1、安装依赖包
yum install openssl cron socat curl

2、安装(假设注册域名归属人的邮箱是aa@bb.com)
curl https://get.acme.sh | sh -s email=aa@bb.com

3、用未占用的80端口在线验证域名并生成ecc证书(腾出80端口给a.b.com这个域名做验证用)
~/.acme.sh/acme.sh –issue -d a.b.com –standalone –keylength ec-256 –force

4、安装证书和密钥,再次续约时会自动更新证书所在目录
~/.acme.sh/acme.sh –installcert -d a.b.com –ecc \
–fullchain-file /etc/nginx/abcom.crt \
–key-file /etc/nginx/abcom.key \
–reloadcmd “systemctl restart nginx"

5、查看证书有效期
openssl x509 -in *.crt -noout -dates

6、手动更新证书
~/.acme.sh/acme.sh –renew -d a.b.com –force –ecc

7、每天2点自动检测并续约证书
crontab -e
0 2 * * * systemctl stop nginx && “/root/.acme.sh"/acme.sh –cron –home “/root/.acme.sh" && systemctl restart nginx &> /dev/null