由于 aliyun oss 上托管的网站难以做到全自动的证书续期,只能尽量简化续期的步骤。
yarn run createAccount
- Input your email
- Save
ACMEAccountKey
&ACMEAccountUrl
output in console
OSSAccessKeyId=xxx
OSSAccessKeySecret=xxx
OSSRegion=oss-cn-hongkong
OSSBucket=xxx
ACMEAccountUrl=https://acme-v02.api.letsencrypt.org/acme/acct/xxx
ACMEAccountKey="-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----"
ACMEDomain=test.example.com
Note:
a. make sure your Aliyun RAM user has OSS
and Cert
permission.
b. make sure your oss has bound to your ACMEDomain
You can shortcut it in package.json
It will create cert and upload to ali cert service, you should bind it to your oss manually.
TBD
lets encrypt api may be affected by GFW