Browse Source

Merge branch 'np'

pull/326/head
Philippe Kueck 8 years ago
parent
commit
bc0e30836b
No known key found for this signature in database GPG Key ID: E10E57D62DB57A3B
  1. 36
      README.md
  2. 12
      acme.sh
  3. 12
      dnsapi/README.md

36
README.md

@ -112,23 +112,23 @@ root@v1:~# acme.sh -h
**Example 1:** Single domain. **Example 1:** Single domain.
```bash ```bash
acme.sh --issue -d aa.com -w /home/wwwroot/aa.com
acme.sh --issue -d example.com -w /home/wwwroot/example.com
``` ```
**Example 2:** Multiple domains in the same cert. **Example 2:** Multiple domains in the same cert.
```bash ```bash
acme.sh --issue -d aa.com -d www.aa.com -d cp.aa.com -w /home/wwwroot/aa.com
acme.sh --issue -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com
``` ```
The parameter `/home/wwwroot/aa.com` is the web root folder. You **MUST** have `write access` to this folder.
The parameter `/home/wwwroot/example.com` is the web root folder. You **MUST** have `write access` to this folder.
Second argument **"aa.com"** is the main domain you want to issue cert for.
Second argument **"example.com"** is the main domain you want to issue cert for.
You must have at least a domain there. You must have at least a domain there.
You must point and bind all the domains to the same webroot dir: `/home/wwwroot/aa.com`.
You must point and bind all the domains to the same webroot dir: `/home/wwwroot/example.com`.
Generate/issued certs will be placed in `~/.acme.sh/aa.com/`
Generate/issued certs will be placed in `~/.acme.sh/example.com/`
The issued cert will be renewed every **60** days automatically. The issued cert will be renewed every **60** days automatically.
@ -140,7 +140,7 @@ More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
After you issue a cert, you probably want to install/copy the cert to your nginx/apache or other servers you may be using. After you issue a cert, you probably want to install/copy the cert to your nginx/apache or other servers you may be using.
```bash ```bash
acme.sh --installcert -d aa.com \
acme.sh --installcert -d example.com \
--certpath /path/to/certfile/in/apache/nginx \ --certpath /path/to/certfile/in/apache/nginx \
--keypath /path/to/keyfile/in/apache/nginx \ --keypath /path/to/keyfile/in/apache/nginx \
--capath /path/to/ca/certfile/apache/nginx \ --capath /path/to/ca/certfile/apache/nginx \
@ -161,7 +161,7 @@ The cert will be `renewed every **60** days by default` (which is configurable).
The tcp `80` port **MUST** be free to listen, otherwise you will be prompted to free the `80` port and try again. The tcp `80` port **MUST** be free to listen, otherwise you will be prompted to free the `80` port and try again.
```bash ```bash
acme.sh --issue --standalone -d aa.com -d www.aa.com -d cp.aa.com
acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
``` ```
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
@ -175,7 +175,7 @@ acme.sh supports `tls-sni-01` validation.
The tcp `443` port **MUST** be free to listen, otherwise you will be prompted to free the `443` port and try again. The tcp `443` port **MUST** be free to listen, otherwise you will be prompted to free the `443` port and try again.
```bash ```bash
acme.sh --issue --tls -d aa.com -d www.aa.com -d cp.aa.com
acme.sh --issue --tls -d example.com -d www.example.com -d cp.example.com
``` ```
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
@ -191,7 +191,7 @@ Particularly, if you are running an apache server, you should use apache mode in
Just set string "apache" as the second argument, it will force use of apache plugin automatically. Just set string "apache" as the second argument, it will force use of apache plugin automatically.
``` ```
acme.sh --issue --apache -d aa.com -d www.aa.com -d user.aa.com
acme.sh --issue --apache -d example.com -d www.example.com -d user.example.com
``` ```
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
@ -201,18 +201,18 @@ More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
Support the `dns-01` challenge. Support the `dns-01` challenge.
```bash ```bash
acme.sh --issue --dns -d aa.com -d www.aa.com -d user.aa.com
acme.sh --issue --dns -d example.com -d www.example.com -d user.example.com
``` ```
You should get the output like below: You should get the output like below:
``` ```
Add the following txt record: Add the following txt record:
Domain:_acme-challenge.aa.com
Domain:_acme-challenge.example.com
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c
Add the following txt record: Add the following txt record:
Domain:_acme-challenge.www.aa.com
Domain:_acme-challenge.www.example.com
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Please add those txt records to the domains. Waiting for the dns to take effect. Please add those txt records to the domains. Waiting for the dns to take effect.
@ -222,7 +222,7 @@ Please add those txt records to the domains. Waiting for the dns to take effect.
Then just rerun with `renew` argument: Then just rerun with `renew` argument:
```bash ```bash
acme.sh --renew -d aa.com
acme.sh --renew -d example.com
``` ```
Ok, it's finished. Ok, it's finished.
@ -264,13 +264,13 @@ For example:
### Single domain ECC cerfiticate: ### Single domain ECC cerfiticate:
```bash ```bash
acme.sh --issue -w /home/wwwroot/aa.com -d aa.com --keylength ec-256
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
``` ```
SAN multi domain ECC certificate: SAN multi domain ECC certificate:
```bash ```bash
acme.sh --issue -w /home/wwwroot/aa.com -d aa.com -d www.aa.com --keylength ec-256
acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256
``` ```
Please look at the last parameter above. Please look at the last parameter above.
@ -289,12 +289,12 @@ No, you don't need to renew the certs manually. All the certs will be renewed a
However, you can also force to renew any cert: However, you can also force to renew any cert:
``` ```
acme.sh --renew -d aa.com --force
acme.sh --renew -d example.com --force
``` ```
or, for ECC cert: or, for ECC cert:
``` ```
acme.sh --renew -d aa.com --force --ecc
acme.sh --renew -d example.com --force --ecc
``` ```
# 11. How to upgrade `acme.sh` # 11. How to upgrade `acme.sh`

