mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 13:11:41 +00:00
Merge branch 'dev' of https://github.com/Neilpang/acme.sh into dev
This commit is contained in:
commit
88a8d7d901
14
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
14
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
@ -0,0 +1,14 @@
|
||||
<!--
|
||||
|
||||
|
||||
|
||||
Do NOT send pull request to `master` branch.
|
||||
|
||||
|
||||
Please send to `dev` branch instead.
|
||||
|
||||
|
||||
Any PR to `master` branch will NOT be merged.
|
||||
|
||||
|
||||
-->
|
211
README.md
211
README.md
@ -1,21 +1,23 @@
|
||||
# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)
|
||||
- An ACME protocol client written purely in Shell (Unix shell) language.
|
||||
- Fully ACME protocol implementation.
|
||||
- Simple, powerful and very easy to use. You only need 3 minutes to learn.
|
||||
- Bash, dash and sh compatible.
|
||||
- Full ACME protocol implementation.
|
||||
- Simple, powerful and very easy to use. You only need 3 minutes to learn it.
|
||||
- Bash, dash and sh compatible.
|
||||
- Simplest shell script for Let's Encrypt free certificate client.
|
||||
- Purely written in Shell with no dependencies on python or Let's Encrypt official client.
|
||||
- Just one script, to issue, renew and install your certificates automatically.
|
||||
- Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
|
||||
- Just one script to issue, renew and install your certificates automatically.
|
||||
- DOES NOT require `root/sudoer` access.
|
||||
|
||||
It's probably the `easiest&smallest&smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt.
|
||||
|
||||
|
||||
Wiki: https://github.com/Neilpang/acme.sh/wiki
|
||||
|
||||
|
||||
# [中文说明](https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E)
|
||||
|
||||
#Tested OS
|
||||
|
||||
# Tested OS
|
||||
|
||||
| NO | Status| Platform|
|
||||
|----|-------|---------|
|
||||
|1|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/ubuntu-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Ubuntu
|
||||
@ -38,41 +40,39 @@ Wiki: https://github.com/Neilpang/acme.sh/wiki
|
||||
|18|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/solaris.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|SunOS/Solaris
|
||||
|19|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/gentoo-stage3-amd64.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Gentoo Linux
|
||||
|
||||
For all build statuses, check our [daily build project](https://github.com/Neilpang/acmetest):
|
||||
For all build statuses, check our [daily build project](https://github.com/Neilpang/acmetest):
|
||||
|
||||
https://github.com/Neilpang/acmetest
|
||||
|
||||
# Supported Mode
|
||||
|
||||
1. Webroot mode
|
||||
2. Standalone mode
|
||||
3. Apache mode
|
||||
4. Dns mode
|
||||
# Supported modes
|
||||
|
||||
- Webroot mode
|
||||
- Standalone mode
|
||||
- Apache mode
|
||||
- DNS mode
|
||||
|
||||
|
||||
# 1. How to install
|
||||
|
||||
### 1. Install online:
|
||||
### 1. Install online
|
||||
|
||||
Check this project: https://github.com/Neilpang/get.acme.sh
|
||||
|
||||
```bash
|
||||
curl https://get.acme.sh | sh
|
||||
|
||||
```
|
||||
|
||||
Or:
|
||||
|
||||
```bash
|
||||
wget -O - https://get.acme.sh | sh
|
||||
|
||||
```
|
||||
|
||||
|
||||
### 2. Or, Install from git:
|
||||
### 2. Or, Install from git
|
||||
|
||||
Clone this project:
|
||||
Clone this project and launch installation:
|
||||
|
||||
```bash
|
||||
git clone https://github.com/Neilpang/acme.sh.git
|
||||
@ -82,14 +82,14 @@ cd ./acme.sh
|
||||
|
||||
You `don't have to be root` then, although `it is recommended`.
|
||||
|
||||
Advanced Installation: https://github.com/Neilpang/acme.sh/wiki/How-to-install
|
||||
Advanced Installation: https://github.com/Neilpang/acme.sh/wiki/How-to-install
|
||||
|
||||
The installer will perform 3 actions:
|
||||
|
||||
1. Create and copy `acme.sh` to your home dir (`$HOME`): `~/.acme.sh/`.
|
||||
All certs will be placed in this folder.
|
||||
2. Create alias for: `acme.sh=~/.acme.sh/acme.sh`.
|
||||
3. Create everyday cron job to check and renew the cert if needed.
|
||||
1. Create and copy `acme.sh` to your home dir (`$HOME`): `~/.acme.sh/`.
|
||||
All certs will be placed in this folder too.
|
||||
2. Create alias for: `acme.sh=~/.acme.sh/acme.sh`.
|
||||
3. Create daily cron job to check and renew the certs if needed.
|
||||
|
||||
Cron entry example:
|
||||
|
||||
@ -97,18 +97,17 @@ Cron entry example:
|
||||
0 0 * * * "/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null
|
||||
```
|
||||
|
||||
After the installation, you must close current terminal and reopen again to make the alias take effect.
|
||||
After the installation, you must close the current terminal and reopen it to make the alias take effect.
|
||||
|
||||
Ok, you are ready to issue certs now.
|
||||
|
||||
Ok, you are ready to issue cert now.
|
||||
Show help message:
|
||||
|
||||
```
|
||||
|
||||
root@v1:~# acme.sh -h
|
||||
|
||||
```
|
||||
|
||||
# 2. Just issue a cert:
|
||||
|
||||
# 2. Just issue a cert
|
||||
|
||||
**Example 1:** Single domain.
|
||||
|
||||
@ -119,56 +118,57 @@ acme.sh --issue -d example.com -w /home/wwwroot/example.com
|
||||
**Example 2:** Multiple domains in the same cert.
|
||||
|
||||
```bash
|
||||
acme.sh --issue -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com
|
||||
acme.sh --issue -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com
|
||||
```
|
||||
|
||||
The parameter `/home/wwwroot/example.com` is the web root folder. You **MUST** have `write access` to this folder.
|
||||
|
||||
Second argument **"example.com"** is the main domain you want to issue cert for.
|
||||
You must have at least a domain there.
|
||||
Second argument **"example.com"** is the main domain you want to issue the cert for.
|
||||
You must have at least one domain there.
|
||||
|
||||
You must point and bind all the domains to the same webroot dir: `/home/wwwroot/example.com`.
|
||||
|
||||
Generate/issued certs will be placed in `~/.acme.sh/example.com/`
|
||||
Generated/issued certs will be placed in `~/.acme.sh/example.com/`
|
||||
|
||||
The issued cert will be renewed every **60** days automatically.
|
||||
The issued cert will be renewed automatically every **60** days.
|
||||
|
||||
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
||||
|
||||
|
||||
# 3. Install the issued cert to apache/nginx etc.
|
||||
# 3. Install the issued cert to Apache/Nginx etc.
|
||||
|
||||
After you issue a cert, you probably want to install/copy the cert to your nginx/apache or other servers.
|
||||
You **MUST** use this command to copy the certs to the target files, **Do NOT** use the certs files in **.acme.sh/** folder, they are for internal use only, the folder structure may change in future.
|
||||
After you issue a cert, you probably want to install/copy the cert to your Apache/Nginx or other servers.
|
||||
You **MUST** use this command to copy the certs to the target files, **DO NOT** use the certs files in **~/.acme.sh/** folder, they are for internal use only, the folder structure may change in the future.
