挑战 acme.sh 文件验证路径

2026-02-04 13:52:26 +08:00 · 2017-08-25 18:01:37 +08:00
parent 25cb23fdb3
commit 5ce806a7d7
2 changed files with 23 additions and 33 deletions
--- a/54
+++ b/54
@@ -15,7 +15,7 @@ test:
 build:
 	@echo "go build..."
 	@CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build && \
-	  docker build -t $(docker_registry)/deepzz/eiblog:latest .
+		docker build -t $(docker_registry)/deepzz/eiblog:latest .
 deploy:build
 	@docker push $(docker_registry)/deepzz/eiblog:latest
@@ -24,47 +24,37 @@ dist:
 	@./dist.sh
 gencert:makedir
 	@echo $(Ali_Key) $(Ali_Secret)
 	@if [ ! -n "$(sans)" ]; then \
-      printf "Need one argument [sans=params]\n"; \
+		printf "Need one argument [sans=params]\n"; \
-	  printf "example: sans=\"-d domain -d domain\"\n"; \
+		printf "example: sans=\"-d domain -d domain\"\n"; \
-      exit 1; \
+		exit 1; \
-    fi; \
+	fi; \
 	if [ ! -n "$(cn)" ]; then \
-      printf "Need one argument [cn=params]\n"; \
+		printf "Need one argument [cn=params]\n"; \
-	  printf "example: cn=domain\n"; \
+		printf "example: cn=domain\n"; \
-      exit 1; \
+		exit 1; \
-    fi
+	fi
 	@if [ ! -f $(acme.sh) ]; then \
-	  curl https://get.acme.sh | sh; \
+		curl https://get.acme.sh | sh; \
 	fi
 	@echo "generate rsa cert..."
-	@$(acme.sh) --force --issue --dns dns_ali \
+	@$(acme.sh) --force --issue --dns dns_ali $(sans) --log \
-	  $(sans) --log --renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi.sct && \
+		--renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi.sct \
-	  ct-submit ctlog.wosign.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/wosign.sct"
+		&& ct-submit ctlog.wosign.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/wosign.sct"
 	@$(acme.sh) --install-cert -d $(cn) \
-      --key-file       $(config)/ssl/domain.rsa.key \
+		--key-file       $(config)/ssl/domain.rsa.key \
-      --fullchain-file $(config)/ssl/domain.rsa.pem \
+		--fullchain-file $(config)/ssl/domain.rsa.pem \
-      --reloadcmd      "service nginx force-reload"
+		--reloadcmd      "service nginx force-reload"
 	@echo "generate ecc cert..."
-	@$(acme.sh) --force --issue --dns dns_ali \
+	@$(acme.sh) --force --issue --dns dns_ali $(sans) -k ec-256 --log \
-	  $(sans) -k ec-256 --log --renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi.sct && \
+		--renew-hook "ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi.sct \
-	  ct-submit ctlog.wosign.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/wosign.sct"
+		&& ct-submit ctlog.wosign.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/wosign.sct"
 	@$(acme.sh) --install-cert -d $(cn) --ecc \
-      --key-file       $(config)/ssl/domain.ecc.key \
+		--key-file       $(config)/ssl/domain.ecc.key \
-      --fullchain-file $(config)/ssl/domain.ecc.pem \
+		--fullchain-file $(config)/ssl/domain.ecc.pem \
-      --reloadcmd      "service nginx force-reload"
+		--reloadcmd      "service nginx force-reload"
 # fullchained:
 # 	@if [ ! -n "$(cn)" ]; then \
 #       printf "Use acme.sh generated certs, Need one argument [cn=params]\n"; \
 # 	  printf "example: cn=domain\n"; \
 #       exit 1; \
 #     fi
 # 	@cp $(acme)/$(cn)/ca.cer $(config)/ssl/full_chained.pem && \
 # 	   echo $(X3) >> $(config)/ssl/full_chained.pem
 dhparams:
 	@openssl dhparam -out $(config)/ssl/dhparams.pem 2048
--- a/conf/nginx/domain/eiblog.conf
+++ b/conf/nginx/domain/eiblog.conf
@@ -124,7 +124,7 @@ server {
    # letsencrypt file verify
    location ^~ /.well-known/acme-challenge/ {
-        alias                    /data/letsencrypt/challenges/;
+        alias                    /data/eiblog/challenges/;
        try_files                $uri =404;
    }