使用acme申请cloudflare托管的域名证书

安装acme

yum -y install socat    #安装socat
wget -qO- get.acme.sh | bash    #安装acme脚本
source ~/.bashrc    #设置环境变量
acme.sh --set-default-ca --server letsencrypt    #更换CA

使用dns验证方式申请证书

1、创建cloudflare的api_key

选择令牌模板为编辑区域DNS

区域资源选择要申请的域名

2、自动申请

设置环境变量

export CF_Key="cloudflare的api_key"
export CF_Email="cloudflare绑定的邮箱"

申请证书

acme.sh --issue --dns dns_cf -d 要申请的域名 -k ec-256

下载证书到指定为位置

acme.sh --installcert -d 域名 --fullchain-file /opt/certs/***/fullchain.crt --key-file /opt/certs/***/private.key --ecc

这种方法可能会抽风，报下面的错

[Sat Sep 21 22:14:14 CST 2024] invalid domain
[Sat Sep 21 22:14:14 CST 2024] Error adding TXT record to domain: _acme-challenge.nas.anhui.plus
[Sat Sep 21 22:14:14 CST 2024] Please add '--debug' or '--log' to see more information.
[Sat Sep 21 22:14:14 CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

3、手动申请

acme.sh --issue --dns -d vfly2.com \
 --yes-I-know-dns-manual-mode-enough-go-ahead-please

会出现类似下面的提示

[Sat Sep 21 22:17:24 CST 2024] Using CA: https://acme.zerossl.com/v2/DV90
[Sat Sep 21 22:17:24 CST 2024] Single domain='域名'
[Sat Sep 21 22:17:30 CST 2024] Getting webroot for domain='域名'
[Sat Sep 21 22:17:30 CST 2024] Add the following TXT record:
[Sat Sep 21 22:17:30 CST 2024] Domain: '_acme-challenge.域名'
[Sat Sep 21 22:17:30 CST 2024] TXT value: '域名解析txt记录'
[Sat Sep 21 22:17:30 CST 2024] Please make sure to prepend '_acme-challenge.' to your domain
[Sat Sep 21 22:17:30 CST 2024] so that the resulting subdomain is: _acme-challenge.域名
[Sat Sep 21 22:17:30 CST 2024] Please add the TXT records to the domains, and re-run with --renew.
[Sat Sep 21 22:17:30 CST 2024] Please add '--debug' or '--log' to see more information.
[Sat Sep 21 22:17:30 CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

根据提示将域名解析txt记录解析到域名

再继续执行

acme.sh --renew -d vfly2.com \
 --yes-I-know-dns-manual-mode-enough-go-ahead-please

则可以手动申请域名