|
||||
|
||||
**nginx** example
|
||||
**Apache** example:
|
||||
```bash
|
||||
acme.sh --installcert -d example.com \
|
||||
--keypath /path/to/keyfile/in/nginx/key.pem \
|
||||
--fullchainpath path/to/fullchain/nginx/cert.pem \
|
||||
--reloadcmd "service nginx restart"
|
||||
--certpath /path/to/certfile/in/apache/cert.pem \
|
||||
--keypath /path/to/keyfile/in/apache/key.pem \
|
||||
--fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \
|
||||
--reloadcmd "service apache2 restart"
|
||||
```
|
||||
|
||||
**apache** example
|
||||
**Nginx** example:
|
||||
```bash
|
||||
acme.sh --installcert -d example.com \
|
||||
--certpath /path/to/certfile/in/apache/cert.pem \
|
||||
--keypath /path/to/keyfile/in/apache/key.pem \
|
||||
--fullchainpath path/to/fullchain/certfile/apache/fullchain.pem \
|
||||
--reloadcmd "service apache2 restart"
|
||||
--keypath /path/to/keyfile/in/nginx/key.pem \
|
||||
--fullchainpath /path/to/fullchain/nginx/cert.pem \
|
||||
--reloadcmd "service nginx restart"
|
||||
```
|
||||
|
||||
Only the domain is required, all the other parameters are optional.
|
||||
|
||||
Install/copy the issued cert/key to the production apache or nginx path.
|
||||
Install/copy the issued cert/key to the production Apache or Nginx path.
|
||||
|
||||
The cert will be `renewed every **60** days by default` (which is configurable). Once the cert is renewed, the Apache/Nginx service will be restarted automatically by the command: `service apache2 restart` or `service nginx restart`.
|
||||
|
||||
The cert will be `renewed every **60** days by default` (which is configurable). Once the cert is renewed, the apache/nginx will be automatically reloaded by the command: `service apache2 reload` or `service nginx reload`.
|
||||
|
||||
# 4. Use Standalone server to issue cert
|
||||
|
||||
**(requires you be root/sudoer, or you have permission to listen tcp 80 port)**
|
||||
**(requires you to be root/sudoer or have permission to listen on port 80 (TCP))**
|
||||
|
||||
The tcp `80` port **MUST** be free to listen, otherwise you will be prompted to free the `80` port and try again.
|
||||
Port `80` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again.
|
||||
|
||||
```bash
|
||||
acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
|
||||
@ -176,13 +176,14 @@ acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
|
||||
|
||||
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
||||
|
||||
# 5. Use Standalone tls server to issue cert
|
||||
|
||||
**(requires you be root/sudoer, or you have permission to listen tcp 443 port)**
|
||||
# 5. Use Standalone TLS server to issue cert
|
||||
|
||||
**(requires you to be root/sudoer or have permission to listen on port 443 (TCP))**
|
||||
|
||||
acme.sh supports `tls-sni-01` validation.
|
||||
|
||||
The tcp `443` port **MUST** be free to listen, otherwise you will be prompted to free the `443` port and try again.
|
||||
Port `443` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again.
|
||||
|
||||
```bash
|
||||
acme.sh --issue --tls -d example.com -d www.example.com -d cp.example.com
|
||||
@ -190,31 +191,33 @@ acme.sh --issue --tls -d example.com -d www.example.com -d cp.example.com
|
||||
|
||||
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
||||
|
||||
|
||||
# 6. Use Apache mode
|
||||
|
||||
**(requires you be root/sudoer, since it is required to interact with apache server)**
|
||||
**(requires you to be root/sudoer, since it is required to interact with Apache server)**
|
||||
|
||||
If you are running a web server, apache or nginx, it is recommended to use the `Webroot mode`.
|
||||
If you are running a web server, Apache or Nginx, it is recommended to use the `Webroot mode`.
|
||||
|
||||
Particularly, if you are running an apache server, you should use apache mode instead. This mode doesn't write any files to your web root folder.
|
||||
Particularly, if you are running an Apache server, you should use Apache mode instead. This mode doesn't write any files to your web root folder.
|
||||
|
||||
Just set string "apache" as the second argument, it will force use of apache plugin automatically.
|
||||
Just set string "apache" as the second argument and it will force use of apache plugin automatically.
|
||||
|
||||
```
|
||||
acme.sh --issue --apache -d example.com -d www.example.com -d user.example.com
|
||||
acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com
|
||||
```
|
||||
|
||||
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
||||
|
||||
|
||||
# 7. Use DNS mode:
|
||||
|
||||
Support the `dns-01` challenge.
