acme.sh wildcard cert and domian
2018-12-05 本文已影响0人
akka9
# domain.com not support acme api, dpmoain.cn support acme (eg. dnspod )
# config domain.com cname
_acme-challenge CNAME _acme-challenge.dpdomain.cn # for *.domain.com
_acme-challenge.api CNAME _acme-challenge.dpdomain.cn # for *.api.domain.com
_acme-challenge.sub CNAME _acme-challenge.dpdomain.cn # for *.sub.domain.com
crontab -l
#25 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
25 0 13,26 * * bash /root/acme.sh/acme.sh --upgrade
25 0 14,28 * * bash /root/start_acme.sh > /dev/null
# /root/start_acme.sh
export DP_Id="idddddddddddd"
export DP_Key="keyyyyyy"
/root/.acme.sh/acme.sh --issue --dns dns_dp \
-d domain.com --challenge-alias dpdomain.cn \
-d *.mirr.domain.com --challenge-alias dpdomain.cn \
-d *.sub.domain.com --challenge-alias dpdomain.cn \
-d *.dev.domain.com --challenge-alias dpdomain.cn \
-d *.test.domain.com --challenge-alias dpdomain.cn \
-d *.api.domain.com --challenge-alias dpdomain.cn \
-d *.rd.domain.com --challenge-alias dpdomain.cn \
-d *.domain.com --challenge-alias dpdomain.cn \
--keylength ec-256 --debug --log
mkdir -p /app/acme
\cp -f /root/.acme.sh/domain.com_ecc/domain.com.key /app/acme/ecc.key
\cp -f /root/.acme.sh/domain.com_ecc/fullchain.cer /app/acme/ecc.crt
## rsync crt to remote
# monit check cert timestamp, auto reload nginx
check file nginx_crt with path /app/acme/ecc.crt
start program = "/bin/systemctl start nginx " with timeout 60 seconds
stop program = "/bin/systemctl stop nginx"
if changed timestamp then exec "/bin/systemctl reload nginx"
