BuyPass是一家在国外运营的SSL证书机构,提供与Let’s Encrypt类似的免费SSL证书服务。与Let’s Encrypt的90天免费续期相比,BuyPass免费SSL证书的续期周期为180天,也就是说可以免费使用半年时间。这对于希望减少频繁续期SSL证书的用户来说,是一个非常方便的选择。
BuyPass免费SSL证书与acme.sh兼容,因此只需安装acme.sh工具,就能快速为您的域名申请和部署BuyPass免费SSL证书,并且还能够自动完成证书的续期。这篇文章将详细介绍如何使用acme.sh来申请和安装BuyPass免费SSL证书。除了Let’s Encrypt的免费SSL证书,BuyPass免费SSL证书也是一个值得考虑的备选方案。通过本文的指导,您将能够轻松获得并配置BuyPass免费SSL证书,为您的网站提供更安全可靠的加密保护。
环境:nginx+centos+宝塔。
以下命令行为实操, 可复制#….###之间的命令。
使用acme.sh在BT宝塔环境下部署自动续期BuyPass SSL证书操作记录:
第一步:安装acme。
[root@mail ~]# curl https://get.acme.sh | sh -s email=jackrebel@8kmm.com
###安装acme, 后面的email更换成自己的邮箱
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1032 0 1032 0 0 8390 0 –:–:– –:–:– –:–:– 8390
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 216k 100 216k 0 0 459k 0 –:–:– –:–:– –:–:– 459k
[Thu Aug 31 15:36:14 HKT 2023] Installing from online archive.
[Thu Aug 31 15:36:14 HKT 2023] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Thu Aug 31 15:36:15 HKT 2023] Extracting master.tar.gz
[Thu Aug 31 15:36:16 HKT 2023] It is recommended to install socat first.
[Thu Aug 31 15:36:16 HKT 2023] We use socat for standalone server if you use standalone mode.
[Thu Aug 31 15:36:16 HKT 2023] If you don’t use standalone mode, just ignore this warning.
[Thu Aug 31 15:36:16 HKT 2023] Installing to /root/.acme.sh
[Thu Aug 31 15:36:16 HKT 2023] Installed to /root/.acme.sh/acme.sh
[Thu Aug 31 15:36:16 HKT 2023] Installing alias to ‘/root/.bashrc’
[Thu Aug 31 15:36:16 HKT 2023] OK, Close and reopen your terminal to start using acme.sh
[Thu Aug 31 15:36:16 HKT 2023] Installing alias to ‘/root/.cshrc’
[Thu Aug 31 15:36:16 HKT 2023] Installing alias to ‘/root/.tcshrc’
[Thu Aug 31 15:36:16 HKT 2023] Installing cron job
[Thu Aug 31 15:36:16 HKT 2023] Good, bash is found, so change the shebang to use bash as preferred.
[Thu Aug 31 15:36:17 HKT 2023] OK
[Thu Aug 31 15:36:17 HKT 2023] Install success! ###说明安装成功。
第二步:重新加载 Bash
[root@mail ~]# source ~/.bashrc
###安装完成后重新加载 Bash
第三步:开启自动更新
[root@mail ~]# acme.sh --upgrade --auto-upgrade
###开启自动更新
[Thu Aug 31 15:36:49 HKT 2023] Already uptodate!
[Thu Aug 31 15:36:49 HKT 2023] Upgrade success!
第四步:切换成 Buypass
[root@mail ~]# acme.sh --set-default-ca --server buypass
###切换成 Buypass
[Thu Aug 31 15:37:03 HKT 2023] Changed default CA to: https://api.buypass.com/acme/directory
第五步:申请证书
[root@mail ~]# acme.sh --issue -d 8kmm.com -d www.8kmm.com --webroot /www/wwwroot/www.8kmm.com
###申请证书, 注意自己网站的路径
[Thu Aug 31 15:39:46 HKT 2023] Using CA: https://api.buypass.com/acme/directory
[Thu Aug 31 15:39:46 HKT 2023] Create account key ok.
