mirror of
https://github.com/eiblog/eiblog.git
synced 2026-02-04 13:52:26 +08:00
挑战 acme.sh 文件验证路径
This commit is contained in:
henry.chen
54
Makefile
54
Makefile
@@ -15,7 +15,7 @@ test:
|
||||
build:
|
||||
@echo "go build..."
|
||||
@CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build && \
|
||||
docker build -t $(docker_registry)/deepzz/eiblog:latest .
|
||||
docker build -t $(docker_registry)/deepzz/eiblog:latest .
|
||||
|
||||
deploy:build
|
||||
@docker push $(docker_registry)/deepzz/eiblog:latest
|
||||
@@ -24,47 +24,37 @@ dist:
|
||||
@./dist.sh
|
||||
|
||||
gencert:makedir
|
||||
@echo $(Ali_Key) $(Ali_Secret)
|
||||
@if [ ! -n "$(sans)" ]; then \
|
||||
printf "Need one argument [sans=params]\n"; \
|
||||
printf "example: sans=\"-d domain -d domain\"\n"; \
|
||||
exit 1; \
|
||||
fi; \
|
||||
printf "Need one argument [sans=params]\n"; \
|
||||
printf "example: sans=\"-d domain -d domain\"\n"; \
|
||||
exit 1; \
|
||||
fi; \
|
||||
if [ ! -n "$(cn)" ]; then \
|
||||
printf "Need one argument [cn=params]\n"; \
|
||||
printf "example: cn=domain\n"; \
|
||||
exit 1; \
|
||||
fi
|
||||
printf "Need one argument [cn=params]\n"; \
|
||||
printf "example: cn=domain\n"; \
|
||||
exit 1; \
|
||||
fi
|
||||
@if [ ! -f $(acme.sh) ]; then \
|
||||
curl https://get.acme.sh | sh; \
|
||||
curl https://get.acme.sh | sh; \
|
||||
fi
|
||||
|
||||
@echo "generate rsa cert..."
|
||||
@$(acme.sh) --force --issue --dns dns_ali \
|
||||
$(sans) --log --renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi.sct && \
|
||||
ct-submit ctlog.wosign.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/wosign.sct"
|
||||
@$(acme.sh) --force --issue --dns dns_ali $(sans) --log \
|
||||
--renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi.sct \
|
||||
&& ct-submit ctlog.wosign.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/wosign.sct"
|
||||
@$(acme.sh) --install-cert -d $(cn) \
|
||||
--key-file $(config)/ssl/domain.rsa.key \
|
||||
--fullchain-file $(config)/ssl/domain.rsa.pem \
|
||||
--reloadcmd "service nginx force-reload"
|
||||
--key-file $(config)/ssl/domain.rsa.key \
|
||||
--fullchain-file $(config)/ssl/domain.rsa.pem \
|
||||
--reloadcmd "service nginx force-reload"
|
||||
|
||||
@echo "generate ecc cert..."
|
||||
@$(acme.sh) --force --issue --dns dns_ali \
|
||||
$(sans) -k ec-256 --log --renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi.sct && \
|
||||
ct-submit ctlog.wosign.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/wosign.sct"
|
||||
@$(acme.sh) --force --issue --dns dns_ali $(sans) -k ec-256 --log \
|
||||
--renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi.sct \
|
||||
&& ct-submit ctlog.wosign.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/wosign.sct"
|
||||
@$(acme.sh) --install-cert -d $(cn) --ecc \
|
||||
--key-file $(config)/ssl/domain.ecc.key \
|
||||
--fullchain-file $(config)/ssl/domain.ecc.pem \
|
||||
--reloadcmd "service nginx force-reload"
|
||||
|
||||
# fullchained:
|
||||
# @if [ ! -n "$(cn)" ]; then \
|
||||
# printf "Use acme.sh generated certs, Need one argument [cn=params]\n"; \
|
||||
# printf "example: cn=domain\n"; \
|
||||
# exit 1; \
|
||||
# fi
|
||||
# @cp $(acme)/$(cn)/ca.cer $(config)/ssl/full_chained.pem && \
|
||||
# echo $(X3) >> $(config)/ssl/full_chained.pem
|
||||
--key-file $(config)/ssl/domain.ecc.key \
|
||||
--fullchain-file $(config)/ssl/domain.ecc.pem \
|
||||
--reloadcmd "service nginx force-reload"
|
||||
|
||||
dhparams:
|
||||
@openssl dhparam -out $(config)/ssl/dhparams.pem 2048
|
||||
|
||||
Reference in New Issue
Block a user