Let's encrypt 证书快速生成脚本

网站的Let’s encrypt证书快到期了,看了官方的续期方法比较繁琐,于是在网上找了找简单方便做法,结果找到了墓地小企鹅写的一个脚本(shell script),使用这个脚本可以方便的生成以及更新Let’s encrypt 证书。

脚本地址 https://github.com/xdtianyu/scripts/tree/master/lets-encrypt

下载脚本

wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh

配置

root@rnse:~/lesh# cat letsencrypt.conf
# only modify the values, key files will be generated automaticly.
ACCOUNT_KEY="letsencrypt-account.key"
DOMAIN_KEY="alair.key"
DOMAIN_DIR="/data/wwwroot/alair.cn/compiled"
DOMAINS="DNS:alair.cn,DNS:www.alair.cn"
#ECC=TRUE
#LIGHTTPD=TRUE

按照需要自定义DOMAIN_KEYDOMAIN_DIRDOMAINS三部分。

生成证书

root@rnse:~/lesh#chmod +x letsencrypt.sh
root@rnse:~/lesh# ./letsencrypt.sh letsencrypt.conf
Generate account key...
Generating RSA private key, 4096 bit long modulus
..............................++
....++
e is 65537 (0x10001)
Generate domain key...
Generating RSA private key, 2048 bit long modulus
...............................................................+++
..........................+++
e is 65537 (0x10001)
Generate CSR...alair.csr
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying www.alair.cn...
www.alair.cn verified!
Verifying alair.cn...
alair.cn verified!
Signing certificate...
Certificate signed!
New cert: alair.chained.crt has been generated

生成后的目录文件如下:

root@rnse:~/lesh# ls
alair.chained.crt  alair.crt  alair.csr  alair.key  lets-encrypt-x3-cross-signed.pem  letsencrypt-account.key  letsencrypt.conf  letsencrypt.sh

配置nginx

... ...
ssl_certificate     /path/to/cert/alair.chained.crt;
ssl_certificate_key /path/to/cert/alair.key;
... ...

更新证书

证书到期前直接再次生成而已

发布于