因为用了gcloud命令在CentOS 6上无法安装,导致letsencrypt使用DNS API自动续期SSL证书的方法无法使用,不得已采用手动续期方法。命令如下:
acme.sh –issue -d ping.wzfou.com –dns \
–yes-I-know-dns-manual-mode-enough-go-ahead-please
[Thu May 23 10:51:16 CST 2019] Creating domain key
[Thu May 23 10:51:16 CST 2019] The domain key is here: /root/.acme.sh/ping.wzfou.com/ping.wzfou.com.key
[Thu May 23 10:51:16 CST 2019] Single domain=’ping.wzfou.com’
[Thu May 23 10:51:16 CST 2019] Getting domain auth token for each domain
[Thu May 23 10:51:16 CST 2019] Getting webroot for domain=’ping.wzfou.com’
[Thu May 23 10:51:16 CST 2019] Getting new-authz for domain=’ping.wzfou.com’
[Thu May 23 10:51:17 CST 2019] The new-authz request is ok.
[Thu May 23 10:51:17 CST 2019] Add the following TXT record:
[Thu May 23 10:51:17 CST 2019] Domain: ‘_acme-challenge.ping.wzfou.com’
[Thu May 23 10:51:17 CST 2019] TXT value: ‘RfTjpaxxxxxvQW9o-BxxxxDpF90’
[Thu May 23 10:51:17 CST 2019] Please be aware that you prepend _acme-challenge. before your domain
[Thu May 23 10:51:17 CST 2019] so the resulting subdomain will be: _acme-challenge.ping.wzfou.com
[Thu May 23 10:51:17 CST 2019] Please add the TXT records to the domains, and re-run with –renew.
[Thu May 23 10:51:17 CST 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Thu May 23 10:51:17 CST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
然后是续期:
acme.sh –renew -d ping.wzfou.com \
–yes-I-know-dns-manual-mode-enough-go-ahead-please
[Thu May 23 10:54:30 CST 2019] Renew: ‘ping.wzfou.com’
[Thu May 23 10:54:31 CST 2019] Single domain=’ping.wzfou.com’
[Thu May 23 10:54:31 CST 2019] Getting domain auth token for each domain
[Thu May 23 10:54:31 CST 2019] Verifying:ping.wzfou.com
[Thu May 23 10:54:34 CST 2019] Success
[Thu May 23 10:54:34 CST 2019] Verify finished, start to sign.
[Thu May 23 10:54:36 CST 2019] Cert success.
如果使用的是ECC证书,则命令如下:
acme.sh –renew -d ping.wzfou.com –ecc\
–yes-I-know-dns-manual-mode-enough-go-ahead-please
[Thu May 23 10:56:41 CST 2019] Renew: ‘ping.wzfou.com’
[Thu May 23 10:56:41 CST 2019] Single domain=’ping.wzfou.com’
[Thu May 23 10:56:41 CST 2019] Getting domain auth token for each domain
[Thu May 23 10:56:41 CST 2019] Getting webroot for domain=’ping.wzfou.com’
[Thu May 23 10:56:41 CST 2019] Getting new-authz for domain=’ping.wzfou.com’
[Thu May 23 10:56:42 CST 2019] The new-authz request is ok.
[Thu May 23 10:56:43 CST 2019] ping.wzfou.com is already verified, skip dns-01.
[Thu May 23 10:56:43 CST 2019] Verify finished, start to sign.
[Thu May 23 10:56:44 CST 2019] Cert success.