又是被Linux权限困扰的几小时……给了点777,应该不会有什么安全隐患吧……算了,小破网站搞搞就烂,反正我也防不住,干脆不防了。
acme签发由zero ssl改Let's encrypt。
顺便维护了下xray的流量fallback,端口什么的终于对上了,之前头疼了几个月,这次可算是全部搞懂了。
https://xtls.github.io/document/level-1/fallbacks-lv1.html
Last login: Sun Jul 14 01:47:11 on ttys001
cutesnake@192 ~ % ssh root@66.42.100.165
root@66.42.100.165's password:
Last login: Sun Jul 14 01:47:49 2024 from xx.xx.xx.xx
-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
manpath: can't set the locale; make sure $LC_* and $LANG are correct
[root@vultr ~]# acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/ acme.sh --issue -d secretbase.cutesnake.top --webroot /www/wwwroot/secretbase.cutesnake.top/ acme.sh --issue -d cutesnake.top --webroot /www/wwwroot/cutesnake.top/
[Sun Jul 14 01:49:59 CST 2024] Unknown parameter : acme.sh
[root@vultr ~]# ls
[root@vultr ~]# cd ..
[root@vultr /]# ls
bin etc lib64 mnt proc sbin srv tmp www
boot home lost+found opt root srs ssl usr
dev lib media patch run srs.log.sys sys var
[root@vultr /]# cd root
[root@vultr ~]# ls
[root@vultr ~]# cd .acme.sh
[root@vultr .acme.sh]# ls
account.conf ca
acme.sh cutesnake.top_ecc notify
acme.sh.csh deploy secretbase.cutesnake.top_ecc
acme.sh.env dnsapi
blog.cutesnake.top_ecc http.header
[root@vultr .acme.sh]# acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/ acme.sh --issue -d secretbase.cutesnake.top --webroot /www/wwwroot/secretbase.cutesnake.top/ acme.sh --issue -d cutesnake.top --webroot /www/wwwroot/cutesnake.top/
[Sun Jul 14 01:55:34 CST 2024] Unknown parameter : acme.sh
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# .acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/ acme.sh --issue -d secretbase.cutesnake.top --webroot /www/wwwroot/secretbase.cutesnake.top/ acme.sh --issue -d cutesnake.top --webroot /www/wwwroot/cutesnake.top/
-bash: .acme.sh: command not found
[root@vultr .acme.sh]# bash acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/ acme.sh --issue -d secretbase.cutesnake.top --webroot /www/wwwroot/secretbase.cutesnake.top/ acme.sh --issue -d cutesnake.top --webroot /www/wwwroot/cutesnake.top/
[Sun Jul 14 01:56:07 CST 2024] Unknown parameter : acme.sh
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# ls
account.conf ca lijunting.com_ecc
acme.sh cutesnake.top_ecc notify
acme.sh.csh deploy secretbase.cutesnake.top_ecc
acme.sh.env dnsapi
blog.cutesnake.top_ecc http.header
[root@vultr .acme.sh]# acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.8
Usage: acme.sh <command> ... [parameters ...]
Commands:
-h, --help Show this help message.
-v, --version Show version info.
--install Install acme.sh to your system.
--uninstall Uninstall acme.sh, and uninstall the cron job.
--upgrade Upgrade acme.sh to the latest code from https://github.com/acmesh-official/acme.sh.
--issue Issue a cert.
--deploy Deploy the cert to your server.
-i, --install-cert Install the issued cert to apache/nginx or any other server.
-r, --renew Renew a cert.
--renew-all Renew all the certs.
--revoke Revoke a cert.
--remove Remove the cert from list of certs known to acme.sh.
--list List all the certs.
--info Show the acme.sh configs, or the configs for a domain with [-d domain] parameter.
--to-pkcs12 Export the certificate and key to a pfx file.
--to-pkcs8 Convert to pkcs8 format.
--sign-csr Issue a cert from an existing csr.
--show-csr Show the content of a csr.
-ccr, --create-csr Create CSR, professional use.
--create-domain-key Create an domain private key, professional use.
--update-account Update account info.
--register-account Register account key.
--deactivate-account Deactivate the account.
--create-account-key Create an account private key, professional use.
--install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
--uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
--cron Run cron job to renew all the certs.
--set-notify Set the cron notification hook, level or mode.
