srvrco/getssl

GitHub: srvrco/getssl

一款基于纯 Bash 编写的 Let's Encrypt 客户端，专注于通过 SSH/SFTP 远程自动化申请与部署 SSL 证书。

Stars: 2216 | Forks: 386

# getssl ![Run all tests on Pebble](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/a58db51951135954.svg) ![shellcheck](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/0704a4c826135955.svg) 从 letsencrypt.org ACME 服务器获取 SSL 证书。适合在远程服务器上自动化该流程。 ## 目录 - [v2.43 升级故障](#upgrade-broken-in-v243) - [功能特性](#features) - [概述](#overview) - [快速入门指南](#quick-start-guide) - [手动安装](#manual-installation) - [入门](#getting-started) - [包含更多示例的详细入门指南](#detailed-guide-to-getting-started-with-more-examples) - [通配符证书](#wildcard-certificates) - [ISPConfig](#ispconfig) - [自动化更新](#automating-updates) - [结构](#structure) - [自定义配置模板](#custom-template-for-configuration) - [服务器类型](#server-types) - [吊销证书](#revoke-a-certificate) - [椭圆曲线密钥](#elliptic-curve-keys) - [首选链](#preferred-chain) - [在证书链中包含根证书](#include-root-certificate-in-full-chain) - [Windows Server 和 IIS 支持](#windows-server-and-iis-support) - [将 getssl 构建为 RPM 包 (Redhat/CentOS/SuSe/Oracle/AWS)](#building-as-an-rpm-package) - [将 getssl 构建为 Debian 包 (Debian/Ubuntu)](#building-as-a-debian-package) - [问题 / 故障 / 帮助](#issues--problems--help) ## v2.43 升级故障 v2.43 中的自动升级功能因 URL 错误而失效。如果您安装了此版本，则需要使用以下命令手动升级： ```curl --silent --user-agent getssl/manual https://raw.githubusercontent.com/srvrco/getssl/latest/getssl --output getssl``` ## 功能特性 * **Bash** - 几乎可以在所有 unix 机器上运行，包括 BSD、大多数 Linux 发行版、macOS。 * **获取远程服务器的证书** - 用于验证域名所有权的 token，以及证书本身可以自动复制到远程服务器（通过 ssh、sftp 或 ftp 传输 token）。脚本不需要在服务器本身运行。如果您没有权限在服务器本身运行此类脚本，例如如果是共享服务器，这将非常有用。 * **作为每日 cron 运行** - 这样证书将在需要时自动更新。 * **自动证书续期** * **检查证书是否正确加载** - 安装新证书后，它将测试指定的端口（参见 [服务器类型](#server-types) 以获取选项），以确保证书实际上被正确使用。 * **自动更新** - 如果需要，脚本可以自动更新自身以修复错误等。 * **高度可配置** - 通过为每个证书设置一个简单的配置文件，可以根据您的需求进行精确配置，无论是简单的单域名还是同一证书涵盖多台服务器上的多个域名。 * **支持 http 和 dns 挑战** - 完整的 ACME 实现 * **简单易用** * **详细的调试信息** - 虽然不应该需要，但可以提供详细的调试信息。 * **重载服务** - 获取新证书后，相关的服务（例如 apache/nginx/postfix）可以被重载。 * **ACME v1 和 V2** - 同时支持 ACME 版本 1 和 2（注意 ACMEv1 已弃用，客户端将自动使用 v2） ## 概述 GetSSL 是用标准 bash 编写的（因此它可以在服务器、台式机甚至 virtualbox 上运行），并将检查和证书添加到远程服务器（前提是您拥有通过 ssh 密钥、 sftp 或 ftp 访问远程服务器的权限）。 ``` getssl ver. 2.36 Obtain SSL certificates from the letsencrypt.org ACME server Usage: getssl [-h|--help] [-d|--debug] [-c|--create] [-f|--force] [-a|--all] [-q|--quiet] [-Q|--mute] [-u|--upgrade] [-X|--experimental tag] [-U|--nocheck] [-r|--revoke cert key] [-w working_dir] [--preferred-chain chain] domain Options: -a, --all Check all certificates -d, --debug Output debug information -c, --create Create default config files -f, --force Force renewal of cert (overrides expiry checks) -h, --help Display this help message and exit -i, --install Install certificates and reload service -q, --quiet Quiet mode (only outputs on error, success of new cert, or getssl was upgraded) -Q, --mute Like -q, but also mute notification about successful upgrade -r, --revoke "cert" "key" [CA_server] Revoke a certificate (the cert and key are required) -u, --upgrade Upgrade getssl if a more recent version is available - can be used with or without domain(s) -X --experimental tag Allow upgrade to a specified version of getssl -U, --nocheck Do not check if a more recent version is available -v --version Display current version of getssl -w working_dir "Working directory" --preferred-chain "chain" Use an alternate chain for the certificate ``` ## 快速入门指南您可以从本项目的 [发布页面](https://github.com/jeffmerkey/getssl/releases) 下载预编译的 RPM 包和 Debian (DEB) 包，或者您可以手动从 git 源代码构建并安装程序。如果您想从 git 源代码手动安装程序，而不是使用预编译的 RPM 和 DEB 包，或者如果您的目标平台不支持 Linux RPM 或 DEB 包，请跳转到 [手动安装](#manual-installation) 部分以获取手动安装 getssl 程序的说明。提供的包分为二进制版本和源代码版本，可以直接下载安装或重新构建。包类型包括 Red Hat 包管理器 (RPM) 包和 Debian (DEB) 包用于二进制安装，以及源代码 RPM 包 (SRPMS) 和 Debbuild SDEB 包用于源代码安装。每个版本的 RPM 和 DEB 包都包含一个特定于二进制架构的包以及一个源代码包，后者可以下载并构建/重新构建，其中包含源代码。例如，v2.49 版本在发布部分包含以下包： ### **基于 RPM 的包 (RedHat, CentOS, SuSe, Oracle Linux, AWS Linux)** - [getssl-2.49-1.src.rpm](https://github.com/srvrco/getssl/releases/download/2.49/getssl-2.49-1.src.rpm) (源代码) - [getssl-2.49-1.noarch.rpm](https://github.com/srvrco/getssl/releases/download/2.49/getssl-2.49-1.noarch.rpm) (二进制) ### **基于 Debian 的包** - [getssl_2.49-1_all.deb](https://github.com/srvrco/getssl/releases/download/v2.49/getssl_2.49-1_all.deb) (二进制) ### **安装二进制包** 使用 rpm 包管理器为 RedHat、CentOS、SuSe、Oracle Linux 或 AWS Linux 发行版安装二进制包： ``` rpm -i getssl-2.49-1.noarch.rpm ``` 卸载 RPM 二进制包： ``` rpm -e getssl ``` 使用 Debian dpkg 包管理器为 Debian 和 Ubuntu Linux 发行版安装二进制包： ``` dpkg -i getssl_2.49-1_all.deb ``` 卸载 Debian dpkg 二进制包： ``` dpkg -r getssl ``` ### **安装源代码包** 使用 rpm 包管理器为 RedHat、CentOS、SuSe、Oracle Linux 或 AWS Linux 发行版安装源代码包： ``` rpm -i getssl-2.48-1.src.rpm ``` *(注意：对于 RedHat、CentOS、Oracle Linux 和 AWS Linux 平台，rpm 将源代码文件安装在 /root/rpmbuild/ 作为顶级目录。