update doc
parent
a51f109930
commit
e27dfbb0bb
135
README.md
135
README.md
|
@ -129,7 +129,7 @@ Ok, you are ready to issue certs now.
|
||||||
|
|
||||||
Show help message:
|
Show help message:
|
||||||
|
|
||||||
```
|
```sh
|
||||||
root@v1:~# acme.sh -h
|
root@v1:~# acme.sh -h
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -166,16 +166,16 @@ You must have at least one domain there.
|
||||||
|
|
||||||
You must point and bind all the domains to the same webroot dir: `/home/wwwroot/example.com`.
|
You must point and bind all the domains to the same webroot dir: `/home/wwwroot/example.com`.
|
||||||
|
|
||||||
Generated/issued certs will be placed in `~/.acme.sh/example.com/`
|
The certs will be placed in `~/.acme.sh/example.com/`
|
||||||
|
|
||||||
The issued cert will be renewed automatically every **60** days.
|
The certs will be renewed automatically every **60** days.
|
||||||
|
|
||||||
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
||||||
|
|
||||||
|
|
||||||
# 3. Install the issued cert to Apache/Nginx etc.
|
# 3. Install the cert to Apache/Nginx etc.
|
||||||
|
|
||||||
After you issue a cert, you probably want to install/copy the cert to your Apache/Nginx or other servers.
|
After the cert is generated, you probably want to install/copy the cert to your Apache/Nginx or other servers.
|
||||||
You **MUST** use this command to copy the certs to the target files, **DO NOT** use the certs files in **~/.acme.sh/** folder, they are for internal use only, the folder structure may change in the future.
|
You **MUST** use this command to copy the certs to the target files, **DO NOT** use the certs files in **~/.acme.sh/** folder, they are for internal use only, the folder structure may change in the future.
|
||||||
|
|
||||||
**Apache** example:
|
**Apache** example:
|
||||||
|
@ -197,9 +197,9 @@ acme.sh --install-cert -d example.com \
|
||||||
|
|
||||||
Only the domain is required, all the other parameters are optional.
|
Only the domain is required, all the other parameters are optional.
|
||||||
|
|
||||||
The ownership and permission info of existing files are preserved. You may want to precreate the files to have defined ownership and permission.
|
The ownership and permission info of existing files are preserved. You can pre-create the files to define the ownership and permission.
|
||||||
|
|
||||||
Install/copy the issued cert/key to the production Apache or Nginx path.
|
Install/copy the cert/key to the production Apache or Nginx path.
|
||||||
|
|
||||||
The cert will be renewed every **60** days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: `service apache2 force-reload` or `service nginx force-reload`.
|
The cert will be renewed every **60** days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: `service apache2 force-reload` or `service nginx force-reload`.
|
||||||
|
|
||||||
|
@ -242,7 +242,7 @@ Particularly, if you are running an Apache server, you should use Apache mode in
|
||||||
|
|
||||||
Just set string "apache" as the second argument and it will force use of apache plugin automatically.
|
Just set string "apache" as the second argument and it will force use of apache plugin automatically.
|
||||||
|
|
||||||
```
|
```sh
|
||||||
acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com
|
acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -262,47 +262,13 @@ It will configure nginx server automatically to verify the domain and then resto
|
||||||
|
|
||||||
So, the config is not changed.
|
So, the config is not changed.
|
||||||
|
|
||||||
```
|
```sh
|
||||||
acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com
|
acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
||||||
|
|
||||||
# 8. Use DNS mode:
|
# 8. Automatic DNS API integration
|
||||||
|
|
||||||
Support the `dns-01` challenge.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com
|
|
||||||
```
|
|
||||||
|
|
||||||
You should get an output like below:
|
|
||||||
|
|
||||||
```
|
|
||||||
Add the following txt record:
|
|
||||||
Domain:_acme-challenge.example.com
|
|
||||||
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c
|
|
||||||
|
|
||||||
Add the following txt record:
|
|
||||||
Domain:_acme-challenge.www.example.com
|
|
||||||
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
||||||
|
|
||||||
Please add those txt records to the domains. Waiting for the dns to take effect.
|
|
||||||
```
|
|
||||||
|
|
||||||
Then just rerun with `renew` argument:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
acme.sh --renew -d example.com
|
|
||||||
```
|
|
||||||
|
|
||||||
Ok, it's finished.
|
|
||||||
|
|
||||||
**Take care, this is dns manual mode, it can not be renewed automatically. you will have to add a new txt record to your domain by your hand when you renew your cert.**
|
|
||||||
|
|
||||||
**Please use dns api mode instead.**
|
|
||||||
|
|
||||||
# 9. Automatic DNS API integration
|
|
||||||
|
|
||||||
If your DNS provider supports API access, we can use that API to automatically issue the certs.
|
If your DNS provider supports API access, we can use that API to automatically issue the certs.
|
||||||
|
|
||||||
|
@ -362,6 +328,39 @@ If your DNS provider is not on the supported list above, you can write your own
|
||||||
|
|
||||||
For more details: [How to use DNS API](dnsapi)
|
For more details: [How to use DNS API](dnsapi)
|
||||||
|
|
||||||
|
# 9. Use DNS manual mode:
|
||||||
|
|
||||||
|
If your dns provider doesn't support any api access, you will have to add the txt record by your hand.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
You should get an output like below:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
Add the following txt record:
|
||||||
|
Domain:_acme-challenge.example.com
|
||||||
|
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c
|
||||||
|
|
||||||
|
Add the following txt record:
|
||||||
|
Domain:_acme-challenge.www.example.com
|
||||||
|
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||||
|
|
||||||
|
Please add those txt records to the domains. Waiting for the dns to take effect.