--deactivate Deactivate the domain authz, professional use.
--set-default-ca Used with '--server', Set the default CA to use.
See: https://github.com/acmesh-official/acme.sh/wiki/Server
--set-default-chain Set the default preferred chain for a CA.
See: https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain
Parameters:
-d, --domain <domain.tld> Specifies a domain, used to issue, renew or revoke etc.
--challenge-alias <domain.tld> The challenge domain alias for DNS alias mode.
See: https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
--domain-alias <domain.tld> The domain alias for DNS alias mode.
See: https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
--preferred-chain <chain> If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
If no match, the default offered chain will be used. (default: empty)
See: https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain
--valid-to <date-time> Request the NotAfter field of the cert.
See: https://github.com/acmesh-official/acme.sh/wiki/Validity
--valid-from <date-time> Request the NotBefore field of the cert.
See: https://github.com/acmesh-official/acme.sh/wiki/Validity
-f, --force Force install, force cert renewal or override sudo restrictions.
--staging, --test Use staging server, for testing.
--debug [0|1|2|3] Output debug info. Defaults to 2 if argument is omitted.
--output-insecure Output all the sensitive messages.
By default all the credentials/sensitive messages are hidden from the output/debug/log for security.
-w, --webroot <directory> Specifies the web root folder for web root mode.
--standalone Use standalone mode.
--alpn Use standalone alpn mode.
--stateless Use stateless mode.
See: https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode
--apache Use apache mode.
--dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted.
See: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
--dnssleep <seconds> The time in seconds to wait for all the txt records to propagate in dns api mode.
It's not necessary to use this by default, acme.sh polls dns status by DOH automatically.
-k, --keylength <bits> Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
-ak, --accountkeylength <bits> Specifies the account key length: 2048, 3072, 4096
--log [file] Specifies the log file. Defaults to "/root/.acme.sh/acme.sh.log" if argument is omitted.
--log-level <1|2> Specifies the log level, default is 2.
--syslog <0|3|6|7> Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
--eab-kid <eab_key_id> Key Identifier for External Account Binding.
--eab-hmac-key <eab_hmac_key> HMAC key for External Account Binding.
These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
--cert-file <file> Path to copy the cert file to after issue/renew.
--key-file <file> Path to copy the key file to after issue/renew.
--ca-file <file> Path to copy the intermediate cert file to after issue/renew.
--fullchain-file <file> Path to copy the fullchain cert file to after issue/renew.
--reloadcmd <command> Command to execute after issue/renew to reload the server.
--server <server_uri> ACME Directory Resource URI. (default: https://acme.zerossl.com/v2/DV90)
See: https://github.com/acmesh-official/acme.sh/wiki/Server
--accountconf <file> Specifies a customized account config file.
--home <directory> Specifies the home dir for acme.sh.
--cert-home <directory> Specifies the home dir to save all the certs, only valid for '--install' command.
--config-home <directory> Specifies the home dir to save all the configurations.
--useragent <string> Specifies the user agent string. it will be saved for future use too.
-m, --email <email> Specifies the account email, only valid for the '--install' and '--update-account' command.
--accountkey <file> Specifies the account key path, only valid for the '--install' command.
--days <ndays> Specifies the days to renew the cert when using '--issue' command. The default value is 60 days.
--httpport <port> Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
--tlsport <port> Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address <ip> Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
--listraw Only used for '--list' command, list the certs in raw format.
-se, --stop-renew-on-error Only valid for '--renew-all' command. Stop if one cert has error in renewal.
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
--ca-bundle <file> Specifies the path to the CA certificate bundle to verify api server's certificate.
--ca-path <directory> Specifies directory containing CA certificates in PEM format, used by wget or curl.
--no-cron Only valid for '--install' command, which means: do not install the default cron job.
In this case, the certs will not be renewed automatically.
--no-profile Only valid for '--install' command, which means: do not install aliases to user profile.
--no-color Do not output color text.
--force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails.
--ecc Specifies use of the ECC cert. Only valid for '--install-cert', '--renew', '--remove ', '--revoke',
'--deploy', '--to-pkcs8', '--to-pkcs12' and '--create-csr'.
--csr <file> Specifies the input csr.
--pre-hook <command> Command to be run before obtaining any certificates.
--post-hook <command> Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed.
