openssl genrsa 4096 > account.key
wget http://dl.wdlinux.cn/files/openssl/openssl-1.0.2k.tar.gz
tar zxvf openssl-1.0.2k.tar.gz
cd openssl-1.0.2k
./config --prefix=/usr/local/openssl102k
make
mkdir /etc/ssl
cp apps/openssl.cnf /etc/ssl/
cd ..
openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:51099.com,DNS:www.51099.com")) > domain.csr
mkdir /www/web/challenges
vi /www/wdlinux/nginx/conf/vhost/51099.com.conf
service nginxd restart
python -v
wget https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py --no-check-certificate
python acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /www/web/challenges/ > ./signed.crt
pip
yum install python-pip
wget "https://pypi.python.org/packages/11/b6/abcb525026a4be042b486df43905d6893fb04f05aac21c32c638e939e447/pip-9.0.1.tar.gz#md5=35f01da33009719497f01a4ba69d63c9" --no-check-certificate
tar zxvf pip-9.0.1.tar.gz
cd pip-9.0.1
python setup.py install
cd ..
python acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /www/web/challenges/ > ./signed.crt
pip install argparse
python acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /www/web/challenges/ > ./signed.crt
wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
cat signed.crt intermediate.pem > chained.pem
wget -O - https://letsencrypt.org/certs/isrgrootx1.pem > root.pem
cd ..
ls /www/
mv ssl /www/
cd /www/
cd ssl/
cp chained.pem domain.key /www/wdlinux/nginx/conf/cer/
openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:baidu.com.com,DNS:www.baidu.com")) > baidu.csr
python acme_tiny.py --account-key ./account.key --csr ./baidu.csr --acme-dir /www/web/challenges/ > ./baidu.crt
vim acme_tiny.py
vi /bin/renew_cert.sh
#!/bin/bash
cd /www/ssl/
python acme_tiny.py --account-key account.key --csr domain.csr --acme-dir /www/web/challenges/ > signed.crt || exit
wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
cat signed.crt intermediate.pem > chained.pem
service nginx reload
chmod 700 /bin/renew_cert.sh
#0 0 1 * * root /bin/renew_cert.sh
