为什么不能用acme写certificate.crt?
Why can't write certificate.crt with acme?
root@vultr:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-07-28 02:16:44 UTC; 23min ago
Docs: man:nginx(8)
Main PID: 12999 (nginx)
Tasks: 2 (limit: 1148)
Memory: 8.2M
CGroup: /system.slice/nginx.service
├─12999 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─13000 nginx: worker process
Jul 28 02:16:44 vultr.guest systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 28 02:16:44 vultr.guest systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Jul 28 02:16:44 vultr.guest systemd[1]: Started A high performance web server and a reverse proxy server.
nginx 状态良好
我想用 acme:
创建和编写 certificate.crt
sudo su -l -s /bin/bash acme
curl https://get.acme.sh | sh
export CF_Key="xxxx"
export CF_Email="yyyy@yahoo.com"
CF_Key是我在cloudflare中的全局api键,CF_Email是登录cloudflare的注册邮箱。
acme@vultr:~$ acme.sh --issue --dns dns_cf -d domain.com --debug 2
输出的内容太长了,我不能post这里,所以我上传到termbin.com,我们分享下面的link:
https://termbin.com/taxl
请打开网页,你可以得到整个输出信息,并查看是哪个导致错误,主要有两个问题:
1.Mynginx服务器状态良好,acme.sh检测不到
2.How 可以设置配置文件吗?
[Wed Jul 28 03:04:38 UTC 2021] config file is empty, can not read CA_EAB_KEY_ID
[Wed Jul 28 03:04:38 UTC 2021] config file is empty, can not read CA_EAB_HMAC_KEY
[Wed Jul 28 03:04:38 UTC 2021] config file is empty, can not read CA_EMAIL
将密钥写入指定目录:
acme.sh --install-cert -d domain.com
--key-file /usr/local/etc/certfiles/private.key
--fullchain-file /usr/local/etc/certfiles/certificate.crt
遇到问题:
[Tue Jul 27 01:12:15 UTC 2021] Installing key to:/usr/local/etc/certfiles/private.key
cat: /home/acme/.acme.sh/domain.com/domain.com.key: No such file or directory
查看 /usr/local/etc/certfiles/
中的文件
ls /usr/local/etc/certfiles/
private.key
/usr/local/etc/certfiles/ 中没有 certificate.crt。
那怎么解决呢?
From acme.sh v3.0.0, acme.sh is using Zerossl as default ca, you must
register the account first(one-time) before you can issue new certs.
Here ZeroSSL 与 LetsEncrypt 的比较。
使用 ZeroSSL 作为 CA
您必须在 ZeroSSL 上注册才能颁发证书。要注册 运行 以下命令(假设 yyyy@yahoo.com 是您要注册的电子邮件)
acme.sh --register-account -m yyyy@yahoo.com
现在可以颁发新证书了(假设你已经设置了CF_Key&CF_Email或者CF_Token&CF_Account_ID)
acme.sh --issue --dns dns_cf -d domain.com
没有 ZeroSSL 作为 CA
如果您不想使用 ZeroSSL 而想使用 LetsEncrypt,那么您可以提供服务器选项来颁发证书
acme.sh --issue --dns dns_cf -d domain.com --server letsencrypt
Here 是 CA 服务器的更多选项。
root@vultr:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-07-28 02:16:44 UTC; 23min ago
Docs: man:nginx(8)
Main PID: 12999 (nginx)
Tasks: 2 (limit: 1148)
Memory: 8.2M
CGroup: /system.slice/nginx.service
├─12999 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─13000 nginx: worker process
Jul 28 02:16:44 vultr.guest systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 28 02:16:44 vultr.guest systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Jul 28 02:16:44 vultr.guest systemd[1]: Started A high performance web server and a reverse proxy server.
nginx 状态良好
我想用 acme:
sudo su -l -s /bin/bash acme
curl https://get.acme.sh | sh
export CF_Key="xxxx"
export CF_Email="yyyy@yahoo.com"
CF_Key是我在cloudflare中的全局api键,CF_Email是登录cloudflare的注册邮箱。
acme@vultr:~$ acme.sh --issue --dns dns_cf -d domain.com --debug 2
输出的内容太长了,我不能post这里,所以我上传到termbin.com,我们分享下面的link:
https://termbin.com/taxl
请打开网页,你可以得到整个输出信息,并查看是哪个导致错误,主要有两个问题:
1.Mynginx服务器状态良好,acme.sh检测不到
2.How 可以设置配置文件吗?
[Wed Jul 28 03:04:38 UTC 2021] config file is empty, can not read CA_EAB_KEY_ID
[Wed Jul 28 03:04:38 UTC 2021] config file is empty, can not read CA_EAB_HMAC_KEY
[Wed Jul 28 03:04:38 UTC 2021] config file is empty, can not read CA_EMAIL
将密钥写入指定目录:
acme.sh --install-cert -d domain.com
--key-file /usr/local/etc/certfiles/private.key
--fullchain-file /usr/local/etc/certfiles/certificate.crt
遇到问题:
[Tue Jul 27 01:12:15 UTC 2021] Installing key to:/usr/local/etc/certfiles/private.key
cat: /home/acme/.acme.sh/domain.com/domain.com.key: No such file or directory
查看 /usr/local/etc/certfiles/
ls /usr/local/etc/certfiles/
private.key
/usr/local/etc/certfiles/ 中没有 certificate.crt。
那怎么解决呢?
From acme.sh v3.0.0, acme.sh is using Zerossl as default ca, you must register the account first(one-time) before you can issue new certs.
Here ZeroSSL 与 LetsEncrypt 的比较。
使用 ZeroSSL 作为 CA
您必须在 ZeroSSL 上注册才能颁发证书。要注册 运行 以下命令(假设 yyyy@yahoo.com 是您要注册的电子邮件)
acme.sh --register-account -m yyyy@yahoo.com
现在可以颁发新证书了(假设你已经设置了CF_Key&CF_Email或者CF_Token&CF_Account_ID)
acme.sh --issue --dns dns_cf -d domain.com
没有 ZeroSSL 作为 CA
如果您不想使用 ZeroSSL 而想使用 LetsEncrypt,那么您可以提供服务器选项来颁发证书
acme.sh --issue --dns dns_cf -d domain.com --server letsencrypt
Here 是 CA 服务器的更多选项。