--renew-hook <command> Command to be run after each successfully renewed certificate.
--deploy-hook <hookname> The hook file to deploy cert
--ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
--always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted.
--listen-v4 Force standalone/tls server to listen at ipv4.
--listen-v6 Force standalone/tls server to listen at ipv6.
--openssl-bin <file> Specifies a custom openssl bin location.
--use-wget Force to use wget, if you have both curl and wget installed.
--yes-I-know-dns-manual-mode-enough-go-ahead-please Force use of dns manual mode.
See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode
-b, --branch <branch> Only valid for '--upgrade' command, specifies the branch name to upgrade to.
--notify-level <0|1|2|3> Set the notification level: Default value is 2.
0: disabled, no notification will be sent.
1: send notifications only when there is an error.
2: send notifications when a cert is successfully renewed, or there is an error.
3: send notifications when a cert is skipped, renewed, or error.
--notify-mode <0|1> Set notification mode. Default value is 0.
0: Bulk mode. Send all the domain's notifications in one message(mail).
1: Cert mode. Send a message for every single cert.
--notify-hook <hookname> Set the notify hook
--notify-source <server name> Set the server name in the notification message
--revoke-reason <0-10> The reason for revocation, can be used in conjunction with the '--revoke' command.
See: https://github.com/acmesh-official/acme.sh/wiki/revokecert
--password <password> Add a password to exported pfx file. Use with --to-pkcs12.
[root@vultr .acme.sh]# acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/ acme.sh --issue -d secretbase.cutesnake.top --webroot /www/wwwroot/secretbase.cutesnake.top/ acme.sh --issue -d cutesnake.top --webroot /www/wwwroot/cutesnake.top/
[Sun Jul 14 01:57:24 CST 2024] Unknown parameter : acme.sh
[root@vultr .acme.sh]# acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/
[Sun Jul 14 01:57:58 CST 2024] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Jul 14 01:57:58 CST 2024] Single domain='blog.cutesnake.top'
[Sun Jul 14 01:58:00 CST 2024] Getting webroot for domain='blog.cutesnake.top'
[Sun Jul 14 01:58:00 CST 2024] Verifying: blog.cutesnake.top
[Sun Jul 14 01:58:01 CST 2024] Processing, The CA is processing your order, please just wait. (1/30)
[Sun Jul 14 01:58:05 CST 2024] Pending, The CA is processing your order, please just wait. (2/30)
[Sun Jul 14 01:58:08 CST 2024] Pending, The CA is processing your order, please just wait. (3/30)
[Sun Jul 14 01:58:12 CST 2024] Pending, The CA is processing your order, please just wait. (4/30)
[Sun Jul 14 01:58:16 CST 2024] Pending, The CA is processing your order, please just wait. (5/30)
[Sun Jul 14 01:58:19 CST 2024] Pending, The CA is processing your order, please just wait. (6/30)
[Sun Jul 14 01:58:23 CST 2024] Pending, The CA is processing your order, please just wait. (7/30)
[Sun Jul 14 01:58:27 CST 2024] Pending, The CA is processing your order, please just wait. (8/30)
[Sun Jul 14 01:58:30 CST 2024] Pending, The CA is processing your order, please just wait. (9/30)
[Sun Jul 14 01:58:34 CST 2024] Pending, The CA is processing your order, please just wait. (10/30)
[Sun Jul 14 01:58:38 CST 2024] Pending, The CA is processing your order, please just wait. (11/30)
[Sun Jul 14 01:58:41 CST 2024] Pending, The CA is processing your order, please just wait. (12/30)
[Sun Jul 14 01:58:45 CST 2024] Pending, The CA is processing your order, please just wait. (13/30)
[Sun Jul 14 01:58:49 CST 2024] Pending, The CA is processing your order, please just wait. (14/30)
[Sun Jul 14 01:58:52 CST 2024] Pending, The CA is processing your order, please just wait. (15/30)
[Sun Jul 14 01:58:56 CST 2024] Pending, The CA is processing your order, please just wait. (16/30)
2^C
[root@vultr .acme.sh]# systemctl status xray
● xray.service - Xray Service
Loaded: loaded (/etc/systemd/system/xray.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/xray.service.d
└─10-donot_touch_single_conf.conf
Active: active (running) since Tue 2024-03-12 03:11:35 CST; 4 months 2 days ago
Docs: https://github.com/xtls
Main PID: 17312 (xray)
CGroup: /system.slice/xray.service
└─17312 /usr/local/bin/xray run -config /usr/local/etc/xray/config...