|
||||
|
||||
```bash
|
||||
acme.sh --issue --dns -d example.com -d www.example.com -d user.example.com
|
||||
acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com
|
||||
```
|
||||
|
||||
You should get the output like below:
|
||||
You should get an output like below:
|
||||
|
||||
```
|
||||
Add the following txt record:
|
||||
@ -226,7 +229,6 @@ Domain:_acme-challenge.www.example.com
|
||||
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
|
||||
Please add those txt records to the domains. Waiting for the dns to take effect.
|
||||
|
||||
```
|
||||
|
||||
Then just rerun with `renew` argument:
|
||||
@ -237,53 +239,55 @@ acme.sh --renew -d example.com
|
||||
|
||||
Ok, it's finished.
|
||||
|
||||
|
||||
# 8. Automatic DNS API integration
|
||||
|
||||
If your DNS provider supports API access, we can use API to automatically issue the certs.
|
||||
If your DNS provider supports API access, we can use that API to automatically issue the certs.
|
||||
|
||||
You don't have do anything manually!
|
||||
You don't have to do anything manually!
|
||||
|
||||
### Currently acme.sh supports:
|
||||
|
||||
1. Cloudflare.com API
|
||||
2. Dnspod.cn API
|
||||
3. Cloudxns.com API
|
||||
4. Godaddy.com API
|
||||
5. OVH, kimsufi, soyoustart and runabove API
|
||||
6. AWS Route 53, see: https://github.com/Neilpang/acme.sh/issues/65
|
||||
7. PowerDNS API
|
||||
8. lexicon dns api: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
|
||||
(DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.)
|
||||
9. LuaDNS.com API
|
||||
10. DNSMadeEasy.com API
|
||||
11. nsupdate
|
||||
1. CloudFlare.com API
|
||||
1. DNSPod.cn API
|
||||
1. CloudXNS.com API
|
||||
1. GoDaddy.com API
|
||||
1. OVH, kimsufi, soyoustart and runabove API
|
||||
1. AWS Route 53, see: https://github.com/Neilpang/acme.sh/issues/65
|
||||
1. PowerDNS.com API
|
||||
1. lexicon DNS API: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
|
||||
(DigitalOcean, DNSimple, DNSMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.)
|
||||
1. LuaDNS.com API
|
||||
1. DNSMadeEasy.com API
|
||||
1. nsupdate API
|
||||
|
||||
##### More APIs are coming soon...
|
||||
**More APIs coming soon...**
|
||||
|
||||
If your DNS provider is not on the supported list above, you can write your own script API easily. If you do please consider submitting a [Pull Request](https://github.com/Neilpang/acme.sh/pulls) and contribute to the project.
|
||||
If your DNS provider is not on the supported list above, you can write your own DNS API script easily. If you do, please consider submitting a [Pull Request](https://github.com/Neilpang/acme.sh/pulls) and contribute it to the project.
|
||||
|
||||
For more details: [How to use dns api](dnsapi)
|
||||
For more details: [How to use DNS API](dnsapi)
|
||||
|
||||
# 9. Issue ECC certificate:
|
||||
|
||||
`Let's Encrypt` now can issue **ECDSA** certificates.
|
||||
# 9. Issue ECC certificates
|
||||
|
||||
And we also support it.
|
||||
`Let's Encrypt` can now issue **ECDSA** certificates.
|
||||
|
||||
And we support them too!
|
||||
|
||||
Just set the `length` parameter with a prefix `ec-`.
|
||||
|
||||
For example:
|
||||
|
||||
### Single domain ECC cerfiticate:
|
||||
### Single domain ECC cerfiticate
|
||||
|
||||
```bash
|
||||
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
|
||||
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
|
||||
```
|
||||
|
||||
SAN multi domain ECC certificate:
|
||||
### SAN multi domain ECC certificate
|
||||
|
||||
```bash
|
||||
acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256
|
||||
acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256
|
||||
```
|
||||
|
||||
Please look at the last parameter above.
