网站SSL证书过期替换手册
|
193
|
0
|
建站记录

752 字
|
6 分钟
本文于 10 天前发布,最后更新于 10 天前

一、前言

本站使用的是FreeSSL网站提供的免费证书,由于证书的有效期是三个月,所以每三个月就需要替换一次新的证书。因此,特此记录下替换证书的整个过程,以便后续替换时参考。

二、替换步骤

2.1 申请证书

选择单域名类型即可

填写证书域名,点击提交

此时会跳转到KeyManager,若此前并未安装直接选择下载安装,然后同样跳转到KeyManager,此时KeyManager会弹出如下窗口

2.2 添加DNS解析

然后返回浏览器继续操作,点击继续,然后会弹出如下窗口

这是一条DNS解析,将此条解析添加到服务器域名的解析列表中(我的域名注册于华为云平台),按上述图片内容配置红框位置后,确认,完成添加。

再回到FREESSL,点击我已配置完成后回到订单列表可以看到刚刚申请的证书

点击验证,进行验证刚刚添加的DNS解析,验证成功后如下

2.3 KeyManager一键部署

点击保存到KeyManager,便可将证书保存到客户端软件,后续便可一键部署

一键部署前需要配置部署信息,选择服务器类型,用户名、主机名、端口、证书存放路径、私钥存放路径、重载命令、服务器密码

配置完成后便可进行一键部署,刷新网页查看证书信息是否生效

至此,证书替换完成。

三、自动化管理

FreeSSL网站提供了自动化管理功能

3.1 域名预授权

同样配置好DNS解析(这个过程参考上边)后点击配置完成,立即检测,验证通过后如下

3.2 申请证书

3.3 设置参数

/usr/local/nginx/ssl/full_chain.pem
/usr/local/nginx/ssl/private.key

3.4 客户端部署

最后会显示安装部署客户端的步骤,依次执行

3.4.1 客户端初始化(首次使用)

a.下载客户端

[root@shine ~]# curl https://get.acme.sh | sh -s email=leonshinel@163.com
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1032    0  1032    0     0    677      0 --:--:--  0:00:01 --:--:--   676
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  221k  100  221k    0     0   733k      0 --:--:-- --:--:-- --:--:--  733k
[Tue Jun  3 10:39:19 CST 2025] Installing from online archive.
[Tue Jun  3 10:39:19 CST 2025] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Tue Jun  3 10:39:21 CST 2025] Extracting master.tar.gz
[Tue Jun  3 10:39:21 CST 2025] It is recommended to install socat first.
[Tue Jun  3 10:39:21 CST 2025] We use socat for the standalone server, which is used for standalone mode.
[Tue Jun  3 10:39:21 CST 2025] If you don't want to use standalone mode, you may ignore this warning.
[Tue Jun  3 10:39:21 CST 2025] Installing to /root/.acme.sh
[Tue Jun  3 10:39:21 CST 2025] Installed to /root/.acme.sh/acme.sh
[Tue Jun  3 10:39:21 CST 2025] Installing alias to '/root/.bashrc'
[Tue Jun  3 10:39:21 CST 2025] Close and reopen your terminal to start using acme.sh
[Tue Jun  3 10:39:21 CST 2025] Installing alias to '/root/.cshrc'
[Tue Jun  3 10:39:21 CST 2025] Installing alias to '/root/.tcshrc'
[Tue Jun  3 10:39:21 CST 2025] Installing cron job
[Tue Jun  3 10:39:21 CST 2025] bash has been found. Changing the shebang to use bash as preferred.
[Tue Jun  3 10:39:22 CST 2025] OK
[Tue Jun  3 10:39:22 CST 2025] Install success!