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
[root@vultr .acme.sh]# systemctl status xray
● xray.service - Xray Service
Loaded: loaded (/etc/systemd/system/xray.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/xray.service.d
└─10-donot_touch_single_conf.conf
Active: active (running) since Tue 2024-03-12 03:11:35 CST; 4 months 2 days ago
Docs: https://github.com/xtls
Main PID: 17312 (xray)
CGroup: /system.slice/xray.service
└─17312 /usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
[root@vultr .acme.sh]# vim /usr/local/etc/xray/config.json
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/
[Sun Jul 14 02:14:29 CST 2024] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Jul 14 02:14:29 CST 2024] Single domain='blog.cutesnake.top'
[Sun Jul 14 02:14:31 CST 2024] Getting webroot for domain='blog.cutesnake.top'
[Sun Jul 14 02:14:32 CST 2024] Verifying: blog.cutesnake.top
[Sun Jul 14 02:14:32 CST 2024] Processing, The CA is processing your order, please just wait. (1/30)
[Sun Jul 14 02:14:36 CST 2024] Pending, The CA is processing your order, please just wait. (2/30)
[Sun Jul 14 02:14:40 CST 2024] Pending, The CA is processing your order, please just wait. (3/30)
[Sun Jul 14 02:14:43 CST 2024] Pending, The CA is processing your order, please just wait. (4/30)
[Sun Jul 14 02:14:47 CST 2024] Pending, The CA is processing your order, please just wait. (5/30)
[Sun Jul 14 02:14:51 CST 2024] Pending, The CA is processing your order, please just wait. (6/30)
[Sun Jul 14 02:14:54 CST 2024] Pending, The CA is processing your order, please just wait. (7/30)
[Sun Jul 14 02:14:58 CST 2024] Pending, The CA is processing your order, please just wait. (8/30)
[Sun Jul 14 02:15:01 CST 2024] Pending, The CA is processing your order, please just wait. (9/30)
[Sun Jul 14 02:15:05 CST 2024] Pending, The CA is processing your order, please just wait. (10/30)
[Sun Jul 14 02:15:09 CST 2024] Pending, The CA is processing your order, please just wait. (11/30)
[Sun Jul 14 02:15:12 CST 2024] Pending, The CA is processing your order, please just wait. (12/30)
[Sun Jul 14 02:15:16 CST 2024] Pending, The CA is processing your order, please just wait. (13/30)
[Sun Jul 14 02:15:20 CST 2024] Pending, The CA is processing your order, please just wait. (14/30)
[Sun Jul 14 02:15:24 CST 2024] Pending, The CA is processing your order, please just wait. (15/30)
[Sun Jul 14 02:15:27 CST 2024] Pending, The CA is processing your order, please just wait. (16/30)
[Sun Jul 14 02:15:31 CST 2024] Pending, The CA is processing your order, please just wait. (17/30)
[Sun Jul 14 02:15:34 CST 2024] Pending, The CA is processing your order, please just wait. (18/30)
[Sun Jul 14 02:15:38 CST 2024] Pending, The CA is processing your order, please just wait. (19/30)
[Sun Jul 14 02:15:42 CST 2024] Pending, The CA is processing your order, please just wait. (20/30)
[Sun Jul 14 02:15:45 CST 2024] Pending, The CA is processing your order, please just wait. (21/30)
[Sun Jul 14 02:15:49 CST 2024] Pending, The CA is processing your order, please just wait. (22/30)
[Sun Jul 14 02:15:53 CST 2024] Pending, The CA is processing your order, please just wait. (23/30)
[Sun Jul 14 02:15:56 CST 2024] Pending, The CA is processing your order, please just wait. (24/30)
[Sun Jul 14 02:16:00 CST 2024] Pending, The CA is processing your order, please just wait. (25/30)
[Sun Jul 14 02:16:04 CST 2024] Pending, The CA is processing your order, please just wait. (26/30)
[Sun Jul 14 02:16:07 CST 2024] Pending, The CA is processing your order, please just wait. (27/30)
[Sun Jul 14 02:16:11 CST 2024] Pending, The CA is processing your order, please just wait. (28/30)
[Sun Jul 14 02:16:15 CST 2024] Pending, The CA is processing your order, please just wait. (29/30)
[Sun Jul 14 02:16:18 CST 2024] blog.cutesnake.top:Timeout
[Sun Jul 14 02:16:18 CST 2024] Please add '--debug' or '--log' to check more details.