|
||||
@ -295,40 +299,48 @@ Valid values are:
|
||||
3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)**
|
||||
|
||||
|
||||
# 10. How to renew the cert
|
||||
# 10. How to renew the issued certs
|
||||
|
||||
No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
|
||||
No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
|
||||
|
||||
However, you can also force to renew any cert:
|
||||
|
||||
```
|
||||
acme.sh --renew -d example.com --force
|
||||
acme.sh --renew -d example.com --force
|
||||
```
|
||||
|
||||
or, for ECC cert:
|
||||
|
||||
```
|
||||
acme.sh --renew -d example.com --force --ecc
|
||||
acme.sh --renew -d example.com --force --ecc
|
||||
```
|
||||
|
||||
|
||||
# 11. How to upgrade `acme.sh`
|
||||
acme.sh is in developing, it's strongly recommended to use the latest code.
|
||||
|
||||
acme.sh is in constant developement, so it's strongly recommended to use the latest code.
|
||||
|
||||
You can update acme.sh to the latest code:
|
||||
|
||||
```
|
||||
acme.sh --upgrade
|
||||
```
|
||||
|
||||
You can enable auto upgrade:
|
||||
You can also enable auto upgrade:
|
||||
|
||||
```
|
||||
acme.sh --upgrade --auto-upgrade
|
||||
acme.sh --upgrade --auto-upgrade
|
||||
```
|
||||
Then **acme.sh** will keep up to date automatically.
|
||||
|
||||
Then **acme.sh** will be kept up to date automatically.
|
||||
|
||||
Disable auto upgrade:
|
||||
|
||||
```
|
||||
acme.sh --upgrade --auto-upgrade 0
|
||||
acme.sh --upgrade --auto-upgrade 0
|
||||
```
|
||||
|
||||
|
||||
# 12. Issue a cert from an existing CSR
|
||||
|
||||
https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR
|
||||
@ -340,22 +352,25 @@ Speak ACME language using shell, directly to "Let's Encrypt".
|
||||
|
||||
TODO:
|
||||
|
||||
# Acknowledgment
|
||||
|
||||
# Acknowledgments
|
||||
|
||||
1. Acme-tiny: https://github.com/diafygi/acme-tiny
|
||||
2. ACME protocol: https://github.com/ietf-wg-acme/acme
|
||||
3. Certbot: https://github.com/certbot/certbot
|
||||
|
||||
|
||||
# License & Others
|
||||
|
||||
License is GPLv3
|
||||
|
||||
Please Star and Fork me.
|
||||
|
||||
[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcomed.
|
||||
[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome.
|
||||
|
||||
|
||||
# Donate
|
||||
1. PayPal: donate@acme.sh
|
||||
|
||||
1. PayPal: donate@acme.sh
|
||||
|
||||
[Donate List](https://github.com/Neilpang/acme.sh/wiki/Donate-list)
|
||||
|
||||
|
7
acme.sh
7
acme.sh
@ -247,9 +247,12 @@ _exists() {
|
||||
_usage "Usage: _exists cmd"
|
||||
return 1
|
||||
fi
|
||||
if command >/dev/null 2>&1; then
|
||||
|
||||
if eval type type >/dev/null 2>&1; then
|
||||
eval type "$cmd" >/dev/null 2>&1
|
||||
elif command >/dev/null 2>&1; then
|
||||
command -v "$cmd" >/dev/null 2>&1
|
||||
elif which ls >/dev/null 2>&1; then
|
||||
else
|
||||
which "$cmd" >/dev/null 2>&1
|
||||
fi
|
||||
ret="$?"
|
||||
|
129
dnsapi/README.md
129
dnsapi/README.md
@ -1,99 +1,80 @@
|
||||
# How to use dns api
|
||||
# How to use DNS API
|
||||
|
||||
## 1. Use CloudFlare domain api to automatically issue cert
|
||||
## 1. Use CloudFlare domain API to automatically issue cert
|
||||
|
||||
For now, we support clourflare integeration.
|
||||
|
||||
First you need to login to your clourflare account to get your api key.
