创建阿里云子账户用来管理域名解析
创建用户
在权限管理新增这两个权限
AliyunDomainFullAccess - 管理域名服务的权限
AliyunDNSFullAccess - 管理云解析(DNS)的权限
AliyunPvtzFullAccess - 管理云解析PrivateZone的权限
安装acme.sh
下载acme.sh
直接执行脚本安装不了就去github把acme.sh文件下载下来
中国大陆境内安装acme.sh
给执行权限
安装
./acme.sh --install -m v-kun@foxmail.com
执行后会在用户目录生成.acme.sh文件夹
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
root@iZnthgcp44a7pgZ:/v-kun/nginx-1.26.3# ./acme.sh --install -m v-kun@foxmail.com
[Wed Feb 4 03:13:57 PM CST 2026] Installing to /root/.acme.sh
[Wed Feb 4 03:13:57 PM CST 2026] Installed to /root/.acme.sh/acme.sh
[Wed Feb 4 03:13:57 PM CST 2026] Installing alias to '/root/.bashrc'
[Wed Feb 4 03:13:57 PM CST 2026] Close and reopen your terminal to start using acme.sh
[Wed Feb 4 03:13:57 PM CST 2026] Installing cron job
25 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Wed Feb 4 03:13:57 PM CST 2026] bash has been found. Changing the shebang to use bash as preferred.
[Wed Feb 4 03:13:58 PM CST 2026] OK
root@iZnthgcp44a7pgZ:/v-kun/nginx-1.26.3# cd /root/.acme.sh/```
#
```shell
export Ali_Key="刚才创建的阿里云账户"
export Ali_Secret="刚才创建的阿里云账户"
生成证书
1
./acme.sh --issue --debug --dns dns_ali -d v-kun.com -d '*.v-kun.com'
如果证书中只包含泛域名,那么签发出来的证书是没有根域的。所以需要额外添加一个根域
安装证书
1
./acme.sh --install-cert -d v-kun.com --key-file /v-kun/program/nginx-1.26.1/cert/v-kun.com.key --fullchain-file /v-kun/program/nginx-1.26.1/cert/v-kun.com.pem --reloadcmd "/v-kun/program/nginx-1.26.1/sbin/nginx -s reload"
遇到问题
Can not find dns api hook for: dns_ali
如果只下载acme.sh还需要下载dnsapi/dns_ali.sh 放到~/.acme.sh目录
下载地址:https://bgithub.xyz/acmesh-official/acme.sh/tree/master/dnsapi
Error add txt for domain
需要将dns_ali.sh回退版本
https://github.com/acmesh-official/acme.sh/issues/6320
<h2><a id="_0"></a>创建阿里云子账户用来管理域名解析</h2>
<h3><a id="_2"></a>创建用户</h3>
<p><img src="https://v-kun-file.oss-cn-beijing.aliyuncs.com/blog/2025-05-19/93ebd13c184d4c959440bb4ccb0f7772/image.png" alt="image.png" /></p>
<p><img src="https://v-kun-file.oss-cn-beijing.aliyuncs.com/blog/2025-05-19/9f6c154a51554f48a7c81d416b59c884/image.png" alt="image.png" /></p>
<h3><a id="_7"></a>在权限管理新增这两个权限</h3>
<p>AliyunDomainFullAccess - 管理域名服务的权限<br />
AliyunDNSFullAccess - 管理云解析(DNS)的权限<br />
AliyunPvtzFullAccess - 管理云解析PrivateZone的权限</p>
<h2><a id="acmesh_13"></a>安装acme.sh</h2>
<h3><a id="acmesh_14"></a>下载acme.sh</h3>
<p>直接执行脚本安装不了就去github把acme.sh文件下载下来<br />
<a href="https://github.com/acmesh-official/acme.sh/wiki/Install-in-China" target="_blank">中国大陆境内安装acme.sh</a></p>
<h3><a id="_18"></a>给执行权限</h3>
<pre><div class="hljs"><code class="lang-shell">chmod 744 acme.sh
</code></div></pre>
<h3><a id="_22"></a>安装</h3>
<pre><code class="lang-">./acme.sh --install -m v-kun@foxmail.com
</code></pre>
<h3><a id="acmesh_27"></a>执行后会在用户目录生成.acme.sh文件夹</h3>
<pre><div class="hljs"><code class="lang-shell">root@iZnthgcp44a7pgZ:/v-kun/nginx-1.26.3# ./acme.sh --install -m v-kun@foxmail.com
[Wed Feb 4 03:13:57 PM CST 2026] Installing to /root/.acme.sh
[Wed Feb 4 03:13:57 PM CST 2026] Installed to /root/.acme.sh/acme.sh
[Wed Feb 4 03:13:57 PM CST 2026] Installing alias to '/root/.bashrc'
[Wed Feb 4 03:13:57 PM CST 2026] Close and reopen your terminal to start using acme.sh
[Wed Feb 4 03:13:57 PM CST 2026] Installing cron job
25 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Wed Feb 4 03:13:57 PM CST 2026] bash has been found. Changing the shebang to use bash as preferred.
[Wed Feb 4 03:13:58 PM CST 2026] OK
root@iZnthgcp44a7pgZ:/v-kun/nginx-1.26.3# cd /root/.acme.sh/```
<span class="hljs-meta">
#</span><span class="bash"><span class="hljs-comment">## 把阿里云信息配置到环境变量</span></span>
```shell
export Ali_Key="刚才创建的阿里云账户"
export Ali_Secret="刚才创建的阿里云账户"
</code></div></pre>
<h3><a id="_46"></a>生成证书</h3>
<pre><div class="hljs"><code class="lang-shell">./acme.sh --issue --debug --dns dns_ali -d v-kun.com -d '*.v-kun.com'
</code></div></pre>
<blockquote>
<p>如果证书中只包含泛域名,那么签发出来的证书是没有根域的。所以需要额外添加一个根域</p>
</blockquote>
<h3><a id="_52"></a>安装证书</h3>
<pre><div class="hljs"><code class="lang-shell">./acme.sh --install-cert -d v-kun.com --key-file /v-kun/program/nginx-1.26.1/cert/v-kun.com.key --fullchain-file /v-kun/program/nginx-1.26.1/cert/v-kun.com.pem --reloadcmd "/v-kun/program/nginx-1.26.1/sbin/nginx -s reload"
</code></div></pre>
<h3><a id="_57"></a>遇到问题</h3>
<h4><a id="Can_not_find_dns_api_hook_for_dns_ali_58"></a>Can not find dns api hook for: dns_ali</h4>
<p>如果只下载acme.sh还需要下载dnsapi/dns_ali.sh 放到~/.acme.sh目录<br />
下载地址:https://bgithub.xyz/acmesh-official/acme.sh/tree/master/dnsapi</p>
<h4><a id="Error_add_txt_for_domain_61"></a>Error add txt for domain</h4>
<p>需要将dns_ali.sh回退版本<br />
https://github.com/acmesh-official/acme.sh/issues/6320</p>
