a-kang Information™ 免費申請 Let's Encrypt、ZeroSSL 等 SSL 憑證a-kang Information™ Free SSL certificates from Let's Encrypt, ZeroSSL and more
⚡
簡單易用
Easy to Use
無需註冊帳號,點擊幾下即可完成
No registration required, just a few clicks
🛡️
安全可靠
Secure & Safe
開源透明,資料不會傳送到第三方
Open source, no data sent to third parties
🌐
支援多域名
Multi-Domain
支援通配符域名和多域名憑證
Wildcard and multi-domain certificates
重要提醒:Important:免費憑證有效期限90天,需手動續約,或使用 a-kang Information™ 的 AutoUpdate.exe 自動續約更新The free certificate is valid for 90 days and requires manual renewal, or can be automatically renewed using a-kang Information™'s AutoUpdate.exe.
步驟一:選擇憑證頒發機構Step 1: Select Certificate Authority
*選擇憑證頒發機構:Choose Certificate Authority:
Let's Encrypt:
請按照下面的操作步驟提示進行申請即可得到憑證,憑證有效期 90 天。Please follow the operation steps prompts below to apply, and you can get
the certificate, which is valid for 90 days.
ZeroSSL:
此URL可能需要先根據下面的提示進行操作來消除跨域不能存取的問題。This URL may need to be operated according to the prompts below to
eliminate the problem of cross-domain inaccessibility.申請憑證前,你需要根據ZeroSSL的官方說明文件,先註冊 ZeroSSL 帳號並產生一個 EAB 憑證,每次申請憑證時使用此 EAB 憑證,按照下面的操作步驟提示進行申請即可得到憑證,憑證有效期 90 天。Before applying for a certificate, you need to follow ZeroSSL's official documents,
register a ZeroSSL account and generate an EAB credential, and use this EAB credential every
time you apply for a certificate, follow the operation steps prompts below to apply, and you
can get the certificate, which is valid for 90 days.
Google Trust Services:
此URL可能需要先根據下面的提示進行操作來消除跨域不能存取的問題。This URL may need to be operated according to the prompts below to
eliminate the problem of cross-domain inaccessibility.申請憑證前,你需要根據 Google 的官方說明文件,在 Google Cloud 中產生 EAB 憑證,每次申請憑證時使用此 EAB 憑證,按照下面的操作步驟提示進行申請即可得到憑證,憑證有效期 90 天。Before applying for a certificate, you need to follow Google's official documents, generate an EAB credential in Google Cloud, and
use this EAB credential every time you apply for a certificate, follow the operation steps
prompts below to apply, and you can get the certificate, which is valid for 90 days.注意:因為同一個 Google EAB 憑證只能綁定到一個 ACME 帳戶(私鑰),因此你在首次申請憑證時,必須同時儲存在第二步驟操作中新建立的或手動填寫的 ACME 帳戶私鑰,下次申請憑證時使用此 EAB 憑證必須和已儲存的 ACME 帳戶私鑰一起使用。Note: Because the same Google EAB credential can only be bound to one
ACME account (Private key), when you apply for a certificate for the first time, you must also save the newly generated or
manually filled ACME account private key in the second step, this EAB
credential must be used together with the saved ACME account private key when applying
for a certificate next time.
請給每個網域選擇一個你適當的驗證方式(建議採用 DNS 驗證,比較簡單和通用),然後根據顯示的提示完成對應的設定操作。Please select a suitable verification method for each domain name (DNS Verify
is recommended, which is relatively simple and common), and then complete the corresponding
configuration operations according to the displayed prompts.
請每個網域選擇好對應的驗證方式,依照顯示的提示進行對應的設定操作;必須所有網域配置完成後,再來點選下面的「開始驗證」按鈕進行驗證,如果驗證失敗,需要返回第二步重新開始操作。Please select the corresponding verify method for each domain name, and
perform the corresponding configuration operation according to the displayed prompts; after all domain names are configured, click the "Start Verify"
button below to verify, if the verify fails, you need to go back to the step 2
Start the operation.