[Sun Jul 14 02:16:18 CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[root@vultr .acme.sh]# acme.sh –set-default-ca –server letsencrypt
/root/.acme.sh/acme.sh: line 8006: –set-default-ca: command not found
[root@vultr .acme.sh]# –set-default-ca –server letsencrypt
-bash: –set-default-ca: command not found
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# acme.sh --set-default-ca --server letsencrypt
[Sun Jul 14 02:19:26 CST 2024] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
[root@vultr .acme.sh]# acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/
[Sun Jul 14 02:19:36 CST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 14 02:19:37 CST 2024] Create account key ok.
[Sun Jul 14 02:19:37 CST 2024] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 14 02:19:37 CST 2024] Register account Error: {
"type": "urn:ietf:params:acme:error:invalidContact",
"detail": "Error creating new account :: invalid contact domain. Contact emails @example.com are forbidden",
"status": 400
}
[Sun Jul 14 02:19:37 CST 2024] Please add '--debug' or '--log' to check more details.
[Sun Jul 14 02:19:37 CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[root@vultr .acme.sh]# acme.sh --register-account -m suchacutesnake@gmail.com
[Sun Jul 14 02:21:39 CST 2024] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 14 02:21:39 CST 2024] Register account Error: {
"type": "urn:ietf:params:acme:error:invalidContact",
"detail": "Error creating new account :: invalid contact domain. Contact emails @example.com are forbidden",
"status": 400
}
[root@vultr .acme.sh]# acme.sh --update-account
[Sun Jul 14 02:22:15 CST 2024] The account url is empty, please run '--update-account' first to update the account info first,
[Sun Jul 14 02:22:15 CST 2024] Then try again.
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# acme.sh --register-account -m suchacutesnake@gmail.com
[Sun Jul 14 02:23:17 CST 2024] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 14 02:23:18 CST 2024] Register account Error: {
"type": "urn:ietf:params:acme:error:invalidContact",
"detail": "Error creating new account :: invalid contact domain. Contact emails @example.com are forbidden",
"status": 400
}
[root@vultr .acme.sh]# vim acme.sh --register-account -m suchacutesnake@gmail.com
VIM - Vi IMproved 7.4 (2013 Aug 10, compiled Dec 15 2020 16:44:08)
Unknown option argument: "--register-account"
More info with: "vim -h"
[root@vultr .acme.sh]# vim ~/.acme.sh/account.conf
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/
[Sun Jul 14 02:25:12 CST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 14 02:25:12 CST 2024] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 14 02:25:13 CST 2024] Registered
[Sun Jul 14 02:25:13 CST 2024] ACCOUNT_THUMBPRINT='Zxz16kZ1_7fMubtWS5f2XfYQWyFiO86648mT5WzJ4qo'
[Sun Jul 14 02:25:13 CST 2024] Single domain='blog.cutesnake.top'
[Sun Jul 14 02:25:14 CST 2024] Getting webroot for domain='blog.cutesnake.top'
[Sun Jul 14 02:25:14 CST 2024] Verifying: blog.cutesnake.top
[Sun Jul 14 02:25:14 CST 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Sun Jul 14 02:25:18 CST 2024] Invalid status, blog.cutesnake.top:Verify error detail:66.42.100.165: Invalid response from http://blog.cutesnake.top/.well-known/acme-challenge/5h4A6RVhc2XwOnByBcfxsCdBp71XIqpKm-b7Pbp_tRY: 404
[Sun Jul 14 02:25:18 CST 2024] Please add '--debug' or '--log' to check more details.
[Sun Jul 14 02:25:18 CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/
[Sun Jul 14 02:34:12 CST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 14 02:34:13 CST 2024] Single domain='blog.cutesnake.top'
[Sun Jul 14 02:34:14 CST 2024] Getting webroot for domain='blog.cutesnake.top'
[Sun Jul 14 02:34:14 CST 2024] Verifying: blog.cutesnake.top
[Sun Jul 14 02:34:14 CST 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Sun Jul 14 02:34:18 CST 2024] Invalid status, blog.cutesnake.top:Verify error detail:66.42.100.165: Invalid response from http://blog.cutesnake.top/.well-known/acme-challenge/SEXD707GmP-nLhdcYQs-3h7pC6sUmnqNcVqDYsY8iWs: 404
[Sun Jul 14 02:34:18 CST 2024] Please add '--debug' or '--log' to check more details.
