-
-
Notifications
You must be signed in to change notification settings - Fork 5.1k
Stateless Mode
Mike M Pestorich edited this page Feb 9, 2021
·
22 revisions
Configure your webserver to respond statelessly to challenges for a given account key. This requires nothing more than a one-time web server configuration change and no "moving parts".
- First get your account key thumbprint:
Remember the thumbprint in the last line:
root@ed:~# acme.sh --register-account [Mon Feb 6 21:40:18 CST 2017] Registering account [Mon Feb 6 21:40:19 CST 2017] Already registered [Mon Feb 6 21:40:21 CST 2017] Update success. [Mon Feb 6 21:40:21 CST 2017] ACCOUNT_THUMBPRINT='6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd'
6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd
- Configure the web server to return the account key thumbprint:
Add something similar to your
nginx.conf
:Add something similar to yourhttp { ... server { ... location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ { default_type text/plain; return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd"; } ... } }
httpd.conf
:Then addLoadModule php7_module libexec/apache2/libphp7.so ... <VirtualHost *:80> ... <IfModule php7_module> AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps <IfModule dir_module> DirectoryIndex index.html index.php </IfModule> </IfModule> ... <Directory "/PATH/TO/WWW/ROOT/.well-known/acme-challenge/"> RewriteEngine On RewriteRule "^[-_a-zA-Z0-9]+$" "index.php" </Directory> ... </VirtualHost> ...
/PATH/TO/WWW/ROOT/.well-known/acme-challenge/index.php
:NOTE that this approach uses PHP but something similar could be done with CGI, Perl, Ruby or pretty much any other server-side language.<?php header("Content-Type: text/plain"); $token = array_pop(explode('/',$_SERVER['REQUEST_URI'])); echo "$token.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd"; ?>
- Ok, you can issue cert now.
acme.sh --issue -d example.com --stateless
Buy me a beer, Donate to acme.sh if it saves your time. Your donation makes acme.sh better: https://donate.acme.sh/
如果 acme.sh 帮你节省了时间,请考虑赏我一杯啤酒🍺, 捐助: https://donate.acme.sh/ 你的支持将会使得 acme.sh 越来越好. 感谢