開始驗證Start Verify取消Cancel重試Retry
步驟四:下載儲存憑證 PEM 檔案Step 4: Download and save the certificate PEM file
必須儲存此檔案,請點選下載按鈕下載,或將憑證文字內容複製儲存為檔案(PEM 純文字格式);檔案副檔名可改成 .crt 或 .cer,這樣在 Windows 中能直接雙擊開啟查看。本 PEM 格式檔案已包含你的網域憑證、和完整憑證鏈,檔案中第一個 CERTIFICATE 為你的網域憑證,後面的為憑證頒發機構的中間憑證和根憑證,如果有需要您可以自行拆分成多個 .pem 檔案。This file must be saved, please click the
download button to download, or copy the text content of the certificate and save it as file (PEM plain text format); the file name suffix
can be changed to .crt or .cer , so that it can be
directly double-clicked to open and view in Windows. This PEM format file already contains
your domain name certificate and complete certificate chain. The first CERTIFICATE in the
text is your domain name certificate, followed by the intermediate certificate and root
certificate of the certificate authority, if necessary, you can split it into multiple .pem
files.
下載儲存Download
*儲存憑證私鑰 KEY 檔案:Save the certificate private key KEY file:
請點選下載按鈕下載,或將私鑰文字內容複製儲存為 檔案(PEM 純文字格式,.key 副檔名可自行修改成 .pem)。如果第二步操作中你手動填寫了憑證私鑰,此處的憑證私鑰和你填寫的是完全一樣的,可以不需要重複儲存;如果你是新建立的憑證私鑰,則你必須下載儲存此憑證私鑰檔案。Please click the download button to download, or copy and save the text
content of the private key as file (PEM plain text
format, the .key suffix can be modified to .pem by yourself). If you manually filled in the
certificate private key in the step 2, the certificate private key here is exactly the same
as what you filled in, and you don’t need to save it repeatedly; if
you are a newly created certificate private key, you must download and save it This
certificate private key file.
下載儲存Download
*儲存記錄 LOG 檔案:Save the record LOG file:
建議下載儲存此檔案,本記錄檔案包含了所有數據,包括:憑證 PEM 內容、憑證私鑰 PEM 內容、帳戶私鑰 PEM 內容、所有設定參數。下次需要續簽新憑證時,可以將本記錄檔直接拖曳到本頁面,會自動填寫所有參數。It is recommended to download and save this file. This record file contains
all data, including: certificate PEM text, certificate private key PEM text, account private
key PEM text, and all configuration parameters. Next time you need to renew a new
certificate, you can drag and drop the record file directly into this page, and all
parameters will be filled in automatically.
下載儲存Download
你需要其他格式的憑證檔案?Do you need certificate files in other formats?
大部分伺服器程式支援直接使用 + 來設定開啟 HTTPS(例如 Nginx),如果你需要 *.pfx、*.p12 格式的憑證(例如用於 IIS),請用下方指令將 PEM 憑證轉換成 pfx/p12 格式:Most server programs support directly using + to configure and
enable HTTPS (such as Nginx). If you need a certificate in *.pfx or *.p12 format (such as for IIS), please use the following command to convert
the PEM certificate Convert to pfx/p12 format:
openssl pkcs12 -export -out .pfx -inkey -in
IIS 憑證鏈缺失?IIS certificate chain missing?
對於 Windows IIS 伺服器,你需要將憑證鏈安裝到「本機電腦」的「中間憑證授權單位」;請將 PEM 憑證中的所有憑證分割成單一 PEM 檔案(副檔名改成.crt 或 .cer),然後將系統中缺少的中間憑證雙擊開啟然後安裝進去;詳細參考:For Windows IIS server, you need to install the certificate chain into
"Intermediate Certification Authorities" in "Local Computer"; please split all certificates in
PEM certificate into a single PEM file (change the suffix to .crt or .cer), then double-click to open the missing intermediate certificate in the
system Then install it; detailed reference:http://support.microsoft.com/kb/954755
