An ACME Shell script: acme.sh
Acme.sh implements the acme protocol, which can generate free certificates from Let’s Encrypt, and now supports *.domain.com wildcard certificates.
Open the terminal installation support package
sudo apt-get install socat
Install acme.sh, support root and normal account. After the installation is complete, you must close the current terminal and re-open one to make the acme.sh command take effect.
curl https://get.acme.sh | sh
First, you need to go to the DNSPOD background to generate the API Token (if the domain name registered by Tencent Cloud, you can log in to DNSPOD directly with Tencent Cloud account)
Apply for DNS API Token on Tencent Cloud Domain Name Service https://www.dnspod.cn, Security Settings – Create API Token
Obtain the key of the Aliyun Domain Name API. If you log in to the Alibaba Cloud website, click https://ak-console.aliyun.com/#/accesskey to see your key. If you don’t create one, you can create one directly.
Execute the following three commands in sequence, replacing them with your own Id and Key.
export DP_Id="1234" export DP_Key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" acme.sh --issue --dns dns_dp -d mydomian.com -d *.mydomian.com
After waiting for a while, your wildcard certificate is quietly lying at ~/.acme.sh/mydomian.com/
Then configure the certificate, taking Ubuntu as an example, refer to this article.
Apache2 configures https under Ubuntu and forces http to https
Create a new folder to save the certificate. Note that you cannot directly copy the generated certificate to the directory. You need to use the install command.
cd /etc/apache2 sudo mkdir certs cd ~
Install the generated certificate into this directory and save it for reference in Apache2. Enter the following command in the terminal (note that this is a single command, but just change the line) Save the certificate to /etc/apache2/certs
acme.sh --install-cert -d luochenzhimu.com \ --cert-file /etc/apache2/certs/luochenzhimu.com.crt \ --key-file /etc/apache2/certs/luochenzhimu.com.key \ --ca-file /etc/apache2/certs/ca.crt \ --reloadcmd "service apache2 force-reload"
Copy 000-default.conf and default-ssl.conf in the /etc/apache2/sites-available directory to /etc/apache2/sites-enabled
Configure default-ssl.conf as
SSLCertificateFile /etc/apache2/certs/luochenzhimu.com.crt SSLCertificateKeyFile /etc/apache2/certs/luochenzhimu.com.key SSLCertificateChainFile /etc/apache2/certs/ca.crt
Restart apache, you should already be able to access https
sudo service apache2 restart
Follow-up update acme.sh method