使用 agnos 更新域名证书(不需要 NS Token)
https://github.com/krtab/agnos
# 获取 agnos 工具
curl -fsL -o /usr/local/bin/agnos https://github.com/krtab/agnos/releases/download/v0.1.0-beta.3/agnos_amd64
chmod +x /usr/local/bin/agnos
# 创建保存目录
mkdir /opt/agnos
cd /opt/agnos
# 生成密钥
openssl genrsa 4096 > priv_key.pem
# 下载配置文件
curl -fsL -o config.toml https://github.com/krtab/agnos/blob/main/config_example.toml
# 获取当前 IP
__MY_IP=$(curl -s ifconfig.me)
# 修改 config.toml 中的 dns_listen_adr
sed -i "s/dns_listen_adr = \".*/dns_listen_adr = \"$__MY_IP:53\"/" config.toml
# 设置 EMAIL
__MY_EMAIL=jetsung@outlook.com
sed -i "s/email= \".*/email = \"$__MY_EMAIL\"/" config.toml
# 删除 cert_key_A.pem 这一行之后的内容
sed -i '/cert_key_A.pem/q' config.toml
# 创建证书保存目录
mkdir ssl
# 修改域名
__MY_DOMAIN=jetsung.com
sed -i "s/domains =[[:space:]]\+\[.*/domains = [ \"$__MY_DOMAIN\", \"\*\.$__MY_DOMAIN\" ]/g" config.toml
sed -i "s/fullchain_output_file = \".*/fullchain_output_file = \"ssl\/fullchain_${__MY_DOMAIN}.pem\"/" config.toml
sed -i "s/key_output_file = \".*/key_output_file = \"ssl\/cert_key_${__MY_DOMAIN}.pem\"/" config.toml