b.注册 ACME 账户

不知道为啥第一步环境变量没配上,不过没关系,直接进到目录中进行执行即可

[root@shine .acme.sh]# pwd
/root/.acme.sh
[root@shine .acme.sh]# ./acme.sh --register-account --server https://acmepro.freessl.cn/v2/DV --eab-kid aWm2G_OMBrVt9Ssk_79fnR_cwuUNxvZFAoHm-rTXR3g --eab-hmac-key MD8CAQACCQCm9eI054tO9wIDAQABAggquQyS1v0oAQIFAN6O_gECBQDADDz3AgUA2apAAQIFAKls4ocCBDvEWoM
[Tue Jun  3 10:41:37 CST 2025] Account key creation OK.
[Tue Jun  3 10:41:38 CST 2025] Registering account: https://acmepro.freessl.cn/v2/DV
[Tue Jun  3 10:41:38 CST 2025] Registered
[Tue Jun  3 10:41:38 CST 2025] ACCOUNT_THUMBPRINT='yKX_KD_1TBhifHZdiFhvFb4Ljjl3Lw7VYlNn2xB7-EA'

3.4.2 申请部署证书

a.申请证书

[root@shine .acme.sh]# ./acme.sh --issue --dns dns_tencent -d www.lemonary.cn --server https://acmepro.freessl.cn/v2/DV
[Tue Jun  3 10:43:52 CST 2025] Using CA: https://acmepro.freessl.cn/v2/DV
[Tue Jun  3 10:43:52 CST 2025] Creating domain key
[Tue Jun  3 10:43:52 CST 2025] The domain key is here: /root/.acme.sh/www.lemonary.cn_ecc/www.lemonary.cn.key
[Tue Jun  3 10:43:52 CST 2025] Single domain='www.lemonary.cn'
[Tue Jun  3 10:44:01 CST 2025] Getting webroot for domain='www.lemonary.cn'
[Tue Jun  3 10:44:02 CST 2025] www.lemonary.cn is already verified, skipping dns-01.
[Tue Jun  3 10:44:02 CST 2025] Verification finished, beginning signing.
[Tue Jun  3 10:44:02 CST 2025] Let's finalize the order.
[Tue Jun  3 10:44:02 CST 2025] Le_OrderFinalize='https://acmepro.freessl.cn/v2/finalize/Np1GjvLl'
[Tue Jun  3 10:44:08 CST 2025] Order status is 'processing', let's sleep and retry.
[Tue Jun  3 10:44:11 CST 2025] Polling order status: https://acmepro.freessl.cn/v2/order/Np1GjvLl
[Tue Jun  3 10:44:13 CST 2025] Downloading cert.
[Tue Jun  3 10:44:13 CST 2025] Le_LinkCert='https://acmepro.freessl.cn/v2/cert/75847FE7968914EAC292FF5E8E50CDCCF9D62904'
[Tue Jun  3 10:44:14 CST 2025] Cert success.

b.部署证书

[root@shine .acme.sh]# ./acme.sh --install-cert -d www.lemonary.cn --fullchain-file /usr/local/nginx/ssl/full_chain.pem --key-file /usr/local/nginx/ssl/private.key --reloadcmd "nginx -s reload" 
[Tue Jun  3 10:44:38 CST 2025] The domain 'www.lemonary.cn' seems to already have an ECC cert, let's use it.
[Tue Jun  3 10:44:38 CST 2025] Installing key to: /usr/local/nginx/ssl/private.key
[Tue Jun  3 10:44:38 CST 2025] Installing full chain to: /usr/local/nginx/ssl/full_chain.pem
[Tue Jun  3 10:44:38 CST 2025] Running reload cmd: nginx -s reload
[Tue Jun  3 10:44:38 CST 2025] Reload successful

c.确认开启自动续期

[root@shine .acme.sh]# crontab -l | grep acme
21 15 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

至此,证书的自动化管理已经配置完成。

HTTPHTTPSSSL
暂无评论

发送评论 编辑评论 

































































































|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	




颜文字
Emoji
小恐龙
花!
	


									














上一篇
下一篇 




推荐文章





达梦数据库配置SSL认证加密





个人网站自诞生以来经历的第一次备份恢复





本站MySQL数据库由5.5版本升级到8





服务器内存被php-fpm占满导致网站变慢





友链





WordPress中Argon主题顶栏搜索框挤不下的问题





站点健康之HTTP与HTTPS





WordPress“正在执行例行维护,请一分钟后回来”的解决方法





WordPress中Argon主题顶栏菜单图标





Live2D博客宠物