You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2021/05/26 01:51:10 UTC

[apisix] branch master updated: docs: show how to auto renew SSL cert via acme.sh (#4297)

This is an automated email from the ASF dual-hosted git repository.

spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 8487636  docs: show how to auto renew SSL cert via acme.sh (#4297)
8487636 is described below

commit 8487636080e251d32e9932b0af4567c2cc57d641
Author: AnJia <an...@gmail.com>
AuthorDate: Wed May 26 09:51:03 2021 +0800

    docs: show how to auto renew SSL cert via acme.sh (#4297)
    
    Fix #3841
---
 docs/en/latest/FAQ.md | 15 +++++++++++++++
 docs/zh/latest/FAQ.md | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/docs/en/latest/FAQ.md b/docs/en/latest/FAQ.md
index 38668ad..8aef116 100644
--- a/docs/en/latest/FAQ.md
+++ b/docs/en/latest/FAQ.md
@@ -487,3 +487,18 @@ apisix:
 Restart or reload APISIX, all IPs can access the `Admin API`.
 
 **Note: You can use this method in a non-production environment to allow all clients from anywhere to access your `Apache APISIX` instances, but it is not safe to use it in a production environment. In production environment, please only authorize specific IP addresses or address ranges to access your instance.**
+
+## How to auto renew SSL cert via acme.sh
+
+```bash
+$ curl --output /root/.acme.sh/renew-hook-update-apisix.sh --silent https://gist.githubusercontent.com/anjia0532/9ebf8011322f43e3f5037bc2af3aeaa6/raw/65b359a4eed0ae990f9188c2afa22bacd8471652/renew-hook-update-apisix.sh
+
+$ chmod +x /root/.acme.sh/renew-hook-update-apisix.sh
+
+$ acme.sh  --issue  --staging  -d demo.domain --renew-hook "/root/.acme.sh/renew-hook-update-apisix.sh  -h http://apisix-admin:port -p /root/.acme.sh/demo.domain/demo.domain.cer -k /root/.acme.sh/demo.domain/demo.domain.key -a xxxxxxxxxxxxx"
+
+$ acme.sh --renew --domain demo.domain
+
+```
+
+Blog https://juejin.cn/post/6965778290619449351 has detail setup.
diff --git a/docs/zh/latest/FAQ.md b/docs/zh/latest/FAQ.md
index 54e7617..f39150f 100644
--- a/docs/zh/latest/FAQ.md
+++ b/docs/zh/latest/FAQ.md
@@ -486,3 +486,18 @@ apisix:
 重启或 reload APISIX,所有 IP 便可以访问 `Admin API`。
 
 **注意:您可以在非生产环境中使用此方法,以允许所有客户端从任何地方访问您的 `Apache APISIX` 实例,但是在生产环境中使用它并不安全。在生产环境中,请仅授权特定的 IP 地址或地址范围访问您的实例。**
+
+## 基于 acme.sh 自动更新 apisix ssl 证书
+
+```bash
+$ curl --output /root/.acme.sh/renew-hook-update-apisix.sh --silent https://gist.githubusercontent.com/anjia0532/9ebf8011322f43e3f5037bc2af3aeaa6/raw/65b359a4eed0ae990f9188c2afa22bacd8471652/renew-hook-update-apisix.sh
+
+$ chmod +x /root/.acme.sh/renew-hook-update-apisix.sh
+
+$ acme.sh  --issue  --staging  -d demo.domain --renew-hook "~/.acme.sh/renew-hook-update-apisix.sh  -h http://apisix-admin:port -p /root/.acme.sh/demo.domain/demo.domain.cer -k /root/.acme.sh/demo.domain/demo.domain.key -a xxxxxxxxxxxxx"
+
+$ acme.sh --renew --domain demo.domain
+
+```
+
+详细步骤,可以参考博客 https://juejin.cn/post/6965778290619449351