mirrors2/eiblog
1
0
Fork 0
mirror of https://github.com/eiblog/eiblog.git synced 2026-03-01 00:34:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

挑战 acme.sh 文件验证路径

Browse Source
This commit is contained in:
henry.chen
2017-08-25 18:01:37 +08:00
parent 25cb23fdb3
commit 5ce806a7d7
2 changed files with 23 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
Makefile
View File

@@ -24,7 +24,6 @@ dist:
@./dist.sh @./dist.sh
gencert:makedir gencert:makedir
@echo $(Ali_Key) $(Ali_Secret)
@if [ ! -n "$(sans)" ]; then \ @if [ ! -n "$(sans)" ]; then \
printf "Need one argument [sans=params]\n"; \ printf "Need one argument [sans=params]\n"; \
printf "example: sans=\"-d domain -d domain\"\n"; \ printf "example: sans=\"-d domain -d domain\"\n"; \
@@ -40,32 +39,23 @@ gencert:makedir
fi fi
@echo "generate rsa cert..." @echo "generate rsa cert..."
@$(acme.sh) --force --issue --dns dns_ali \ @$(acme.sh) --force --issue --dns dns_ali $(sans) --log \
$(sans) --log --renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi.sct && \ --renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi.sct \
ct-submit ctlog.wosign.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/wosign.sct" && ct-submit ctlog.wosign.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/wosign.sct"
@$(acme.sh) --install-cert -d $(cn) \ @$(acme.sh) --install-cert -d $(cn) \
--key-file $(config)/ssl/domain.rsa.key \ --key-file $(config)/ssl/domain.rsa.key \
--fullchain-file $(config)/ssl/domain.rsa.pem \ --fullchain-file $(config)/ssl/domain.rsa.pem \
--reloadcmd "service nginx force-reload" --reloadcmd "service nginx force-reload"
@echo "generate ecc cert..." @echo "generate ecc cert..."
@$(acme.sh) --force --issue --dns dns_ali \ @$(acme.sh) --force --issue --dns dns_ali $(sans) -k ec-256 --log \
$(sans) -k ec-256 --log --renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi.sct && \ --renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi.sct \
ct-submit ctlog.wosign.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/wosign.sct" && ct-submit ctlog.wosign.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/wosign.sct"
@$(acme.sh) --install-cert -d $(cn) --ecc \ @$(acme.sh) --install-cert -d $(cn) --ecc \
--key-file $(config)/ssl/domain.ecc.key \ --key-file $(config)/ssl/domain.ecc.key \
--fullchain-file $(config)/ssl/domain.ecc.pem \ --fullchain-file $(config)/ssl/domain.ecc.pem \
--reloadcmd "service nginx force-reload" --reloadcmd "service nginx force-reload"
# fullchained:
# @if [ ! -n "$(cn)" ]; then \
# printf "Use acme.sh generated certs, Need one argument [cn=params]\n"; \
# printf "example: cn=domain\n"; \
# exit 1; \
# fi
# @cp $(acme)/$(cn)/ca.cer $(config)/ssl/full_chained.pem && \
# echo $(X3) >> $(config)/ssl/full_chained.pem
dhparams: dhparams:
@openssl dhparam -out $(config)/ssl/dhparams.pem 2048 @openssl dhparam -out $(config)/ssl/dhparams.pem 2048

2
conf/nginx/domain/eiblog.conf
View File

@@ -124,7 +124,7 @@ server {
# letsencrypt file verify # letsencrypt file verify
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
alias /data/letsencrypt/challenges/; alias /data/eiblog/challenges/;
try_files $uri =404; try_files $uri =404;
} }