|
||||
First you need to login to your CloudFlare account to get your API key.
|
||||
|
||||
```
|
||||
export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
||||
|
||||
export CF_Email="xxxx@sss.com"
|
||||
|
||||
```
|
||||
|
||||
Ok, let's issue cert now:
|
||||
Ok, let's issue a cert now:
|
||||
```
|
||||
acme.sh --issue --dns dns_cf -d example.com -d www.example.com
|
||||
acme.sh --issue --dns dns_cf -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf`, when next time you use cloudflare api, it will reuse this key.
|
||||
The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
|
||||
## 2. Use DNSPod.cn domain API to automatically issue cert
|
||||
|
||||
## 2. Use Dnspod.cn domain api to automatically issue cert
|
||||
|
||||
For now, we support dnspod.cn integeration.
|
||||
|
||||
First you need to login to your dnspod.cn account to get your api key and key id.
|
||||
First you need to login to your DNSPod account to get your API Key and ID.
|
||||
|
||||
```
|
||||
export DP_Id="1234"
|
||||
|
||||
export DP_Key="sADDsdasdgdsf"
|
||||
|
||||
```
|
||||
|
||||
Ok, let's issue cert now:
|
||||
Ok, let's issue a cert now:
|
||||
```
|
||||
acme.sh --issue --dns dns_dp -d example.com -d www.example.com
|
||||
acme.sh --issue --dns dns_dp -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf`, when next time you use dnspod.cn api, it will reuse this key.
|
||||
The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
|
||||
## 3. Use Cloudxns.com domain api to automatically issue cert
|
||||
## 3. Use CloudXNS.com domain API to automatically issue cert
|
||||
|
||||
For now, we support Cloudxns.com integeration.
|
||||
|
||||
First you need to login to your Cloudxns.com account to get your api key and key secret.
|
||||
First you need to login to your CloudXNS account to get your API Key and Secret.
|
||||
|
||||
```
|
||||
export CX_Key="1234"
|
||||
|
||||
export CX_Secret="sADDsdasdgdsf"
|
||||
|
||||
```
|
||||
|
||||
Ok, let's issue cert now:
|
||||
Ok, let's issue a cert now:
|
||||
```
|
||||
acme.sh --issue --dns dns_cx -d example.com -d www.example.com
|
||||
acme.sh --issue --dns dns_cx -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use Cloudxns.com api, it will reuse this key.
|
||||
The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
|
||||
## 4. Use Godaddy.com domain api to automatically issue cert
|
||||
## 4. Use GoDaddy.com domain API to automatically issue cert
|
||||
|
||||
We support Godaddy integration.
|
||||
|
||||
First you need to login to your Godaddy account to get your api key and api secret.
|
||||
First you need to login to your GoDaddy account to get your API Key and Secret.
|
||||
|
||||
https://developer.godaddy.com/keys/
|
||||
|
||||
Please Create a Production key, instead of a Test key.
|
||||
|
||||
Please create a Production key, instead of a Test key.
|
||||
|
||||
```
|
||||
export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
||||
|
||||
export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"
|
||||
|
||||
```
|
||||
|
||||
Ok, let's issue cert now:
|
||||
Ok, let's issue a cert now:
|
||||
```
|
||||
acme.sh --issue --dns dns_gd -d example.com -d www.example.com
|
||||
acme.sh --issue --dns dns_gd -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use cloudflare api, it will reuse this key.
|
||||
The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
## 5. Use PowerDNS embedded api to automatically issue cert
|
||||
|
||||
We support PowerDNS embedded API integration.
|
||||
## 5. Use PowerDNS embedded API to automatically issue cert
|
||||
|
||||
First you need to enable api and set your api-token in PowerDNS configuration.
|
||||
First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration.