|
||||||
|
```
|
||||||
|
|
||||||
|
Then just rerun with `renew` argument:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
acme.sh --renew -d example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
Ok, it's done.
|
||||||
|
|
||||||
|
**Take care, this is dns manual mode, it can not be renewed automatically. you will have to add a new txt record to your domain by your hand when you renew your cert.**
|
||||||
|
|
||||||
|
**Please use dns api mode instead.**
|
||||||
|
|
||||||
# 10. Issue ECC certificates
|
# 10. Issue ECC certificates
|
||||||
|
|
||||||
|
@ -394,47 +393,60 @@ Valid values are:
|
||||||
3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)**
|
3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)**
|
||||||
|
|
||||||
|
|
||||||
# 11. How to renew the issued certs
|
|
||||||
|
# 11. Issue Wildcard certificates
|
||||||
|
|
||||||
|
It's simple, just give a wildcard domain as the `-d` parameter.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
acme.sh --issue -d example.com -d *.example.com --dns dns_cf
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# 12. How to renew the certs
|
||||||
|
|
||||||
No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
|
No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
|
||||||
|
|
||||||
However, you can also force to renew any cert:
|
However, you can also force to renew a cert:
|
||||||
|
|
||||||
```
|
```sh
|
||||||
acme.sh --renew -d example.com --force
|
acme.sh --renew -d example.com --force
|
||||||
```
|
```
|
||||||
|
|
||||||
or, for ECC cert:
|
or, for ECC cert:
|
||||||
|
|
||||||
```
|
```sh
|
||||||
acme.sh --renew -d example.com --force --ecc
|
acme.sh --renew -d example.com --force --ecc
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
# 12. How to stop cert renewal
|
# 13. How to stop cert renewal
|
||||||
|
|
||||||
To stop renewal of a cert, you can execute:
|
To stop renewal of a cert, you can execute the following to remove the cert from the renewal list:
|
||||||
|
|
||||||
```
|
```sh
|
||||||
acme.sh --remove -d example.com [--ecc]
|
acme.sh --remove -d example.com [--ecc]
|
||||||
```
|
```
|
||||||
|
|
||||||
or remove the respective directory (e.g. `~/.acme.sh/example.com`).
|
The cert/key file is not removed from the disk.
|
||||||
|
|
||||||
|
You can remove the respective directory (e.g. `~/.acme.sh/example.com`) by yourself.
|
||||||
|
|
||||||
|
|
||||||
# 13. How to upgrade `acme.sh`
|
# 14. How to upgrade `acme.sh`
|
||||||
|
|
||||||
acme.sh is in constant development, so it's strongly recommended to use the latest code.
|
acme.sh is in constant development, so it's strongly recommended to use the latest code.
|
||||||
|
|
||||||
You can update acme.sh to the latest code:
|
You can update acme.sh to the latest code:
|
||||||
|
|
||||||
```
|
```sh
|
||||||
acme.sh --upgrade
|
acme.sh --upgrade
|
||||||
```
|
```
|
||||||
|
|
||||||
You can also enable auto upgrade:
|
You can also enable auto upgrade:
|
||||||
|
|
||||||
```
|
```sh
|
||||||
acme.sh --upgrade --auto-upgrade
|
acme.sh --upgrade --auto-upgrade
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -442,31 +454,30 @@ Then **acme.sh** will be kept up to date automatically.
|
||||||
|
|
||||||
Disable auto upgrade:
|
Disable auto upgrade:
|
||||||
|
|
||||||
```
|
```sh
|
||||||
acme.sh --upgrade --auto-upgrade 0
|
acme.sh --upgrade --auto-upgrade 0
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
# 14. Issue a cert from an existing CSR
|
# 15. Issue a cert from an existing CSR
|
||||||
|
|
||||||
https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR
|
https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR
|
||||||
|
|
||||||
|
|
||||||
# 15. Under the Hood
|
# 16. Under the Hood
|
||||||
|
|
||||||
Speak ACME language using shell, directly to "Let's Encrypt".
|
Speak ACME language using shell, directly to "Let's Encrypt".
|
||||||
|
|
||||||
TODO:
|
TODO:
|
||||||
|
|
||||||
|
|
||||||
# 16. Acknowledgments
|
# 17. Acknowledgments
|
||||||
|
|
||||||
1. Acme-tiny: https://github.com/diafygi/acme-tiny
|
1. Acme-tiny: https://github.com/diafygi/acme-tiny
|
||||||
2. ACME protocol: https://github.com/ietf-wg-acme/acme
|
2. ACME protocol: https://github.com/ietf-wg-acme/acme
|
||||||
3. Certbot: https://github.com/certbot/certbot
|
|
||||||
|
|
||||||
|
|
||||||
# 17. License & Others
|
# 18. License & Others
|
||||||
|
|
||||||
License is GPLv3
|
License is GPLv3
|
||||||
|
|
||||||
|
@ -475,7 +486,7 @@ Please Star and Fork me.
|
||||||
[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome.
|
[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome.
|
||||||
|
|
||||||
|
|
||||||
# 18. Donate
|
# 19. Donate
|
||||||
Your donation makes **acme.sh** better:
|
Your donation makes **acme.sh** better:
|
||||||
|
|
||||||
1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)
|
1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)
|
||||||
|
|
Loading…
Reference in New Issue