SuSe 平台将源代码文件安装在 /usr/src/packages/)* 使用 Debbuild 包工具为 Debian 或 Ubuntu Linux 发行版安装源代码包： ``` debbuild -i getssl-2.49-1.sdeb ``` *(注意：Debbuild 将源代码文件安装在 /root/debbuild/ 作为顶级目录)* 值得注意的是，SDEB 包实际上只是重命名为 .sdeb 文件扩展名的 tar.gz 归档文件，其文件组织为 SPECS 和 SOURCES 目录树结构。因此，也可以使用 **tar -xvf 命令**解压并安装 SDEB，或使用 **tar -tvf 命令**列出文件： ``` [root@localhost getssl]$ tar -tvf /root/debbuild/SDEBS/getssl-2.49-1.sdeb -rw-r--r-- root/root 1772110 2022-10-12 20:42 SOURCES/getssl-2.49.tar.gz -rw-r--r-- root/root 192 2022-08-02 15:02 SOURCES/getssl.crontab -rw-r--r-- root/root 126 2022-08-02 15:02 SOURCES/getssl.logrotate -rw-r--r-- root/root 1537 2022-08-02 15:02 SPECS/getssl.spec [root@localhost getssl]$ ``` 在您的平台上安装关联的源代码包后，若要构建或重新构建 RPM 或 DEB 包，请参考以下内容： - [将 getssl 构建为 RPM 包 (Redhat/CentOS/SuSe/Oracle/AWS)](#building-as-an-rpm-package) - [将 getssl 构建为 Debian 包 (Debian/Ubuntu)](#building-as-a-debian-package) ## 手动安装由于脚本仅包含一个文件，您可以使用以下命令仅快速安装 GetSSL： ``` curl --silent https://raw.githubusercontent.com/srvrco/getssl/latest/getssl > getssl ; chmod 700 getssl ``` 这会将 getssl Bash 脚本复制到当前位置，并更改权限使其对您可执行。若要获得更全面的安装（例如同时安装辅助脚本），请使用每个发布 tarball 中提供的 Makefile。使用 `install` 目标。您可以在 git 仓库中找到最新版本： ``` git clone https://github.com/srvrco/getssl.git ``` 对于 Arch Linux，AUR 中有相关软件包，请参见 [这里](https://aur.archlinux.org/packages/getssl/) 和 [那里](https://aur.archlinux.org/packages/getssl-git/)。如果您使用 puppet，dthielking 提供了一个 [GetSSL Puppet 模块](https://github.com/dthielking/puppet_getssl) ## 入门获得脚本后（参见上面的安装），下一步是使用 ``` ./getssl -c yourdomain.com ``` 其中 yourdomain.com 是您要为其创建证书的主要域名。这将创建以下文件夹和文件。 ``` ~/.getssl ~/.getssl/getssl.cfg ~/.getssl/yourdomain.com ~/.getssl/yourdomain.com/getssl.cfg ``` 然后您可以编辑 `~/.getssl/getssl.cfg` 来设置您希望作为大多数证书默认值的值。然后编辑 `~/.getssl/yourdomain.com/getssl.cfg` 以设置您希望用于此特定域名的值（确保取消注释并指定正确的 `ACL` 选项，因为这是必需的）。然后您只需运行： ``` getssl yourdomain.com ``` 它应该会运行，并提供如下输出： ``` Registering account Verify each domain Verifying yourdomain.com Verified yourdomain.com Verifying www.yourdomain.com Verified www.yourdomain.com Verification completed, obtaining certificate. Certificate saved in /home/user/.getssl/yourdomain.com/yourdomain.com.crt The intermediate CA cert is in /home/user/.getssl/yourdomain.com/chain.crt copying domain certificate to ssh:server5:/home/yourdomain/ssl/domain.crt copying private key to ssh:server5:/home/yourdomain/ssl/domain.key copying CA certificate to ssh:server5:/home/yourdomain/ssl/chain.crt reloading SSL services ``` **默认情况下）这将使用暂存服务器，因此它会给您一个不受信任的证书（Fake Let's Encrypt）。** 更改配置文件中的服务器以获取完全有效的证书。 **注意：** 验证通过端口 80 (http)、端口 443 (https) 或 dns 完成。证书可以在备用端口上使用（并通过 getssl 检查）。 ## 包含更多示例的详细入门指南 [获取 example.com 和 www.example.com 证书的指南](https://github.com/srvrco/getssl/wiki/Guide-to-getting-a-certificate-for-example.com-and-www.example.com) ## 通配符证书 `getssl` 支持创建通配符证书，即 _*.example.com_，这允许单个证书用于 *example.com* 下的任何域名，例如 *www.example.com*、*mail.example.com*。这些必须使用 dns-01 方法进行验证。一个 *部分* `getssl.cfg` 配置文件示例： ``` VALIDATE_VIA_DNS=true export CPANEL_USERNAME='' export CPANEL_URL='https://www.cpanel.host:2083' export CPANEL_APITOKEN='1ABC2DEF3GHI4JKL5MNO6PQR7STU8VWX9YZA' DNS_ADD_COMMAND=/home/root/getssl/dns_scripts/dns_add_cpanel DNS_DEL_COMMAND=/home/root/getssl/dns_scripts/dns_del_cpanel ``` ## ISPConfig 需要在 `ISPConfig` 中创建一个远程用户以启用远程 API 访问。您需要转到 `System -> Remote Users`，然后为远程用户启用功能，例如 `DNS zone functions`。需要 PHP 来执行文件 ispconfig_soap.php 中的 soap 函数。 ``` DNS_ADD_COMMAND="/home/root/getssl/dns_scripts/dns_add_ispconfig" DNS_DEL_COMMAND="/home/root/getssl/dns_scripts/dns_del_ispconfig" export ISPCONFIG_REMOTE_USER_NAME="ussename" export ISPCONFIG_REMOTE_USER_PASSWORD="password" export ISPCONFIG_SOAP_LOCATION="https://localhost:8080/remote/index.php" export ISPCONFIG_SOAP_URL="https://localhost:8080/remote/" ``` 创建通配符证书（需要使用引号以防止通配符扩展）： ``` getssl "*.example.domain" ``` 您可以使用 `getssl -a` 更新所有已配置的证书。您也可以在 `SANS` 行中指定额外的域名，例如 `SANS="www.test.example.com"`。这里不能包含任何会被通配符证书覆盖的域名。 ## 自动化更新我使用以下 **cron** 作业 ``` 23 5 * * * /root/scripts/getssl -u -a -q ``` cron 将自动更新 getssl 并更新任何证书，仅在出现问题/错误时输出。 * -u 标志会在有更新的版本可用时更新 getssl。 * -a 标志自动更新任何到期需要更新的证书。 * -q 标志表示“安静”，这样只有在出现错误/问题时它才会输出并发邮件给我。 ## 结构设计旨在提供运行代码的灵活性。默认工作目录是 `~/.getssl`（可以通过命令行修改）。在 **工作目录** 内有一个配置文件 `getssl.cfg`，这是一个简单的 bash 文件，包含变量，例如： ``` # Uncomment and modify any variables you need # The staging server is best for testing (hence set as default) CA="https://acme-staging-v02.api.letsencrypt.org" # This server issues full certificates, however has rate limits #CA="https://acme-v02.api.letsencrypt.org" AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" # Set an email address associated with your account - generally set at account level rather than domain. ACCOUNT_EMAIL="me@example.com" ACCOUNT_KEY_LENGTH=4096 ACCOUNT_KEY="/home/user/.getssl/account.key" PRIVATE_KEY_ALG="rsa" # The time period within which you want to allow renewal of a certificate - this prevents hitting some of the rate limits. RENEW_ALLOW="30" # openssl config file. The default should work in most cases. SSLCONF="/usr/lib/ssl/openssl.cnf" ``` 然后，在 **工作目录** 内，每个证书都有一个文件夹（基于其域名）。在该文件夹内将有一个配置文件（同样名为 `getssl.cfg`）。例如： ``` # Uncomment and modify any variables you need # see https://github.com/srvrco/getssl/wiki/Config-variables for details # see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs # # The staging server is best for testing #CA="https://acme-staging-v02.api.letsencrypt.org" # This server issues full certificates, however has rate limits #CA="https://acme-v02.api.letsencrypt.org" #AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" PRIVATE_KEY_ALG="rsa" # Additional domains - this could be multiple domains / subdomains in a comma separated list SANS="www.example.org" # Acme Challenge Location. The first line for the domain, the following ones for each additional domain. # If these start with ssh: then the next variable is assumed to be the hostname and the rest the location. # An ssh key will be needed to provide you with access to the remote server. # Optionally, you can specify a different userid for ssh/scp to use on the remote server before the @ sign. # If left blank, the username on the local server will be used to authenticate against the remote server. # If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location # These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge" # where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain. #ACL=('/var/www/${DOMAIN}/web/.well-known/acme-challenge' # 'ssh:server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge' # 'ssh:sshuserid@server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge' # 'ftp:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge') # Location for all your certs, these can either be on the server (so full path name) or using ssh as for the ACL DOMAIN_CERT_LOCATION="ssh:server5:/etc/ssl/domain.crt" DOMAIN_KEY_LOCATION="ssh:server5:/etc/ssl/domain.key" #CA_CERT_LOCATION="/etc/ssl/chain.crt" #DOMAIN_CHAIN_LOCATION="" this is the domain cert and CA cert #DOMAIN_PEM_LOCATION="" this is the domain_key. domain cert and CA cert # The command needed to reload apache / nginx or whatever you use. # Several (ssh) commands may be given using a bash array: # RELOAD_CMD=('ssh:sshuserid@server5:systemctl reload httpd' 'logger getssl for server5 efficient.') RELOAD_CMD="service apache2 reload" # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp, # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which # will be checked for certificate expiry and also will be checked after # an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true #SERVER_TYPE="https" #CHECK_REMOTE="true" ``` 如果文件的位置以 `ssh:` 开头，则假定下一部分是主机名，后跟冒号，然后是路径。文件将使用 scp 安全复制，并假定您在服务器上有密钥（用于无密码访问）。您可以在 `.ssh/config` 文件中设置服务器的用户、端口等。如果 ACL 以 `ftp:` 或 `sftp:` 开头，则假定该行的格式为 "ftp:UserID:Password:servername:/path/to/acme-challenge"。 sftp 需要 sshpass。注意：FTP 仅可用于复制 token， **不能** 用于上传私钥或证书，因为它不是一种安全的传输方式。如果在远程服务器上使用，ssh 也可用于重载命令。可以通过用分号分隔位置来为文件定义多个位置。一个典型的配置文件，用于同一服务器上的 `example.com` 和 `www.example.com`，如下所示： ``` # uncomment and modify any variables you need # The staging server is best for testing CA="https://acme-staging-v02.api.letsencrypt.org" # This server issues full certificates, however has rate limits #CA="https://acme-v02.api.letsencrypt.org" # additional domains - this could be multiple domains / subdomains in a comma separated list SANS="www.example.com" #Acme Challenge Location. The first line for the domain, the following ones for each additional domain ACL=('/var/www/example.com/web/.well-known/acme-challenge') USE_SINGLE_ACL="true" DOMAIN_CERT_LOCATION="/etc/ssl/example.com.crt" DOMAIN_KEY_LOCATION="/etc/ssl/example.com.key" CA_CERT_LOCATION="/etc/ssl/example.com.bundle" RELOAD_CMD="service apache2 reload" ``` ## 自定义配置模板您可以创建和自定义一个模板，用于生成 `~/.getssl/yourdomain.com/getssl.cfg` 配置文件，而不是使用默认模板。根据您的 getssl 安装情况，创建以下允许的位置之一： ``` /etc/getssl/getssl_default.cfg /path/of/your/getssl/installation/getssl_default.cfg ~/.getssl/getssl_default.cfg ``` 并定义默认值，可选择使用动态变量，如下例所示： ``` # Additional domains - this could be multiple domains / subdomains in a comma separated list # Note: this is Additional domains - so should not include the primary domain. SANS="${EX_SANS}" ACL=('/home/myuser/${DOMAIN}/public_html/.well-known/acme-challenge') USE_SINGLE_ACL="true" RELOAD_CMD="sudo /bin/systemctl restart nginx.service" # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp, # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which # will be checked for certificate expiry and also will be checked after # an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true SERVER_TYPE="https" #CHECK_REMOTE="true" CHECK_REMOTE_WAIT="1" # wait 1 second before checking the remote server ``` ## 服务器类型 OpenSSL 内置支持从多种 SSL 服务获取证书，这些服务在 getssl 中可用于检查证书是否安装正确 | 服务器类型 | 端口 | 额外信息 | |------------------|------|--------------| | https | 443 | | | ftp | 21 | FTP 显式 | | ftpi | 990 | FTP 隐式 | | imap | 143 | StartTLS | | imaps | 993 | | | pop3 | 110 | StartTLS | | pop3s | 995 | | | smtp | 25 | StartTLS | | smtps_deprecated | 465 | | | smtps | 587 | StartTLS | | smtp_submission | 587 | StartTLS | | xmpp | 5222 | StartTLS | | xmpps | 5269 | | | ldaps | 6 | | | postgres | 5432 | | | 端口号 | | | ## 吊销证书通常不需要吊销证书。用法：`getssl -r path/to/cert path/to/key [CA_server]` 您需要指定要吊销的证书，以及用于签名/获取原始证书的账户或域名私钥。`CA_server` 是一个可选参数，默认为 Let's Encrypt ("")，因为这是目前唯一使用 ACME 协议的证书颁发机构。 ## 椭圆曲线密钥您可以为账户密钥和域名密钥使用椭圆曲线密钥（当然要不同，不要为两者使用相同的密钥）。prime256v1 (NIST P-256) 和 secp384r1 (NIST P-384) 都完全受支持。 secp521r1 (NIST P-521) 已包含在代码中，但目前不被 Let's Encrypt 支持。 ## 首选链如果 CA 提供多条链，则可以通过在 `getssl.cfg` 中使用 `PREFERRED_CHAIN` 变量或在调用 `getssl` 时指定 `--preferred-chain` 来选择使用哪条链。这使用通配符匹配，因此请求 "X1" 会返回 CA 返回的第一个包含文本 "X1" 的证书。注意，您可能需要转义任何特殊字符，例如： ` PREFERRED_CHAIN="$STAGING$ Doctored Durian Root CA X3"` * 暂存选项包括：" Doctored Durian Root CA X3" 和 " Pretend Pear X1" * 生产选项包括："ISRG Root X1" 和 "ISRG Root X2" ## 在证书链中包含根证书某些服务器，包括那些使用 Java keystores 的服务器，如果无法验证完整的签名者链，将不接受服务器证书。具体来说，Nutanix Prism (Element 和 Central) 在手动将根 CA 的证书附加到 `fullchain.crt` 之前，不会接受该文件。如果您的应用程序需要完整的链，即包括 CA 的根证书，那么可以通过在 `getssl.cfg` 中添加以下行将其包含在 `fullchain.crt` 文件中 ``` FULL_CHAIN_INCLUDE_ROOT="true" ``` ## Windows Server 和 IIS 支持 **系统和软件要求**： - 带有 DNS 和 IIS 服务的 Windows Server - 以下之一 - WSL (Windows Subsystem for Linux) - Ubuntu 或任何其他发行版 - getssl 可以安装在 WSL 内或使用 `/mnt/` 路径访问 Windows - Bash - getssl 应安装在 Windows 中 - Git Bash - - Rtools4.0 - **WSL** - 安装和配置 WSL 2 - 添加删除 Windows 功能并选择“Windows for sub Linux” - 安装像 Ubuntu 或任何其他 Linux 平台的发行版 - 如果是新添加到系统的，则需要重新启动才能继续 - wsl --install -d ubuntu - 任何用户均可 - 复制文件到 WSL - 从 Windows 打开 `Windows Explorer` 并浏览到 `\\wsl$\Ubuntu\home\user\`，然后将 getssl 文件和文件夹 `.getssl` 和 `getssl` 放入用户主目录 `\\wsl$\Ubuntu\home\user\.getssl .` 或在 Windows 中 - 在 Windows 中打开 `cmd` 并输入\ `wsl -d Ubuntu /bin/bash /home/UserName/getssl/getssl domain.eu && exit` - 如果未在 WSL 中设置为默认，使用特定发行版时请使用 `wsl -d distro` 命令 **注意：** - 配置 WSL 时，请检查 `/etc/hosts` 文件中的域名 IP 是否正确，因为它会覆盖 DNS 服务器。 - 确保运行的是版本 2。 **GIT Bash** - MINGW64_NT - 安装 git GIT Bash - `"C:\Program Files\Git\bin\bash.exe" --login -i -- path_to/getssl/getssl domain.eu` **Rtools Bash** - MSYS_NT - 确保 Windows 系统环境变量中 `\rtools42\usr\bin` 的路径位于 `c:\windows\system32\` 之前，以便 getssl 使用 `Rtools` 应用程序而不是 Windows 应用程序（例如 `sort.exe`，它可能会崩溃），或者指定 sort 的完整路径。 - `\rtools42\usr\bin\bash.exe \Users\Administrator\getssl\getssl domain.eu 2>&1 1>out.txt` **更新 DNS TXT 记录** - 使用 `PowerShell` 添加和删除 `_acme-challenge` 记录 - dns_add_windows_dnsserver - dns_del_windows_dnsserver **注意：** 脚本支持可选的二级 `TLDs`。`sub.domain.co.uk` 您可以更新正则表达式 `.(co|com).uk` 以满足您的需求。 **IIS internet information service** - 在 `other_scripts` 文件夹下，您可以找到一个 `PowerSheell` 脚本 `iis_install_certeficate.ps1`，它生成 `PFX` 证书以安装在 `IIS` 中，并将域名绑定到 `PFX` 证书。 - WSL - `RELOAD_CMD=("powershell.exe -ExecutionPolicy Bypass -File "\\\\wsl$\\Ubuntu\\home\\user\\getssl\\other_scripts\\iis_install_certeficate.ps1" "domain.eu" "IIS SiteName" "\\\\wsl$\\Ubuntu\\home\\user\\ssl\\" "path_to_ssl_dir" )` - GIT and Rtools4 Bash - `RELOAD_CMD=("powershell.exe /c/Users/Administrator/getssl/other_scripts/iis_install_certeficate.ps1 domain.eu domain path_to_ssl_dir")` ## 构建为 RPM 包为了将 getssl 构建为 RPM，程序必须被压缩成一个 tar.gz 文件，并且 tar.gz 文件的命名必须与关联的 .spec 文件中包含的版本信息相匹配。 Spec 文件是特殊文件，包含有关如何从源代码归档构建特定包的说明。在 Red Hat、CentOS、Oracle Linux 和 AWS Linux 系统上，RPMS 在 /root/rpmbuild/ 顶级目录中构建。SuSe 系统在 /usr/src/packages/ 作为顶级目录构建 RPMS。这些“顶级目录”将包含 BUILD、BUILDROOT、SPECS、RPMS、SRPMS 和 SOURCES 子目录。 SPECS 目录包含用于构建 RPMS 和 SRPMS 包的 \*.spec 文件。SOURCES 子目录将包含用于构建 RPM 包的 \*.spec 文件中引用的源代码归档文件。有关安装源代码 rpm（它将 .spec 文件和源代码归档文件安装到 rpm 构建顶级目录（即 /root/rpmbuild/））的说明，请参见 [快速入门指南](#quick-start-guide)。在尝试构建 rpm 之前，您应该已经安装了 src.rpm 文件。您也可以手动将 .spec 文件安装到 \/SPECS/ 目录，并将源代码 tarball 安装到 \ ``` 如果构建成功，程序应输出以下内容并验证程序写入了 RPMS 和 SRPMS 包： ``` Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.BYQw0V + umask 022 + cd /root/rpmbuild/BUILD + cd /root/rpmbuild/BUILD + rm -rf getssl-2.49 + /usr/bin/gzip -dc /root/rpmbuild/SOURCES/getssl-2.49.tar.gz + /usr/bin/tar -xof - + STATUS=0 + '[' 0 -ne 0 ']' + cd getssl-2.49 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.xpA456 + umask 022 + cd /root/rpmbuild/BUILD + cd getssl-2.49 + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.zQs24R + umask 022 + cd /root/rpmbuild/BUILD + '[' /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 '!=' / ']' + rm -rf /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 ++ dirname /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 + mkdir -p /root/rpmbuild/BUILDROOT + mkdir /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 + cd getssl-2.49 + '[' -n /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 -a /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 '!=' / ']' + /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/bin + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/other_scripts + /usr/bin/make DESTDIR=/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 install mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 install -Dvm755 getssl /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/bin/getssl 'getssl' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/bin/getssl' install -dvm755 /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl for dir in *_scripts; do install -dv /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/$dir; install -pv $dir/* /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/$dir/; done 'dns_scripts/Azure-README.txt' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/Azure-README.txt' 'dns_scripts/Cloudflare-README.md' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/Cloudflare-README.md' 'dns_scripts/DNS_IONOS.md' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/DNS_IONOS.md' 'dns_scripts/DNS_ROUTE53.md' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/DNS_ROUTE53.md' 'dns_scripts/GoDaddy-README.txt' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/GoDaddy-README.txt' 'dns_scripts/dns_add_acmedns' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_acmedns' 'dns_scripts/dns_add_azure' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_azure' 'dns_scripts/dns_add_challtestsrv' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_challtestsrv' 'dns_scripts/dns_add_clouddns' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_clouddns' 'dns_scripts/dns_add_cloudflare' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_cloudflare' 'dns_scripts/dns_add_cpanel' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_cpanel' 'dns_scripts/dns_add_del_aliyun.sh' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_del_aliyun.sh' 'dns_scripts/dns_add_dnspod' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_dnspod' 'dns_scripts/dns_add_duckdns' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_duckdns' 'dns_scripts/dns_add_dynu' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_dynu' 'dns_scripts/dns_add_godaddy' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_godaddy' 'dns_scripts/dns_add_hostway' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_hostway' 'dns_scripts/dns_add_ionos' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_ionos' 'dns_scripts/dns_add_ispconfig' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_ispconfig' 'dns_scripts/dns_add_joker' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_joker' 'dns_scripts/dns_add_lexicon' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_lexicon' 'dns_scripts/dns_add_linode' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_linode' 'dns_scripts/dns_add_manual' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_manual' 'dns_scripts/dns_add_nsupdate' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_nsupdate' 'dns_scripts/dns_add_ovh' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_ovh' 'dns_scripts/dns_add_pdns-mysql' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_pdns-mysql' 'dns_scripts/dns_add_vultr' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_vultr' 'dns_scripts/dns_add_windows_dns_server' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_add_windows_dns_server' 'dns_scripts/dns_del_acmedns' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_acmedns' 'dns_scripts/dns_del_azure' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_azure' 'dns_scripts/dns_del_challtestsrv' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_challtestsrv' 'dns_scripts/dns_del_clouddns' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_clouddns' 'dns_scripts/dns_del_cloudflare' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_cloudflare' 'dns_scripts/dns_del_cpanel' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_cpanel' 'dns_scripts/dns_del_dnspod' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_dnspod' 'dns_scripts/dns_del_duckdns' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_duckdns' 'dns_scripts/dns_del_dynu' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_dynu' 'dns_scripts/dns_del_godaddy' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_godaddy' 'dns_scripts/dns_del_hostway' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_hostway' 'dns_scripts/dns_del_ionos' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_ionos' 'dns_scripts/dns_del_ispconfig' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_ispconfig' 'dns_scripts/dns_del_joker' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_joker' 'dns_scripts/dns_del_lexicon' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_lexicon' 'dns_scripts/dns_del_linode' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_linode' 'dns_scripts/dns_del_manual' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_manual' 'dns_scripts/dns_del_nsupdate' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_nsupdate' 'dns_scripts/dns_del_ovh' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_ovh' 'dns_scripts/dns_del_pdns-mysql' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_pdns-mysql' 'dns_scripts/dns_del_vultr' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_vultr' 'dns_scripts/dns_del_windows_dns_server' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_del_windows_dns_server' 'dns_scripts/dns_freedns.sh' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_freedns.sh' 'dns_scripts/dns_godaddy' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_godaddy' 'dns_scripts/dns_route53.py' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/dns_route53.py' 'dns_scripts/ispconfig_soap.php' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/dns_scripts/ispconfig_soap.php' 'other_scripts/cpanel_cert_upload' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/other_scripts/cpanel_cert_upload' 'other_scripts/iis_install_certeficate.ps1' -> '/root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/usr/share/getssl/other_scripts/iis_install_certeficate.ps1' + install -Dpm 644 /root/rpmbuild/SOURCES/getssl.crontab /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/etc/cron.d/getssl + install -Dpm 644 /root/rpmbuild/SOURCES/getssl.logrotate /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64/etc/logrotate.d/getssl + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-ldconfig /sbin/ldconfig: Warning: ignoring configuration file that cannot be opened: /etc/ld.so.conf: No such file or directory + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/brp-python-bytecompile '' 1 + /usr/lib/rpm/brp-python-hardlink + /usr/bin/true Processing files: getssl-2.49-1.noarch Provides: getssl = 2.49-1 Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(pre): /bin/sh Requires(post): /bin/sh Requires(preun): /bin/sh Requires(postun): /bin/sh Requires: /bin/bash /usr/bin/env Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 Wrote: /root/rpmbuild/SRPMS/getssl-2.49-1.src.rpm Wrote: /root/rpmbuild/RPMS/noarch/getssl-2.49-1.noarch.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.hgma8Q + umask 022 + cd /root/rpmbuild/BUILD + cd getssl-2.49 + /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/getssl-2.49-1.x86_64 + exit 0 ``` ## 构建为 Debian 包为了将 getssl 构建为 Debian 包，程序必须被压缩成一个 tar.gz 文件，并且 tar.gz 文件的命名必须与关联的 .spec 文件中包含的版本信息相匹配。Spec 文件是特殊文件，包含有关如何从源代码归档构建特定包的说明。可以使用名为 "debbuild" 的实用程序构建 Debian 包，并使用与 RPM 工具类似的顶级目录结构，但使用 /root/debbuild/ 作为“顶级目录”。这些“顶级目录”将包含 BUILD、BUILDROOT、SPECS、DEBS、SDEBS 和 SOURCES 子目录，并遵循与 RPM 文件类似的布局。 SPECS 目录包含用于构建 DEB 和 SDEB 包的 \*.spec 文件。SOURCES 子目录将包含用于构建 DEB 和 SDEB 包的 \*.spec 文件中引用的源代码归档文件。有关安装源代码 SDEB（它将 .spec 文件和源代码归档文件安装到 debbuild 顶级目录（即 /root/debbuild/））的说明，请参见 [快速入门指南](#quick-start-guide)。在尝试构建 DEB 包之前，您应该已经安装了 SDEB 文件。您也可以手动将 .spec 文件安装到 \/SPECS/ 目录，并将源代码 tarball 安装到 \ ``` 如果构建成功，程序应输出以下内容并验证程序写入了 DEB 和 SDEB 包： ``` This is debbuild, version 22.02.1\ndebconfigdir:/usr/lib/debbuild\nsysconfdir:/etc\n Lua: No Lua module loaded Executing (%prep): /bin/sh -e /var/tmp/deb-tmp.prep.92007 + umask 022 + cd /root/debbuild/BUILD + /bin/rm -rf getssl-2.49 + /bin/gzip -dc /root/debbuild/SOURCES/getssl-2.49.tar.gz + /bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd getssl-2.49 + /bin/chmod -Rf a+rX,u+w,go-w . + exit 0 Executing (%build): /bin/sh -e /var/tmp/deb-tmp.build.40956 + umask 022 + cd /root/debbuild/BUILD + cd getssl-2.49 + exit 0 Executing (%install): /bin/sh -e /var/tmp/deb-tmp.install.36647 + umask 022 + cd /root/debbuild/BUILD + cd getssl-2.49 + '[' -n /root/debbuild/BUILDROOT/getssl-2.49-1.amd64 -a /root/debbuild/BUILDROOT/getssl-2.49-1.amd64 '!=' / ']' + /bin/rm -rf /root/debbuild/BUILDROOT/getssl-2.49-1.amd64 + /bin/mkdir -p /root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/bin + /bin/mkdir -p /root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts + /bin/mkdir -p /root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/other_scripts + /usr/bin/make DESTDIR=/root/debbuild/BUILDROOT/getssl-2.49-1.amd64 install mkdir -p /root/debbuild/BUILDROOT/getssl-2.49-1.amd64 install -Dvm755 getssl /root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/bin/getssl 'getssl' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/bin/getssl' install -dvm755 /root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl for dir in *_scripts; do install -dv /root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/$dir; install -pv $dir/* /root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/$dir/; done 'dns_scripts/Azure-README.txt' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/Azure-README.txt' 'dns_scripts/Cloudflare-README.md' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/Cloudflare-README.md' 'dns_scripts/DNS_IONOS.md' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/DNS_IONOS.md' 'dns_scripts/DNS_ROUTE53.md' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/DNS_ROUTE53.md' 'dns_scripts/GoDaddy-README.txt' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/GoDaddy-README.txt' 'dns_scripts/dns_add_acmedns' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_acmedns' 'dns_scripts/dns_add_azure' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_azure' 'dns_scripts/dns_add_challtestsrv' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_challtestsrv' 'dns_scripts/dns_add_clouddns' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_clouddns' 'dns_scripts/dns_add_cloudflare' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_cloudflare' 'dns_scripts/dns_add_cpanel' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_cpanel' 'dns_scripts/dns_add_del_aliyun.sh' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_del_aliyun.sh' 'dns_scripts/dns_add_dnspod' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_dnspod' 'dns_scripts/dns_add_duckdns' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_duckdns' 'dns_scripts/dns_add_dynu' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_dynu' 'dns_scripts/dns_add_godaddy' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_godaddy' 'dns_scripts/dns_add_hostway' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_hostway' 'dns_scripts/dns_add_ionos' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_ionos' 'dns_scripts/dns_add_ispconfig' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_ispconfig' 'dns_scripts/dns_add_joker' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_joker' 'dns_scripts/dns_add_lexicon' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_lexicon' 'dns_scripts/dns_add_linode' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_linode' 'dns_scripts/dns_add_manual' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_manual' 'dns_scripts/dns_add_nsupdate' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_nsupdate' 'dns_scripts/dns_add_ovh' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_ovh' 'dns_scripts/dns_add_pdns-mysql' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_pdns-mysql' 'dns_scripts/dns_add_vultr' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_vultr' 'dns_scripts/dns_add_windows_dns_server' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_add_windows_dns_server' 'dns_scripts/dns_del_acmedns' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_acmedns' 'dns_scripts/dns_del_azure' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_azure' 'dns_scripts/dns_del_challtestsrv' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_challtestsrv' 'dns_scripts/dns_del_clouddns' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_clouddns' 'dns_scripts/dns_del_cloudflare' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_cloudflare' 'dns_scripts/dns_del_cpanel' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_cpanel' 'dns_scripts/dns_del_dnspod' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_dnspod' 'dns_scripts/dns_del_duckdns' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_duckdns' 'dns_scripts/dns_del_dynu' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_dynu' 'dns_scripts/dns_del_godaddy' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_godaddy' 'dns_scripts/dns_del_hostway' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_hostway' 'dns_scripts/dns_del_ionos' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_ionos' 'dns_scripts/dns_del_ispconfig' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_ispconfig' 'dns_scripts/dns_del_joker' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_joker' 'dns_scripts/dns_del_lexicon' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_lexicon' 'dns_scripts/dns_del_linode' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_linode' 'dns_scripts/dns_del_manual' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_manual' 'dns_scripts/dns_del_nsupdate' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_nsupdate' 'dns_scripts/dns_del_ovh' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_ovh' 'dns_scripts/dns_del_pdns-mysql' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_pdns-mysql' 'dns_scripts/dns_del_vultr' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_vultr' 'dns_scripts/dns_del_windows_dns_server' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_del_windows_dns_server' 'dns_scripts/dns_freedns.sh' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_freedns.sh' 'dns_scripts/dns_godaddy' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_godaddy' 'dns_scripts/dns_route53.py' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/dns_route53.py' 'dns_scripts/ispconfig_soap.php' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/dns_scripts/ispconfig_soap.php' 'other_scripts/cpanel_cert_upload' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/other_scripts/cpanel_cert_upload' 'other_scripts/iis_install_certeficate.ps1' -> '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/usr/share/getssl/other_scripts/iis_install_certeficate.ps1' + install -Dpm 644 /root/debbuild/SOURCES/getssl.crontab /root/debbuild/BUILDROOT/getssl-2.49-1.amd64/etc/cron.d/getssl + install -Dpm 644 /root/debbuild/SOURCES/getssl.logrotate /root/debbuild/BUILDROOT/getssl-2.49-1.amd64/etc/logrotate.d/getssl + exit 0 Checking library requirements... Executing (package-creation): /bin/sh -e /var/tmp/deb-tmp.pkg.6107 for getssl + umask 022 + cd /root/debbuild/BUILD + /usr/bin/fakeroot -- /usr/bin/dpkg-deb -b /root/debbuild/BUILDROOT/getssl-2.49-1.amd64/main /root/debbuild/DEBS/all/getssl_2.49-1_all.deb dpkg-deb: warning: parsing file '/root/debbuild/BUILDROOT/getssl-2.49-1.amd64/main/DEBIAN/control' near line 10 package 'getssl': missing 'Maintainer' field dpkg-deb: warning: ignoring 1 warning about the control file(s) dpkg-deb: building package 'getssl' in '/root/debbuild/DEBS/all/getssl_2.49-1_all.deb'. + exit 0 Executing (%clean): /bin/sh -e /var/tmp/deb-tmp.clean.52780 + umask 022 + cd /root/debbuild/BUILD + '[' /root/debbuild/BUILDROOT/getssl-2.49-1.amd64 '!=' / ']' + /bin/rm -rf /root/debbuild/BUILDROOT/getssl-2.49-1.amd64 + exit 0 Wrote source package getssl-2.49-1.sdeb in /root/debbuild/SDEBS. Wrote binary package getssl_2.49-1_all.deb in /root/debbuild/DEBS/all ``` ## 问题 / 故障 / 帮助如果您有任何问题，请在记录 [wiki](https://github.com/srvrco/getssl/wiki) 上有更多帮助页面如果您有任何改进建议，欢迎提交 pull request，或提出 issue。

标签：ACME协议, Bash, ECC椭圆曲线, HTTPS, Let's Encrypt, Linux运维, Shell脚本, SSL证书, Wildcard证书, 公钥基础设施, 内存分配, 加密, 域名验证, 安全测试工具, 应用安全, 服务器配置, 漏洞扫描器, 网络安全, 证书管理, 远程服务器, 隐私保护