使用 acme.sh 签发 Actalis DV Server ACME CA G1 域名证书

这是一家由 Actalis DV Server ACME CA G1 签发的单域名 90 天 DV 证书……

前因

去年年底的时候在寻找邮件签名证书的过程中发现了 Actalis 公司,在其中发现其也有提供单域名 90 天 DV 证书的免费计划。

在一番了解之下发现貌似其就是 aruba 的一个公司,可惜的是在我使用十年前注册的 aruba 云的账号登录时发现已经无法登录。鉴于使用之前注册的邮箱进行找回的操作也以失败告终的结果,所谓的强迫症导致我一直将其搁置至今。

后果

申请步骤

  1. 安装 acme.sh 脚本 
    curl https://get.acme.sh | sh -s email=admin@xxx

    admin@xxx:邮箱地址,这里我使用的邮箱与在SSL.com上的账号相同,如果需要在多个CA中都申请域名证书或许都会用一个邮箱吧。
    输出:

    Install success!

    之前已经安装过,这里就借用吧!

  2. 在 Actalis 中注册
    需要先在 Actalis 官网注册一个账号,并且开通一个计划才能使用。

    /root/.acme.sh/acme.sh --register-account  --server https://acme-api.actalis.com/acme/directory --eab-kid "******" --eab-hmac-key "******"

    执行途中发现这里需要使用引号括起,可能是--eab-hmac-key中有特殊符号的缘故。

    输出:

    [Wed Apr  8 04:37:09 EDT 2026] Registering account: https://acme-api.actalis.com/acme/directory
[Wed Apr  8 04:37:11 EDT 2026] Registered
[Wed Apr  8 04:37:11 EDT 2026] ACCOUNT_THUMBPRINT='******'
  3. 申请证书 
    /root/.acme.sh/acme.sh --server https://acme-api.actalis.com/acme/directory --keylength ec-384 --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --issue -d www.cyzwb.com -d cyzwb.com

    --keylength:需要申请ECC证书则使用该参数.
    --yes-I-know-dns-manual-mode-enough-go-ahead-please:手动添加TXT解析记录。
    -d:后面就是要申请证书的域名。

    注:免费计划只支持单域名。

    输出:

    [Wed Apr  8 04:52:01 EDT 2026] Using CA: https://acme-api.actalis.com/acme/directory
[Wed Apr  8 04:52:01 EDT 2026] Creating domain key
[Wed Apr  8 04:52:01 EDT 2026] The domain key is here: /root/.acme.sh/www.cyzwb.com_ecc/www.cyzwb.com.key
[Wed Apr  8 04:52:01 EDT 2026] Multi domain='DNS:www.cyzwb.com,DNS:cyzwb.com'
[Wed Apr  8 04:52:08 EDT 2026] Getting webroot for domain='www.cyzwb.com'
[Wed Apr  8 04:52:08 EDT 2026] Getting webroot for domain='cyzwb.com'
[Wed Apr  8 04:52:08 EDT 2026] Add the following TXT record:
[Wed Apr  8 04:52:08 EDT 2026] Domain: '_acme-challenge.www.cyzwb.com'
[Wed Apr  8 04:52:08 EDT 2026] TXT value: 'T6wwQYYSt2VHSgVVbokrKf037SdMIURNQbksLdXztqU'
[Wed Apr  8 04:52:08 EDT 2026] Please make sure to prepend '_acme-challenge.' to your domain
[Wed Apr  8 04:52:08 EDT 2026] so that the resulting subdomain is: _acme-challenge.www.cyzwb.com
[Wed Apr  8 04:52:08 EDT 2026] Add the following TXT record:
[Wed Apr  8 04:52:08 EDT 2026] Domain: '_acme-challenge.cyzwb.com'
[Wed Apr  8 04:52:08 EDT 2026] TXT value: '-FAw-MmMhlI0nWYsc45deChX7DqrCVum7KComqfiyug'
[Wed Apr  8 04:52:08 EDT 2026] Please make sure to prepend '_acme-challenge.' to your domain
[Wed Apr  8 04:52:08 EDT 2026] so that the resulting subdomain is: _acme-challenge.cyzwb.com
[Wed Apr  8 04:52:08 EDT 2026] Please add the TXT records to the domains, and re-run with --renew.
[Wed Apr  8 04:52:08 EDT 2026] Please add '--debug' or '--log' to see more information.
[Wed Apr  8 04:52:08 EDT 2026] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

    手动去添加/修改对应的解析记录,到时候有效期缩短至47天的时候看来就要让其自动化了。

  4. 验证 TXT 解析

    5. 加参数再次执行即可。

    /root/.acme.sh/acme.sh --server https://acme-api.actalis.com/acme/directory --keylength ec-384 --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --issue -d www.cyzwb.com -d cyzwb.com --renew

    输出:

    [Wed Apr  8 04:54:15 EDT 2026] The domain 'www.cyzwb.com' seems to already have an ECC cert, let's use it.
[Wed Apr  8 04:54:15 EDT 2026] Renewing: 'www.cyzwb.com'
[Wed Apr  8 04:54:15 EDT 2026] Renewing using Le_API=https://acme-api.actalis.com/acme/directory
[Wed Apr  8 04:54:16 EDT 2026] Using CA: https://acme-api.actalis.com/acme/directory
[Wed Apr  8 04:54:16 EDT 2026] Multi domain='DNS:www.cyzwb.com,DNS:cyzwb.com'
[Wed Apr  8 04:54:16 EDT 2026] Verifying: www.cyzwb.com
[Wed Apr  8 04:54:20 EDT 2026] Success
[Wed Apr  8 04:54:20 EDT 2026] Verifying: cyzwb.com
[Wed Apr  8 04:54:22 EDT 2026] Success
[Wed Apr  8 04:54:22 EDT 2026] Verification finished, beginning signing.
[Wed Apr  8 04:54:22 EDT 2026] Let's finalize the order.
[Wed Apr  8 04:54:22 EDT 2026] Le_OrderFinalize='https://acme-api.actalis.com/acme/order/***/finalize'
[Wed Apr  8 04:54:28 EDT 2026] Downloading cert.
[Wed Apr  8 04:54:28 EDT 2026] Le_LinkCert='https://acme-api.actalis.com/acme/cert/***'
[Wed Apr  8 04:54:29 EDT 2026] Cert success.
-----BEGIN CERTIFICATE-----
************************************
************************************
************************************
************************************
-----END CERTIFICATE-----
[Wed Apr  8 04:54:29 EDT 2026] Your cert is in: /root/.acme.sh/www.cyzwb.com_ecc/www.cyzwb.com.cer
[Wed Apr  8 04:54:29 EDT 2026] Your cert key is in: /root/.acme.sh/www.cyzwb.com_ecc/www.cyzwb.com.key
[Wed Apr  8 04:54:29 EDT 2026] The intermediate CA cert is in: /root/.acme.sh/www.cyzwb.com_ecc/ca.cer
[Wed Apr  8 04:54:29 EDT 2026] And the full-chain cert is in: /root/.acme.sh/www.cyzwb.com_ecc/fullchain.cer

    至此成功下发由 Actalis DV Server ACME CA G1 签发的域名证书!

题外话

本来应该在本月5号时就申请并记录成文的,但鉴于不想于上一篇文章在同一天,因此就拖延到了今日……

在证书链上来说,这 Actalis 的证书链比 SSL.com 的较为简短,不过有免费的得以白嫖就不要这么在意这个证书链的差距了。

发布者

ChiuYut

咦?我是谁?这是什么地方? Ya ha!我是ChiuYut!这里是我的小破站!