作者:张富春(ahfuzhang),转载时请注明作者和引用链接,谢谢!
接上一篇:《使用 terraform, 在 Let's Encrypt 上申请托管在 cloudflare 上的域名对应的证书》
直接贴代码:
- zerossl.tf
terraform {
required_providers {
acme = {
source = "vancluever/acme"
version = "~> 2.15"
}
}
}
provider "acme" {
server_url = "https://acme.zerossl.com/v2/DV90"
}
resource "tls_private_key" "private_key" {
algorithm = "RSA"
}
resource "acme_registration" "reg" {
account_key_pem = tls_private_key.private_key.private_key_pem
email_address = "nobody@ahfiu-zhang.com"
external_account_binding {
key_id = " xxxx" // zerossl 网站上的用户 id 和密码
hmac_base64 = "xxxx"
}
}
resource "acme_certificate" "certificate" {
account_key_pem = acme_registration.reg.account_key_pem
common_name = "ahfiu-zhang.com"
dns_challenge {
provider = "cloudflare"
config = {
CLOUDFLARE_DNS_API_TOKEN = "在 cloudflare 站点上申请 token"
#CF_ZONE_API_TOKEN = "xxxxx"
# 上面一行一定不要加,加了就会出现错误: cloudflare: failed to find zone ahfu-zhang.com: ListZonesContext command failed
CLOUDFLARE_TTL = "150" #cloudflare: invalid TTL, TTL (60) must be greater than 120
}
}
}
output "certificate_pem" {
description = "The certificate in PEM format."
value = acme_certificate.certificate.certificate_pem
}
output "fullchain_pem" {
description = "The certificate concatenated with the intermediate certificate of the issuer."
value = join("", [
acme_certificate.certificate.certificate_pem,
acme_certificate.certificate.issuer_pem
])
}
output "issuer_pem" {
description = "The intermediate certificate of the issuer."
value = acme_certificate.certificate.issuer_pem
}
output "private_key_pem" {
description = "The certificate's private key, in PEM format."
#value = tls_private_key.certificate.private_key_pem
value = tls_private_key.private_key.private_key_pem
sensitive = true
}
- zerossl 上申请证书,需要提供 eab 账号。
执行命令来运行:
terraform init
terraform validate && terraform plan
terraform apple -auto-approve