[Sun Jul 14 02:34:18 CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/
[Sun Jul 14 02:38:06 CST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 14 02:38:06 CST 2024] Single domain='blog.cutesnake.top'
[Sun Jul 14 02:38:07 CST 2024] Getting webroot for domain='blog.cutesnake.top'
[Sun Jul 14 02:38:07 CST 2024] Verifying: blog.cutesnake.top
[Sun Jul 14 02:38:08 CST 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Sun Jul 14 02:38:11 CST 2024] Invalid status, blog.cutesnake.top:Verify error detail:66.42.100.165: Invalid response from http://blog.cutesnake.top/.well-known/acme-challenge/PihBl7gj5PBTw0GBYzR_5CezhTNKDQpfQeKxz5r6Ce8: 404
[Sun Jul 14 02:38:11 CST 2024] Please add '--debug' or '--log' to check more details.
[Sun Jul 14 02:38:11 CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[root@vultr .acme.sh]# sudo acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/
sudo: acme.sh: command not found
[root@vultr .acme.sh]# brew list
-bash: brew: command not found
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# chmod 777 /www/wwwroot/blog.cutesnake.top/.well-known/acme-challenge/
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# acme.sh --issue -d blog.cutesnake.top --webroot /www/wwwroot/blog.cutesnake.top/
[Sun Jul 14 02:46:41 CST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 14 02:46:41 CST 2024] Single domain='blog.cutesnake.top'
[Sun Jul 14 02:46:43 CST 2024] Getting webroot for domain='blog.cutesnake.top'
[Sun Jul 14 02:46:43 CST 2024] Verifying: blog.cutesnake.top
[Sun Jul 14 02:46:43 CST 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Sun Jul 14 02:46:47 CST 2024] Success
[Sun Jul 14 02:46:47 CST 2024] Verify finished, start to sign.
[Sun Jul 14 02:46:47 CST 2024] Lets finalize the order.
[Sun Jul 14 02:46:47 CST 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1835370607/286984849507'
[Sun Jul 14 02:46:48 CST 2024] Downloading cert.
[Sun Jul 14 02:46:48 CST 2024] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/033bffb2b646e8be12c37e74b08325127971'
[Sun Jul 14 02:46:48 CST 2024] Cert success.
-----BEGIN CERTIFICATE-----
MIIDhDCCAwqgAwIBAgISAzv/srZG6L4Sw350sIMlEnlxMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNDA3MTMxNzQ2NDdaFw0yNDEwMTExNzQ2NDZaMB0xGzAZBgNVBAMTEmJs
b2cuY3V0ZXNuYWtlLnRvcDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLx4bhCe
BQvvkk2ogHGzbYiO0OHCZTCLaPxtwaAxKf3J9hRHJQvxYsbilhu7pObl1NiIeFvF
ZT8QFSfgb/xhBHyjggITMIICDzAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKLHkn1q
6Y97k9N8qUblZOlU1JL2MB8GA1UdIwQYMBaAFJ8rX888IU+dBLftKyzExnCL0tcN
MFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U1Lm8ubGVuY3Iu
b3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTUuaS5sZW5jci5vcmcvMB0GA1UdEQQW
MBSCEmJsb2cuY3V0ZXNuYWtlLnRvcDATBgNVHSAEDDAKMAgGBmeBDAECATCCAQMG
CisGAQQB1nkCBAIEgfQEgfEA7wB1AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/
KIXs+GRuAAABkK1rScIAAAQDAEYwRAIgfb4M6yTf7NZCrElWR1t+dP0UO9l7IuFY
g8XTx10s7IUCIDhlncb/IgMlTL9QpIk3Zqiasaj92gkV9MSUZyYBmqbHAHYA3+FW
66oFr7WcD4ZxjajAMk6uVtlup/WlagHRwTu+UlwAAAGQrWtKiQAABAMARzBFAiEA
qqGlcCP4PWZkDlGyI5qeqeNOoKBLJcp8MuzPVaZERPwCIEOHTpfjZFm3012dYi7G
a7Ywwe1SjXXp/+42Isa4t2LeMAoGCCqGSM49BAMDA2gAMGUCMQCJv31jYRxqhn6n
