标签： aliyun

由于 Godaddy 停止了免费的支持ACME SSL 证书签发(DNS 模式),

不得不改用 DNS Alias 模式, 让阿里云 为Godaddy 管理的域名,代理合作签发SSL证书

默认的机构，ZEROSSL，一个初创企业，早已超负荷运转，多数时间已经无法正常签发了。改用Google的证书机构，相对门槛较高，需要有Google帐户，而且国内访问受限，所以签发都一直顺畅。

#!/bin/bash
#
#  Godaddy Domain:
DOMAIN=zhenglei.net
DNSAPI=dns_gd
#  Aliyun Domain as Proxy:
DOMAIN_PROXY=778065.xyz
DNSAPI_PROXY=dns_ali
#  Setup CNAME record mapping of _acme-challenge  between ${DOMAIN} and ${DOMAIN_PROXY}
# _acme-challenge.zhenglei.net       CNAME==>   _acme-challenge.778065.xyz
# _acme-challenge.blog.zhenglei.net  CNAME==>   _acme-challenge.778065.xyz
# ...
# nslookup -type=CNAME _acme-challenge.zhenglei.net
# nslookup -type=CNAME _acme-challenge.blog.zhenglei.net
# Aliyun key & secret to generate acme cert
# dnsapi=dns_ali
Ali_Key="Your Aliyun Key"
Ali_Secret="Your Aliyun Secret"
export Ali_Key=${Ali_Key}
export Ali_Secret=${Ali_Secret}
# Godaddy key & secret to generate acme cert
# dnsapi=dns_gd
GD_Key="Your Godaddy Key"
GD_Secret="Your Godaddy Secret"
#
#  Using alias dns mode of acme.sh
M=" --challenge-alias ${DOMAIN_PROXY} "
N=" --challenge-alias no "
#
#
# IP PROTOCOL
IP=--listen-v6
#
#
#
DNSSLEEP=40
# Init
source  /root/env.sh
ACME_SH=/root/.acme.sh/acme.sh
#
#
DSUB=""
DSUB+=" -d ${DOMAIN} ${M}"
DSUB+=" -d ${DOMAIN_PROXY} ${N}"
DSUB+=" -d blog.${DOMAIN} ${M}"
DSUB+=" -d blog.${DOMAIN_PROXY} ${N}"
DSUB+=" -d blog1.${DOMAIN} ${M} "
DSUB+=" -d blog2.${DOMAIN} ${M} "
DSUB+=" -d gallery.${DOMAIN} ${M} "
DSUB+=" -d gallery.${DOMAIN_PROXY} ${N} "
DSUB+=" -d gallery1.${DOMAIN} ${M} "
DSUB+=" -d gallery2.${DOMAIN} ${M} "
DSUB+=" -d music.${DOMAIN} ${M} "
DSUB+=" -d music.${DOMAIN_PROXY} ${N} "
DSUB+=" -d music1.${DOMAIN} ${M} "
DSUB+=" -d music2.${DOMAIN} ${M} "
DSUB+=" -d mpd.${DOMAIN} ${M} "
DSUB+=" -d mpd.${DOMAIN_PROXY} ${N} "
DSUB+=" -d mympd.${DOMAIN} ${M} "
DSUB+=" -d mympd.${DOMAIN_PROXY} ${N} "
DSUB+=" -d stream.${DOMAIN} ${M} "
DSUB+=" -d stream.${DOMAIN_PROXY} ${N} "
DSUB+=" -d video.${DOMAIN} ${M} "
DSUB+=" -d video.${DOMAIN_PROXY} ${N} "
DSUB+=" -d *.${DOMAIN} ${M} "
DSUB+=" -d *.${DOMAIN_PROXY} ${N} "
P=""
P+=" --dns ${DNSAPI_PROXY} "
P+=" --dnssleep ${DNSSLEEP} "
P+=" -k ec-384 "
P+=" --force "#  Issue:
echo "${ACME_SH} --issue  ${P} ${DSUB}"
      ${ACME_SH} --issue  ${P} ${DSUB}
# Install
INST_PATH=/opt/local/cert/acme_zhenglei.net
INST_CER=${INST_PATH}/fullchain.cer
INST_KEY=${INST_PATH}/zhenglei.net.key
# P+=" --debug "
# P+=" --log "
#  Issue:
echo "${ACME_SH} --issue  ${P} ${DSUB}"
      ${ACME_SH} --issue  ${P} ${DSUB}
# Install
INST_PATH=/opt/local/cert/acme_zhenglei.net
INST_CER=${INST_PATH}/fullchain.cer
INST_KEY=${INST_PATH}/zhenglei.net.key
OPENRESTY=/opt/local/etc/init.d/openresty
${ACME_SH} --install-cert -d ${DOMAIN} \
           --key-file ${INST_KEY} \
           --fullchain-file ${INST_CER} \
           --reloadcmd "${OPENRESTY} stop ; ${OPENRESTY} start"

godaddy 停止支持acme.sh的dns 模式

https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode