acme.sh 默认 CA 更新为 ZeroSSL 引起的问题
今天通过 acme.sh 给新域名申请 SSL 证书,遇到报错:
[Mon Jul 12 15:53:31 CST 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Mon Jul 12 15:53:31 CST 2021] No EAB credentials found for ZeroSSL, let's get one
[Mon Jul 12 15:53:31 CST 2021] acme.sh is using ZeroSSL as default CA now.
[Mon Jul 12 15:53:31 CST 2021] Please update your account with an email address first.
[Mon Jul 12 15:53:31 CST 2021] acme.sh --register-account -m [email protected]
[Mon Jul 12 15:53:31 CST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA
[Mon Jul 12 15:53:31 CST 2021] Please add '--debug' or '--log' to check more details.
[Mon Jul 12 15:53:31 CST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Error: Create Let's Encrypt SSL Certificate failed!
有人说需要在 ~/.acme.sh/account.conf 中添加:
ACCOUNT_EMAIL='[email protected]'
但是需要邮箱地址终究是麻烦,希望切换回 Let's Encrypt,可以这样:
# .acme.sh/acme.sh --set-default-ca --server letsencrypt
[Mon Jul 12 15:54:19 CST 2021] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
官方文档上也都写了,可以猛戳此处。
不过据说 ZeroSSL 支持泛域名比较爽,有空再折腾一下,先学党国维稳。
ZeroSSL也就那样,感觉还是Let's Encrypt好用些!前天才申请了一个ZeroSSL证书用!
Let's Encrypt一样支持泛证书呀。
acme.sh --issue -d \*.domain.name -d domain.name
完事
感谢回复,您是对的。