From 2f12cd10304e090c76e701742ed35bd393396159 Mon Sep 17 00:00:00 2001
From: Tsanie Lily <tsorgy@gmail.com>
Date: Mon, 16 Aug 2021 16:45:04 +0800
Subject: [PATCH] add article acme.sh

---
 package.json             |  6 ++--
 source/_posts/acme-sh.md | 73 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 76 insertions(+), 3 deletions(-)
 create mode 100644 source/_posts/acme-sh.md

diff --git a/package.json b/package.json
index 7ec985d..2bc0f55 100644
--- a/package.json
+++ b/package.json
@@ -3,17 +3,17 @@
   "version": "1.0.0",
   "private": true,
   "hexo": {
-    "version": "5.2.0"
+    "version": "5.4.0"
   },
   "dependencies": {
-    "hexo": "^5.2.0",
+    "hexo": "^5.4.0",
     "hexo-generator-archive": "^1.0.0",
     "hexo-generator-category": "^1.0.0",
     "hexo-generator-index": "^2.0.0",
     "hexo-generator-sitemap": "^2.1.0",
     "hexo-generator-tag": "^1.0.0",
     "hexo-renderer-ejs": "^1.0.0",
-    "hexo-renderer-marked": "^3.2.0",
+    "hexo-renderer-marked": "^4.1.0",
     "hexo-renderer-stylus": "^2.0.1",
     "hexo-server": "^2.0.0"
   }
diff --git a/source/_posts/acme-sh.md b/source/_posts/acme-sh.md
new file mode 100644
index 0000000..3e3078a
--- /dev/null
+++ b/source/_posts/acme-sh.md
@@ -0,0 +1,73 @@
+---
+title: 使用 acme.sh 来管理 letsencrypt 证书
+date: 2021-08-16 16:15:09
+tags:
+---
+
+## 安装 acme.sh ##
+```shell
+curl https://get.acme.sh | sh
+```
+安装完毕后可以使用 `acme.sh --version` 检查状态
+```shell
+# acme.sh --version
+https://github.com/acmesh-official/acme.sh
+v3.0.1
+```
+
+如果需要升级 `acme.sh` 则运行
+```shell
+# 升级到最新版
+acme.sh --upgrade
+
+# 开启自动升级
+acme.sh --upgrade --auto-upgrade
+
+# 关闭自动升级
+acme.sh --upgrade --auto-upgrade 0
+```
+
+## 生成证书 ##
+<!-- more -->
+
+### HTTP 认证方式 ###
+```shell
+acme.sh --issue -d example.com -d www.example.com --webroot /home/wwwroot/example.com/
+```
+
+### DNS 认证方式 ###
+各大 dns 提供商的使用方式参考[此处](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)
+
+此处以 cloudflare 为例:
+```shell
+export CF_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
+export CF_Account_ID="xxxxxxxxxx"
+export CF_Zone_ID="xxxxxxxxxx"
+
+acme.sh --issue --dns dns_cf -d example.com -d *.example.com --server letsencrypt
+```
+
+
+## 操作已安装证书 ##
+```shell
+# 查看已安装证书
+acme.sh --list
+
+# 删除证书
+acme.sh remove <SAN_domains>
+```
+
+## 安装证书 ##
+```shell
+# 以 example.com 为例
+acme.sh --installcert -d example.com \
+        --key-file /usr/local/nginx/ssl/example.com.key \
+        --fullchain-file /usr/local/nginx/ssl/fullchain.cer \
+        --reloadcmd "systemctl reload nginx ; systemctl restart v2ray"
+```
+
+## 更新证书 ##
+如果需要手动续签，则执行
+```shell
+acme.sh --renew -d example.com --force
+```