一、手动更新
1.打开终端,连接服务器,更新acme.sh脚本工具
/root/.acme.sh/acme.sh --upgrade2.使用acme.sh更新服务器本地所有SSL证书
/root/.acme.sh/acme.sh --renew-all如果你的服务器有多个网站的SSL证书,而你只想更新其中一个网站的SSL证书,可以使用“-d 域名”参数,例如
/root/.acme.sh/acme.sh --renew -d domain
二、自动更新
1.编写自动更新脚本,将更新后的证书替换nginx中使用的证书
#!/bin/bash # 定义变量 ACME_HOME="/root/.acme.sh" CERT_TARGET_DIR="/etc/nginx/ssl" NGINX_SERVICE="nginx" # 停 Nginx echo "Stoping Nginx service..." systemctl stop "${NGINX_SERVICE}" # 更新所有证书 echo "Updating all certificates..." "${ACME_HOME}/acme.sh" --cron --home "${ACME_HOME}" if [ $? -eq 0 ]; then echo "Certificates updated successfully. Processing each domain..." # 遍历所有域名目录 for domain_dir in "${ACME_HOME}"/*_ecc; do if [ -d "${domain_dir}" ]; then # 获取域名 domain_name=$(basename "${domain_dir}" | sed 's/_ecc$//') # 检查证书和密钥是否存在 cert_file="${domain_dir}/fullchain.cer" key_file="${domain_dir}/${domain_name}.key" if [ -f "${cert_file}" ] && [ -f "${key_file}" ]; then # 确保目标目录存在 target_dir="${CERT_TARGET_DIR}/${domain_name}" mkdir -p "${target_dir}" # 拷贝证书和密钥 cp "${cert_file}" "${target_dir}/fullchain.cer" cp "${key_file}" "${target_dir}/${domain_name}.key" echo "Certificates for ${domain_name} copied to ${target_dir}." else echo "Certificate or key file missing for ${domain_name}. Skipping." fi fi done # 重启 Nginx echo "Restarting Nginx service..." systemctl restart "${NGINX_SERVICE}" if [ $? -eq 0 ]; then echo "Nginx restarted successfully. Certificates are now active." else echo "Failed to restart Nginx. Please check the configuration." fi else echo "Failed to update certificates. Check acme.sh logs for details." fi2.手动执行测试
./update_certificates.sh3.加入到定时任务,每天夜里3点检查
0 3 * * * /opt/service/update_certificates/update_certificates.sh > /var/log/acme/cert_update.log 2>&1