025] Let's check each DNS record now. Sleeping for 20 seconds first.

[Thu Jun 19 10:53:46 AM CST 2025] You can use '--dnssleep' to disable public dns checks.

[Thu Jun 19 10:53:46 AM CST 2025] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck

[Thu Jun 19 10:53:46 AM CST 2025] Checking microheart.cn for _acme-challenge.microheart.cn

[Thu Jun 19 10:53:46 AM CST 2025] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35

[Thu Jun 19 10:53:56 AM CST 2025] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28

[Thu Jun 19 10:53:56 AM CST 2025] Success for domain microheart.cn '_acme-challenge.microheart.cn'.

[Thu Jun 19 10:53:56 AM CST 2025] Checking microheart.cn for _acme-challenge.microheart.cn

[Thu Jun 19 10:53:56 AM CST 2025] Success for domain microheart.cn '_acme-challenge.microheart.cn'.

[Thu Jun 19 10:53:56 AM CST 2025] All checks succeeded

[Thu Jun 19 10:53:56 AM CST 2025] Verifying: microheart.cn

[Thu Jun 19 10:53:57 AM CST 2025] Processing. The CA is processing your order, please wait. (1/30)

[Thu Jun 19 10:54:01 AM CST 2025] Success

[Thu Jun 19 10:54:01 AM CST 2025] Verifying: *.microheart.cn

[Thu Jun 19 10:54:03 AM CST 2025] Processing. The CA is processing your order, please wait. (1/30)

[Thu Jun 19 10:54:07 AM CST 2025] Success

[Thu Jun 19 10:54:07 AM CST 2025] Removing DNS records.

[Thu Jun 19 10:54:07 AM CST 2025] Removing txt: DyNPvSIYcRhkj178i3I0kl8je7WcN7Dt42wWw6LTGqg for domain: _acme-challenge.microheart.cn

[Thu Jun 19 10:54:08 AM CST 2025] Successfully removed

[Thu Jun 19 10:54:08 AM CST 2025] Removing txt: PImBwYRamMKBOVLdBF1Qnunq2PvODyU4qLjy8D6AQXA for domain: _acme-challenge.microheart.cn

[Thu Jun 19 10:54:10 AM CST 2025] Successfully removed

[Thu Jun 19 10:54:10 AM CST 2025] Verification finished, beginning signing.

[Thu Jun 19 10:54:10 AM CST 2025] Let's finalize the order.

[Thu Jun 19 10:54:10 AM CST 2025] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/iOJ0NuXJod6k4GdGhSU9Xg/finalize'

[Thu Jun 19 10:54:11 AM CST 2025] Order status is 'processing', let's sleep and retry.

[Thu Jun 19 10:54:11 AM CST 2025] Sleeping for 15 seconds then retrying

[Thu Jun 19 10:54:27 AM CST 2025] Polling order status: https://acme.zerossl.com/v2/DV90/order/iOJ0NuXJod6k4GdGhSU9Xg

[Thu Jun 19 10:54:28 AM CST 2025] Downloading cert.

[Thu Jun 19 10:54:28 AM CST 2025] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/_JHgoSDofdY32f38Ulz37g'

[Thu Jun 19 10:54:29 AM CST 2025] Cert success.

-----BEGIN CERTIFICATE-----

MIIEDDCCA5KgAwIBAgIQV9GPPToKPD0+duHY9ug0GDAKBggqhkjOPQQDAzBLMQsw

CQYDVQQGEwJBVDEQMA4GA1UEChMHWmVyb1NTTDEqMCgGA1UEAxMhWmVyb1NTTCBF

Q0MgRG9tYWluIFNlY3VyZSBTaXRlIENBMB4XDTI1MDYxOTAwMDAwMFoXDTI1MDkx

NzIzNTk1OVowGDEWMBBGA1UEAxMNbWljcm9oZWFydC5jbjBZMBMGByqGSM49AgEG

CCqGSM49AwEHA0IABHY3pEulpkuMaPYZjxP1p+RPZ60Qor8BnfAI9FeSgQQBTXgU

YHSOIGsUBumJtA/Y4TTlB9tEd4sRZerQ5+RDq1CjggKJMIIChTAfBgNVHSMEGDAW

gBQPa+ZLzjlHrvZ+kB558DCRkshfozAdBgNVHQ4EFgQUAQxtQIuzzlptzmuvKcfa

c1GRAtkwDgYDVR0PZQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI

KwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAk4wJTAj

BggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGI

BggrBgEFBQcBAQR8MHowSwYIKwYBBQUHMAKGP2h0dHA6Ly96ZXJvc3NsLmNydC5z

ZWN0aWdvLmNvbS9aZXJvU1NMRUNDRG9tYWluU2VjdXJlU2l0ZUNBLmNydDArBggr

BgEFBQcwAYYfaHR0cDovL3plcm9zc2wub2NzcC5zZWN0aWdvLmNvbTCCAQMGCisG

AQQB1nkCBAIEgfQEgfEA7wB2AN3cyjSV1+EWBeeVMvrHn/g9HFDf2wA6FBJ2Ciys

u8gqAAABl4YbuwYAAAQDAEcwRQIgE/Fc+jEZWW0BUwW3ApWXGkFE7CVgs0OXXBfm

bE4P1AsCIQDad/EbtAAoWGaCZXN+BsIG9nFjf99lLXak6H6lcM85EwB1AA3h8jAr

0w3BQGISCepVLvxHdHyx1+kw7w5CHrR+Tqo0AAABl4YbusEAAAQDAEYwRAIgLPNA

oLipJ9QKSlr18Ba9cZT952PtylFPIpE2+lZVv/kCIGreVmDNYP/Dl7+CQpwP50+Y

BEjQrtCGf/0iEgpY004tMCkGA1UdEQQiMCCCDW1pY3JvaGVhcnQuY26CDyoubWlj

cm9oZWFydC5jbjAKBggqhkjOPQQDAwNoADBlAjEAt3LrQaJSaDVHIilFSxE57jd2

WfhMUxuAAim4aKkcPRP0P7CAEGAtsh5xh/om2FDVAjBY9Np77hLZKZw0NRFXCo0C

H4HcOYDlG+KwRER6uxhqm72fbPIFVskrTehaVxxZvNI=

-----END CERTIFICATE-----

[Thu Jun 19 10:54:29 AM CST 2025] Your cert is in: /home/ecs-user/.acme.sh/microheart.cn_ecc/microheart.cn.cer

[Thu Jun 19 10:54:29 AM CST 2025] Your cert key is in: /home/ecs-user/.acme.sh/microheart.cn_ecc/microheart.cn.key

[Thu Jun 19 10:54:29 AM CST 2025] The intermediate CA cert is in: /home/ecs-user/.acme.sh/microheart.cn_ecc/ca.cer

[Thu Jun 19 10:54:29 AM CST 2025] And the full-chain cert is in: /home/ecs-user/.acme.sh/microheart.cn_ecc/fullchain.cer

4. 生成nginx要使用的证书，直接生成到对应文件夹

acme.sh --install-cert -d microheart.cn \

--key-file /usr/local/nginx/conf/cert/www.microheart.cn.key \

--fullchain-file /usr/local/nginx/conf/cert/www.microheart.cn.pem \

重启nginx

sudo nginx restart

上面是我使用的非root 用户，所以使用的是手动命令.

acme.sh 自动命令（根据自身情况）

acme.sh --install-cert -d microheart.cn \

--key-file /usr/local/nginx/conf/cert/www.microheart.cn.key \

--fullchain-file /usr/local/nginx/conf/cert/www.microheart.cn.pem \

--reloadcmd "service nginx reload"

5. 现在可以通过 acme.sh 进行检查域名https 证书是否生效

acme.sh --info -d microheart.com

[Thu Jun 19 11:35:39 AM CST 2025] The domain 'microheart.cn' seems to already have an ECC cert, let's use it.

DOMAIN_CONF=/home/ecs-user/.acme.sh/microheart.cn_ecc/microheart.cn.conf

Le_Domain=microheart.cn

Le_Alt=*.microheart.cn

Le_Webroot=dns_ali

Le_PreHook=

Le_PostHook=

Le_RenewHook=

Le_API=https://acme.zerossl.com/v2/DV90

Le_Keylength=ec-256

Le_OrderFinalize=https://acme.zerossl.com/v2/DV90/order/iOJ0NuXJod6k4GdGhSU9Xg/finalize

Le_LinkOrder=https://acme.zerossl.com/v2/DV90/order/iOJ0NuXJod6k4GdGhSU9Xg

Le_LinkCert=https://acme.zerossl.com/v2/DV90/cert/_JHgoSDofdY32f38Ulz37g

Le_CertCreateTime=1750301669

Le_CertCreateTimeStr=2025-06-19T02:54:29Z

Le_NextRenewTimeStr=2025-08-17T02:54:29Z

Le_NextRenewTime=1755399269

Le_RealCertPath=

Le_RealCACertPath=

Le_RealKeyPath=/usr/local/nginx/conf/cert/www.microheart.cn.key

Le_ReloadCmd=

Le_RealFullChainPath=/usr/local/nginx/conf/cert/www.microheart.cn.pem

或者通过浏览器访问进行，查看证书时间

6.自动续签证书命令

acme.sh --renew -d example.com --force

7.其他常规acme.sh 的命令

1. 手动升级

acme.sh --upgrade

2. 自动升级

acme.sh --upgrade --auto-upgrade

关闭自动升级

acme.sh --upgrade --auto-upgrade 0

3. debug

acme.sh --issue ..... --debug

4. 查看当前已经签发的域名列表：

acme.sh --list

5. 移除签发域名

acme.sh --remove -d example.com

6. 删除acme.sh

acme.sh --uninstall

·上一篇：CPU温度测试 >> 　　　·下一篇：网站制作学习网