[ssl]acme.sh 免費幫客戶申請證書

# [ssl]acme.sh 免費幫客戶申請證書 ###### tags: `證書` `ssl` :::success #安裝 curl https://get.acme.sh | sh ::: ![](https://i.imgur.com/gbpJP8B.png) :::success #绑定email sh /root/.acme.sh/acme.sh --register-account -m TD-larry@mail.idcduty.com --server zerossl #登入 sh /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt ::: ![](https://i.imgur.com/SAbtmyv.png) ## :triangular_flag_on_post: 問題探討 :::warning 注意事項 ::: - 每次申請證書最多最多100條不行就分割conf - 先確認解析是否正確腳本上也有判定有缺的解析就會傳TG - 建立證書吃到的目錄位置腳本會直接去處理一條龍 ![](https://i.imgur.com/H4X9i5u.png) ```shell= #tg群組跟機器人 chat_id='-651507342' token='bot1033770595:AAH6-wqoOw37Z2A5LQruDQTt-c9cmcoLdtA' #####查询以及整理域名 Tenant=`hostname |awk -F'-' '{print $2}'` #需要修改下證書放置路徑(這邊要填寫) SslPath=/opt/lucky/openresty/nginx/conf/keys/larry #建立目錄 mkdir ${SslPath} && chown -R swadmin:swadmin ${SslPath} #需要指定要的設定檔案(這邊要填寫) NginxPath=/opt/lucky/openresty/nginx/conf/vhosts/kc188/larry.conf cat ${NginxPath} |grep "server_name " | awk -F 'server_name' '{print $2}' |awk -F';' '{print $1}' > domain.txt expire_domain=/root/.acme.sh/ErrorDomainList.txt #######清空 echo " " > ErrorDomainList.txt echo " " > d-domain.txt #判斷域名解析 DomainList=`cat domain.txt|xargs` for i in $DomainList;do echo "-d $i" >> d-domain.txt DomainResults=`dig $i |grep $Tenant|wc -l` if [ $DomainResults -eq 0 ];then echo "$i 没有解析" >>ErrorDomainList.txt fi done #用檔案大小判斷 (沒用-s 因為他不是為0) filesize=`ls -l ErrorDomainList.txt | awk '{print $5}'` maxsize=$((1*2)) #######将解析异常的域名发送到TG if [ $filesize -gt ${maxsize} ];then message='申請免費證書尚未解析域名,請查閱' curl -F chat_id="$chat_id" -F document=@"$expire_domain" -F caption="$message" https://api.telegram.org/$token/sendDocument fi ######## 开始执行申请证书处理 Ssl=`cat d-domain.txt|xargs` #echo $Ssl /root/.acme.sh/acme.sh --issue ${Ssl} -w /opt/letsencrypt --key-file ${SslPath}/server.key --fullchain-file ${SslPath}/server.crt --force chown -R swadmin:swadmin ${SslPath}/* #證書位置 ssl_key=`echo $SslPath |awk -F '/' '{print $8}'` #開啟強跳取代目前的路徑 sed -i "s/keys\/abcty\//keys\/$ssl_key\//g" ${NginxPath} sed -i "s/# if ( \$scheme \= http ){/ if ( \$scheme \= http ){/g" ${NginxPath} sed -i "s/# return 301 https:\/\/\$server_name\$request_uri;/ return 301 https:\/\/\$host\$request_uri;/g" ${NginxPath} sed -i "s/# return 301 https:\/\/\$host\$request_uri;/ return 301 https:\/\/\$host\$request_uri;/g" ${NginxPath} sed -i "s/# }/ }/g" ${NginxPath} #nginx reload /opt/lucky/openresty/nginx/sbin/nginx -t /opt/lucky/openresty/nginx/sbin/nginx -s reload /opt/lucky/openresty/nginx/sbin/nginx -t ``` :::warning 解析錯誤告警就會出現以下圖示 (後續動作也不會繼續) ::: ![](https://i.imgur.com/NzvBXPq.png) :::warning 成功生產證書示意圖 ::: ![](https://i.imgur.com/twBgZQi.png) ![](https://i.imgur.com/Zvue2kW.png)