Introduction:#
acme.sh has official Chinese documentation: Documentation · acmesh-official/acme.sh Wiki (github.com)
Requirements:#
Have a brain
Linux system
Internet access
Your domain is hosted on CloudFlare
Getting Started:#
acme.sh is a shell script for Linux that issues free wildcard domain certificates for your domain. This article uses CloudFlare verification (the acme.sh official website provides detailed instructions, for other methods please visit acme.sh)
If you are in mainland China:
git clone https://gitee.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m [email protected]If you are not in mainland China: curl https://get.acme.sh | sh -s [email protected]
Go to CloudFlare API Tokens to get your Global API Key (you need to enter your CloudFlare account password), it is usually a combination of numbers and letters, such as:
763eac4f1bcebd8b5c95e9fc50d010b4
Write the CloudFlare Global API Key to a global variable:
export CF_Key="763eac4f1bcebd8b5c95e9fc50d010b4"Write the CloudFlare bound email to a global variable:
export CF_Email="[email protected]"Start issuing the certificate:
./acme.sh --issue --dns dns_cf -d example.com -d '*.example.com'The issued certificate will be automatically renewed. You can use
crontab -lto view the scheduled task. The certificate files are located in the domain folder inside your user's home directory.acme.sh. The file path is like/root/.acme.sh/example.com. The.cerfile is the certificate file (public key), and the.keyfile is the key file (private key)
Troubleshooting:#
Q: What should I do if I enter the wrong global variable and the certificate issuance fails?
A: Go to the .acme.sh folder in your user's home directory and modify the relevant content in the account.conf file. The file path is like: /root/.acme.sh/account.conf