fdH3ge1MiXlDuSbUV7plNqABosd1HGQsHMoQWF2SqfLkgUV8t3wCMGXjPt6oxAwU
FtSjRaw3F3SdBaOl9ET/uFkZ4rvIATf1ubie4LMbbzrqQ/O/XQ1fmA==
-----END CERTIFICATE-----
[Sun Jul 14 02:46:48 CST 2024] Your cert is in: /root/.acme.sh/blog.cutesnake.top_ecc/blog.cutesnake.top.cer
[Sun Jul 14 02:46:48 CST 2024] Your cert key is in: /root/.acme.sh/blog.cutesnake.top_ecc/blog.cutesnake.top.key
[Sun Jul 14 02:46:48 CST 2024] The intermediate CA cert is in: /root/.acme.sh/blog.cutesnake.top_ecc/ca.cer
[Sun Jul 14 02:46:48 CST 2024] And the full chain certs is there: /root/.acme.sh/blog.cutesnake.top_ecc/fullchain.cer
[root@vultr .acme.sh]# acme.sh --install-cert -d blog.cutesnake.top
[Sun Jul 14 02:47:45 CST 2024] The domain 'blog.cutesnake.top' seems to have a ECC cert already, lets use ecc cert.
[root@vultr .acme.sh]# --key-file /www/server/panel/vhost/cert/cutesnake.top/privkey.pem
-bash: --key-file: command not found
[root@vultr .acme.sh]# --fullchain-file /www/server/panel/vhost/cert/cutesnake.top/fullchain.pem
-bash: --fullchain-file: command not found
[root@vultr .acme.sh]# --reloadcmd "service nginx force-reload"
-bash: --reloadcmd: command not found
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# acme.sh --install-cert -d blog.cutesnake.top --key-file /www/server/panel/vhost/cert/cutesnake.top/privkey.pem --fullchain-file /www/server/panel/vhost/cert/cutesnake.top/fullchain.pem --reloadcmd "service nginx force-reload"
[Sun Jul 14 02:48:34 CST 2024] The domain 'blog.cutesnake.top' seems to have a ECC cert already, lets use ecc cert.
[Sun Jul 14 02:48:34 CST 2024] Installing key to: /www/server/panel/vhost/cert/cutesnake.top/privkey.pem
[Sun Jul 14 02:48:34 CST 2024] Installing full chain to: /www/server/panel/vhost/cert/cutesnake.top/fullchain.pem
[Sun Jul 14 02:48:34 CST 2024] Run reload cmd: service nginx force-reload
Usage: /etc/init.d/nginx {start|stop|restart|reload|status|configtest}
[Sun Jul 14 02:48:34 CST 2024] Reload error for :
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# service nginx force-reload
Usage: /etc/init.d/nginx {start|stop|restart|reload|status|configtest}
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]#
[root@vultr .acme.sh]# vim /usr/local/etc/xray/config.json
[root@vultr .acme.sh]# systemctl restart xray
[root@vultr .acme.sh]# systemctl status xray
● xray.service - Xray Service
Loaded: loaded (/etc/systemd/system/xray.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/xray.service.d
└─10-donot_touch_single_conf.conf
Active: active (running) since Sun 2024-07-14 03:04:41 CST; 9s ago
Docs: https://github.com/xtls
Main PID: 23139 (xray)
CGroup: /system.slice/xray.service
└─23139 /usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Jul 14 03:04:41 vultr.guest systemd[1]: Stopped Xray Service.
Jul 14 03:04:41 vultr.guest systemd[1]: Started Xray Service.
Jul 14 03:04:41 vultr.guest xray[23139]: Xray 1.8.6 (Xray, Penetrates Everything.) Custom (go1.21.4 linux/amd64)
Jul 14 03:04:41 vultr.guest xray[23139]: A unified platform for anti-censorship.
Jul 14 03:04:41 vultr.guest xray[23139]: 2024/07/14 03:04:41 [Info] infra/conf/serial: Reading config: /usr/local/etc/xray/config.json
[root@vultr .acme.sh]#