12
acme.sh

@ -93,7 +93,7 @@ _printargs() {
_log() { _log() {
[ -z "$LOG_FILE" ] && return [ -z "$LOG_FILE" ] && return
_printargs "$@" >> "$LOG_FILE"
_printargs "$@" >> $LOG_FILE
} }
_info() { _info() {
@ -3188,7 +3188,7 @@ _initconf() {
#Account configurations: #Account configurations:
#Here are the supported macros, uncomment them to make them take effect. #Here are the supported macros, uncomment them to make them take effect.
#ACCOUNT_EMAIL=aaa@aaa.com # the account email used to register account.
#ACCOUNT_EMAIL=aaa@example.com # the account email used to register account.
#ACCOUNT_KEY_PATH=\"/path/to/account.key\" #ACCOUNT_KEY_PATH=\"/path/to/account.key\"
#CERT_HOME=\"/path/to/cert/home\" #CERT_HOME=\"/path/to/cert/home\"
@ -4023,13 +4023,15 @@ _process() {
if [ "${_CMD}" != "install" ] ; then if [ "${_CMD}" != "install" ] ; then
__initHome __initHome
if [ "$_log" ] && [ -z "$_logfile" ] ; then
_logfile="$DEFAULT_LOG_FILE"
if [ "$_log" ]; then
if [ -z "$_logfile" ] ; then
_logfile="$DEFAULT_LOG_FILE"
fi
fi fi
if [ "$_logfile" ] ; then if [ "$_logfile" ] ; then
_saveaccountconf "LOG_FILE" "$_logfile" _saveaccountconf "LOG_FILE" "$_logfile"
LOG_FILE="$_logfile"
fi fi
LOG_FILE="$_logfile"
if [ "$_log_level" ] ; then if [ "$_log_level" ] ; then
_saveaccountconf "LOG_LEVEL" "$_log_level" _saveaccountconf "LOG_LEVEL" "$_log_level"

12
dnsapi/README.md

@ -15,7 +15,7 @@ export CF_Email="xxxx@sss.com"
Ok, let's issue cert now: Ok, let's issue cert now:
``` ```
acme.sh --issue --dns dns_cf -d aa.com -d www.aa.com
acme.sh --issue --dns dns_cf -d example.com -d www.example.com
``` ```
The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf`, when next time you use cloudflare api, it will reuse this key. The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf`, when next time you use cloudflare api, it will reuse this key.
@ -37,7 +37,7 @@ export DP_Key="sADDsdasdgdsf"
Ok, let's issue cert now: Ok, let's issue cert now:
``` ```
acme.sh --issue --dns dns_dp -d aa.com -d www.aa.com
acme.sh --issue --dns dns_dp -d example.com -d www.example.com
``` ```
The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf`, when next time you use dnspod.cn api, it will reuse this key. The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf`, when next time you use dnspod.cn api, it will reuse this key.
@ -58,7 +58,7 @@ export CX_Secret="sADDsdasdgdsf"
Ok, let's issue cert now: Ok, let's issue cert now:
``` ```
acme.sh --issue --dns dns_cx -d aa.com -d www.aa.com
acme.sh --issue --dns dns_cx -d example.com -d www.example.com
``` ```
The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use Cloudxns.com api, it will reuse this key. The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use Cloudxns.com api, it will reuse this key.
@ -84,7 +84,7 @@ export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"
Ok, let's issue cert now: Ok, let's issue cert now:
``` ```
acme.sh --issue --dns dns_gd -d aa.com -d www.aa.com
acme.sh --issue --dns dns_gd -d example.com -d www.example.com
``` ```
The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use cloudflare api, it will reuse this key. The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use cloudflare api, it will reuse this key.
@ -107,7 +107,7 @@ export PDNS_Ttl=60
Ok, let's issue cert now: Ok, let's issue cert now:
``` ```
acme.sh --issue --dns dns_pdns -d aa.com -d www.aa.com
acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
``` ```
The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`. The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`.
@ -127,7 +127,7 @@ Let's assume you want to name it 'myapi',
3. Then you can use your api to issue cert like: 3. Then you can use your api to issue cert like:
``` ```
acme.sh --issue --dns dns_myapi -d aa.com -d www.aa.com
acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
``` ```
For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh) For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh)

Loading…
Cancel
Save