|
||||
|
||||
https://doc.powerdns.com/md/httpapi/README/
|
||||
|
||||
@ -102,21 +83,21 @@ export PDNS_Url="http://ns.example.com:8081"
|
||||
export PDNS_ServerId="localhost"
|
||||
export PDNS_Token="0123456789ABCDEF"
|
||||
export PDNS_Ttl=60
|
||||
|
||||
```
|
||||
|
||||
Ok, let's issue cert now:
|
||||
Ok, let's issue a cert now:
|
||||
```
|
||||
acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
|
||||
acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`.
|
||||
The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
|
||||
## 6. Use OVH/kimsufi/soyoustart/runabove API
|
||||
## 6. Use OVH/kimsufi/soyoustart/runabove API to automatically issue cert
|
||||
|
||||
https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
|
||||
|
||||
|
||||
## 7. Use nsupdate to automatically issue cert
|
||||
|
||||
First, generate a key for updating the zone
|
||||
@ -137,6 +118,7 @@ include "/etc/named/keys/update.key";
|
||||
```
|
||||
|
||||
Next, configure your zone to allow dynamic updates.
|
||||
|
||||
Depending on your named version, use either
|
||||
```
|
||||
zone "example.com" {
|
||||
@ -153,18 +135,21 @@ zone "example.com" {
|
||||
};
|
||||
}
|
||||
```
|
||||
Finally, make the dns server and update key available to `acme.sh`
|
||||
|
||||
Finally, make the DNS server and update Key available to `acme.sh`
|
||||
|
||||
```
|
||||
export NSUPDATE_SERVER=dns.example.com
|
||||
export NSUPDATE_KEY=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa==
|
||||
export NSUPDATE_SERVER="dns.example.com"
|
||||
export NSUPDATE_KEY="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=="
|
||||
```
|
||||
|
||||
Ok, let's issue cert now:
|
||||
Ok, let's issue a cert now:
|
||||
```
|
||||
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
|
||||
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf`.
|
||||
The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
|
||||
## 8. Use LuaDNS domain API
|
||||
|
||||
@ -172,17 +157,16 @@ Get your API token at https://api.luadns.com/settings
|
||||
|
||||
```
|
||||
export LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
||||
|
||||
export LUA_Email="xxxx@sss.com"
|
||||
|
||||
```
|
||||
|
||||
To issue a cert:
|
||||
```
|
||||
acme.sh --issue --dns dns_lua --dnssleep 3 -d example.com -d www.example.com
|
||||
acme.sh --issue --dns dns_lua -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed.
|
||||
The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
|
||||
## 9. Use DNSMadeEasy domain API
|
||||
|
||||
@ -190,39 +174,34 @@ Get your API credentials at https://cp.dnsmadeeasy.com/account/info
|
||||
|
||||
```
|
||||
export ME_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
||||
|
||||
export ME_Secret="qdfqsdfkjdskfj"
|
||||
|
||||
```
|
||||
|
||||
To issue a cert:
|
||||
```
|
||||
acme.sh --issue --dns dns_me --dnssleep 3 -d example.com -d www.example.com
|
||||
acme.sh --issue --dns dns_me -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed.
|
||||
The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
# 10. Use custom api
|
||||
|
||||
If your api is not supported yet, you can write your own dns api.
|
||||
# 10. Use custom API
|
||||
|
||||
Let's assume you want to name it 'myapi',
|
||||
If your API is not supported yet, you can write your own DNS API.
|
||||
|
||||
1. Create a bash script named `~/.acme.sh/dns_myapi.sh`,
|
||||
2. In the script, you must have a function named `dns_myapi_add()`. Which will be called by acme.sh to add dns records.
|
||||
3. Then you can use your api to issue cert like:
|
||||
Let's assume you want to name it 'myapi':
|
||||
|
||||
1. Create a bash script named `~/.acme.sh/dns_myapi.sh`,
|
||||
2. In the script you must have a function named `dns_myapi_add()` which will be called by acme.sh to add the DNS records.
|
||||
3. Then you can use your API to issue cert like this:
|
||||
|
||||
```
|
||||
acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
|
||||
acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh)
|
||||
|
||||
# 11. Use lexicon dns api
|
||||
|
||||
## 11. Use lexicon DNS API
|
||||
|
||||
https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user