Tools Used#
| Name | Address |
|---|---|
| acme.sh | https://github.com/acmesh-official/acme.sh |
| Cloudflare | https://www.cloudflare.com/zh-cn/ |
Notes#
The following operations are based on changing the NS records of the domain to Cloudflare's NS and having Cloudflare host it.
Manual DNS Verification Method#
1. Install acme.sh#
- Open SSH and enter the following command to install acme.sh (Note: Change the Email address to your registered Cloudflare email)
curl https://get.acme.sh | sh -s [email protected]
2. Run the script for manual DNS verification#
- Let's apply for a wildcard second-level domain (*.198406.xyz) SSL certificate using my
198406.xyzas an example. Change the code below to your own domain.
acme.sh --issue --dns -d "*.198406.xyz" --yes-I-know-dns-manual-mode-enough-go-ahead-please
Record all the values of Domain and TXT value above (highlighted in yellow)
3. Add TXT record in Cloudflare#
- Add a TXT record in Cloudflare for domain management
- Wait for 1 min for it to take effect
4. Run the application script#
- (Remember to change it to your own domain)
acme.sh --renew --dns -d "*.198406.xyz" --yes-I-know-dns-manual-mode-enough-go-ahead-please
- Successfully applied for the wildcard second-level domain certificate for *.198406.xyz
5. Secure handling of domain certificates#
- Save the pem domain files to /root/cert/ (change the domain, create the file directory first)
acme.sh --install-cert -d "*.198406.xyz" \
--key-file /root/cert/key.pem \
--fullchain-file /root/cert/cert.pem \
--reloadcmd "service nginx force-reload"
Done