acme cert 证书更新
查到的好像是说90天就得更新。
使用下面命令更新
acme.sh --renew-all
自动更新好像不管用
更新好像需要使用80端口,而nginx占用着80,所以acme从来就没有机会更新。
手动更新时也要先关闭nginx
目前acme默认的ca证书机构是 zerossl(参考:https://github.com/acmesh-official/acme.sh),但是这个B,卡死了,一直签不出来:情况如下:
root@localhost:~/.acme.sh# sudo ~/.acme.sh/acme.sh --issue -d kuaileshui.xyz --server zerossl --standalone -k ec-256
[Sun 10 Apr 2022 05:02:48 AM UTC] Using CA: https://acme.zerossl.com/v2/DV90
[Sun 10 Apr 2022 05:02:48 AM UTC] Standalone mode.
[Sun 10 Apr 2022 05:02:48 AM UTC] Creating domain key
[Sun 10 Apr 2022 05:02:48 AM UTC] The domain key is here: /root/.acme.sh/kuaileshui.xyz_ecc/kuaileshui.xyz.key
[Sun 10 Apr 2022 05:02:48 AM UTC] Single domain='kuaileshui.xyz'
[Sun 10 Apr 2022 05:02:48 AM UTC] Getting domain auth token for each domain
[Sun 10 Apr 2022 05:03:14 AM UTC] Getting webroot for domain='kuaileshui.xyz'
[Sun 10 Apr 2022 05:03:14 AM UTC] Verifying: kuaileshui.xyz
[Sun 10 Apr 2022 05:03:14 AM UTC] Standalone mode server
[Sun 10 Apr 2022 05:03:21 AM UTC] Processing, The CA is processing your order, please just wait. (1/30)
[Sun 10 Apr 2022 05:03:28 AM UTC] Success
[Sun 10 Apr 2022 05:03:28 AM UTC] Verify finished, start to sign.
[Sun 10 Apr 2022 05:03:28 AM UTC] Lets finalize the order.
[Sun 10 Apr 2022 05:03:28 AM UTC] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/p******J/finalize'
[Sun 10 Apr 2022 05:03:34 AM UTC] Order status is processing, lets sleep and retry.
[Sun 10 Apr 2022 05:03:34 AM UTC] Retry after: 15
[Sun 10 Apr 2022 05:03:50 AM UTC] Polling order status: https://acme.zerossl.com/v2/DV90/order/p******J/
[Sun 10 Apr 2022 05:03:54 AM UTC] Order status is processing, lets sleep and retry.
[Sun 10 Apr 2022 05:03:54 AM UTC] Retry after: 15
[Sun 10 Apr 2022 05:04:10 AM UTC] Polling order status: https://acme.zerossl.com/v2/DV90/order/p******J/
[Sun 10 Apr 2022 05:04:11 AM UTC] Order status is processing, lets sleep and retry.
[Sun 10 Apr 2022 05:04:11 AM UTC] Retry after: 15
[Sun 10 Apr 2022 05:04:27 AM UTC] Polling order status: https://acme.zerossl.com/v2/DV90/order/p******J/
[Sun 10 Apr 2022 05:04:35 AM UTC] Order status is processing, lets sleep and retry.
[Sun 10 Apr 2022 05:04:35 AM UTC] Retry after: 15
[Sun 10 Apr 2022 05:04:52 AM UTC] Polling order status: https://acme.zerossl.com/v2/DV90/order/p******J/
[Sun 10 Apr 2022 05:05:01 AM UTC] Order status is processing, lets sleep and retry.
[Sun 10 Apr 2022 05:05:01 AM UTC] Retry after: 15
[Sun 10 Apr 2022 05:05:17 AM UTC] Polling order status: https://acme.zerossl.com/v2/DV90/order/p******J/
[Sun 10 Apr 2022 05:05:23 AM UTC] Order status is processing, lets sleep and retry.
[Sun 10 Apr 2022 05:05:23 AM UTC] Retry after: 15
[Sun 10 Apr 2022 05:05:39 AM UTC] Polling order status: https://acme.zerossl.com/v2/DV90/order/p******J/
[Sun 10 Apr 2022 05:05:43 AM UTC] Order status is processing, lets sleep and retry.
[Sun 10 Apr 2022 05:05:43 AM UTC] Retry after: 15
[Sun 10 Apr 2022 05:05:59 AM UTC] Polling order status: https://acme.zerossl.com/v2/DV90/order/p******J/
[Sun 10 Apr 2022 05:06:05 AM UTC] Order status is processing, lets sleep and retry.
[Sun 10 Apr 2022 05:06:05 AM UTC] Retry after: 15
[Sun 10 Apr 2022 05:06:21 AM UTC] Polling order status: https://acme.zerossl.com/v2/DV90/order/p******J/
[Sun 10 Apr 2022 05:06:31 AM UTC] Order status is processing, lets sleep and retry.
[Sun 10 Apr 2022 05:06:31 AM UTC] Retry after: 15
[Sun 10 Apr 2022 05:06:47 AM UTC] Polling order status: https://acme.zerossl.com/v2/DV90/order/p******J/
[Sun 10 Apr 2022 05:06:56 AM UTC] Order status is processing, lets sleep and retry.
[Sun 10 Apr 2022 05:06:56 AM UTC] Retry after: 15
1^C
所以可以用--server再指定回原来的letsencrypt.org
sudo ~/.acme.sh/acme.sh --issue -d mydomain.com --server Letsencrypt.org --standalone -k ec-256