[Thu Aug 31 15:39:46 HKT 2023] Registering account: https://api.buypass.com/acme/directory
[Thu Aug 31 15:39:50 HKT 2023] Registered
[Thu Aug 31 15:39:50 HKT 2023] ACCOUNT_THUMBPRINT=’gaaaaaaaaaaaaaaaVckUTq__eqaaaaaaaaaaaaaaa6v7I’
[Thu Aug 31 15:39:50 HKT 2023] Creating domain key
[Thu Aug 31 15:39:50 HKT 2023] The domain key is here: /root/.acme.sh/8kmm.com_ecc/8kmm.com.key
[Thu Aug 31 15:39:50 HKT 2023] Multi domain=’DNS:8kmm.com,DNS:www.8kmm.com’
[Thu Aug 31 15:39:50 HKT 2023] Getting domain auth token for each domain
[Thu Aug 31 15:39:56 HKT 2023] Getting webroot for domain=’8kmm.com’
[Thu Aug 31 15:39:56 HKT 2023] Getting webroot for domain=’www.8kmm.com’
[Thu Aug 31 15:39:56 HKT 2023] Verifying: 8kmm.com
[Thu Aug 31 15:40:02 HKT 2023] Success
[Thu Aug 31 15:40:02 HKT 2023] Verifying: www.8kmm.com
[Thu Aug 31 15:40:07 HKT 2023] Success
[Thu Aug 31 15:40:07 HKT 2023] Verify finished, start to sign.
[Thu Aug 31 15:40:07 HKT 2023] Lets finalize the order.
[Thu Aug 31 15:40:07 HKT 2023] Le_OrderFinalize=’https://api.buypass.com/acme/order/_z1E-kRTOaaaaaaaaaaaaaaq–JEqcrEE/finalize’
[Thu Aug 31 15:40:12 HKT 2023] Downloading cert.
[Thu Aug 31 15:40:12 HKT 2023] Le_LinkCert=’https://api.buypass.com/acme-v02/cert/Znaaaaaaaaaaaa’
[Thu Aug 31 15:40:13 HKT 2023] Cert success.
—–BEGIN CERTIFICATE—–
aaaaaaaaaaaaaaaaaaaaaaaaaaaaa==
—–END CERTIFICATE—–
[Thu Aug 31 15:40:13 HKT 2023] Your cert is in: /root/.acme.sh/8kmm.com_ecc/8kmm.com.cer
[Thu Aug 31 15:40:13 HKT 2023] Your cert key is in: /root/.acme.sh/8kmm.com_ecc/8kmm.com.key
[Thu Aug 31 15:40:13 HKT 2023] The intermediate CA cert is in: /root/.acme.sh/8kmm.com_ecc/ca.cer
[Thu Aug 31 15:40:13 HKT 2023] And the full chain certs is there: /root/.acme.sh/8kmm.com_ecc/fullchain.cer
第六步:安装域名证书到指定位置
[root@mail ~]# acme.sh --install-cert --ecc -d 8kmm.com
\ ###安装域名证书到指定Nginx位置, –ecc证书, 则安装的时候需要带上 –ecc
> –key-file /root/.acme.sh/8kmm.com_ecc/8kmm.com.key \
> –fullchain-file /root/.acme.sh/8kmm.com_ecc/ca.cer \
> –reloadcmd “nginx -s reload”
[Thu Aug 31 15:57:51 HKT 2023] Installing key to: /root/.acme.sh/8kmm.com_ecc/8kmm.com.key
[Thu Aug 31 15:57:51 HKT 2023] Installing full chain to: /root/.acme.sh/8kmm.com_ecc/ca.cer
[Thu Aug 31 15:57:51 HKT 2023] Run reload cmd: nginx -s reload
[Thu Aug 31 15:57:51 HKT 2023] Reload success
第七步:修改网站配置文件。
在宝塔网站管理面板的配置文件修改成自己的路径:
ssl_certificate /root/.acme.sh/8kmm.com_ecc/ca.cer;
ssl_certificate_key /root/.acme.sh/8kmm.com_ecc/8kmm.com.key;