ssl.aium.cn Open in urlscan Pro
8.134.192.115  Public Scan

URL: https://ssl.aium.cn/
Submission: On December 29 via api from US — Scanned from US

Form analysis 0 forms found in the DOM

Text Content

Loading...
HTML5网页版ACME客户端 ACME Web Browser Client 版本: 1.0.230820Ver: 1.0.230820 开源代码: Open
source: GitHub >> | Gitee >>
 * 功能用途本网页客户端用于:向 Let's Encrypt、ZeroSSL、Google 等支持 ACME 协议的证书颁发机构,免费申请获得用于 HTTPS
   的 SSL/TLS 域名证书(RSA、ECC/ECDSA),支持多域名和通配符泛域名;只需在现代浏览器上操作即可获得 PEM
   格式纯文本的域名证书,不依赖操作系统环境,无需下载和安装软件,纯手动操作,只专注于申请获得证书这一件事。
 * Functional useThis web client is used to: apply for free SSL/TLS domain name
   certificates (RSA, ECC/ECDSA) for HTTPS from Let's Encrypt , ZeroSSL , Google
   and other certificate authorities that support the ACME protocol, and support
   multiple domain names and wildcard pan-domain names; Simply operate on a
   modern browser to obtain a domain name certificate in plain text in PEM
   format, does not depend on the operating system environment, does not need to
   download and install software, and is purely manual, only focus on the only
   thing that is to apply for and obtain a certificate.
 * 简单易用点点鼠标 Ctrl+C Ctrl+V
   就能完成证书的申请,全程需要的操作少,每一步都有保姆级操作提示,UI友好大气美观;本客户端不需要注册账号、更不需要登录。
 * Easy to useClick the mouse and Ctrl+C Ctrl+V to complete the certificate
   application. The whole process requires less operations, and there are nanny
   level operation prompts at each step; UI friendly, atmospheric and beautiful;
   This client does not need to register an account, and does not need to log
   in.
 * 开源项目本网页客户端源码已开源,访问网址由托管仓库提供,源码透明可追溯。
 * Open source projectThe source code of the client side of this webpage has
   been open sourced, and the access URL is provided by the hosting warehouse,
   and the source code is transparent and traceable.
 * 单一文件本网页客户端仅一个静态 HTML 文件,不依赖其他任何文件;因此可以直接保存到你本地(右键-另存为),即可通过浏览器打开。
 * A single fileThis web client is only a single static HTML web page file and
   does not depend on any other files; therefore, it can be directly saved to
   your local (right-click - save as), and you can open it through a browser.
 * 数据安全除了你指定证书颁发机构的 ACME 接口地址外,本网页客户端不会向其他任何地址发送数据,通过浏览器控制台很容易做到网络数据审查。
 * Data securityExcept for the ACME interface address of the certificate
   authority you specify, this web client will not send data to any other
   address, and it is easy to check the network data through the browser
   console.
 * 系统安全纯网页应用,不会也无法对你的电脑系统做出任何修改。
 * System securityPure web application, will not and cannot make any
   modification to your computer system.
 * 证书过期风险提醒由于本网页客户端只能纯手动操作,不支持自动续期,需注意在证书过期前重新生申请新证书(免费证书普遍90天有效期,届时只需重复操作一遍即可),或使用
   acme.sh 等客户端自动化续期。
 * Certificate Expiration Risk AlertSince this web client can only be operated
   manually and does not support automatic renewal, you should pay attention to
   apply for a new certificate before the certificate expires (free certificates
   are generally valid for 90 days, you only need to repeat the operation at
   that time), or use acme.sh and other client automatic renewal.

步骤一:选择证书颁发机构 Step 1: Select a Certificate Authority
* 证书颁发机构 ACME(v2, RFC 8555) 服务URL: Certificate Authority ACME (v2, RFC 8555)
Service URL:
Let's Encrypt ZeroSSL Google 手动填写URL Fill in the URL manually 测试用[不要选] For
testing, don't choose
Let's Encrypt: 请按照下面的操作步骤提示进行申请即可得到证书,证书有效期90天。 Please follow the operation
steps prompts below to apply, and you can get the certificate, which is valid
for 90 days.
ZeroSSL: 此URL可能需要先根据下面的提示进行操作来消除跨域不能访问的问题。 This URL may need to be operated
according to the prompts below to eliminate the problem of cross-domain
inaccessibility.
申请证书前,你需要根据ZeroSSL的官方文档,先注册ZeroSSL账号并生成一个EAB凭据,每次申请证书时使用此EAB凭据,按照下面的操作步骤提示进行申请即可得到证书,证书有效期90天。
Before applying for a certificate, you need to follow ZeroSSL's official
documents, register a ZeroSSL account and generate an EAB credential, and use
this EAB credential every time you apply for a certificate, follow the operation
steps prompts below to apply, and you can get the certificate, which is valid
for 90 days.
Google Trust Services: 此URL可能需要先根据下面的提示进行操作来消除跨域不能访问的问题。 This URL may need to be
operated according to the prompts below to eliminate the problem of cross-domain
inaccessibility. 申请证书前,你需要根据Google的官方文档,在Google
Cloud中生成一个EAB凭据,每次申请证书时使用此EAB凭据,按照下面的操作步骤提示进行申请即可得到证书,证书有效期90天。 Before applying
for a certificate, you need to follow Google's official documents, generate an
EAB credential in Google Cloud, and use this EAB credential every time you apply
for a certificate, follow the operation steps prompts below to apply, and you
can get the certificate, which is valid for 90 days. 注意:因为同一个Google
EAB凭据只能绑定到一个ACME账户(私钥),因此你在首次申请证书时,必须同时保存好在第二步操作中新创建的或手动填写的ACME账户私钥,下次申请证书时使用此EAB凭据必须和已保存的ACME账户私钥一起使用。
Note: Because the same Google EAB credential can only be bound to one ACME
account (Private key), when you apply for a certificate for the first time, you
must also save the newly generated or manually filled ACME account private key
in the second step, this EAB credential must be used together with the saved
ACME account private key when applying for a certificate next time.
读取服务目录 Read service directory
[08:59:49] 读取服务目录成功,Read service directory OK,请进行下一步操作。 Please proceed to the
next step. URL=https://acme-v02.api.letsencrypt.org/directory
步骤二:证书配置 Step 2: Certificate Configuration
等待中,请先完成第一步... Waiting, please complete step 1 first...
温馨提示:如果上次申请过证书,可以拖拽已下载保存的记录LOG文件到本页面,将自动填充上次的配置信息。 Reminder: If you have applied
for a certificate last time, you can drag and drop the downloaded and saved
record LOG file to this page, and the last configuration information will be
automatically filled in.
* 证书中要包含的域名: Domain name to be included in the certificate:
一个证书可以包含多个域名(支持通配符),比如填写:a.com, *.a.com, b.com, *.b.com;第一个域名将作为证书的通用名称(Common
Name);带通配符的域名只支持DNS验证,其他域名支持上传文件验证;注意:填了www.a.com时,一般需要额外填上a.com。 A certificate
can contain multiple domain names (wildcard are supported), for example, fill
in: a.com, *.a.com, b.com, *.b.com; the first domain name will be used as the
Common Name of the certificate; Domain names with wildcard only support DNS
verification, and other domain names support upload file verification ; Note:
When www.a.com is filled in, it is generally necessary to fill in a.com
additionally.
记住 Remember
* 证书的私钥: Private key of certificate:
生成或填写的私钥仅用于ACME接口签名,支持RSA(2048位+)、ECC(prime256v1、, secp384r1、,
secp521r1曲线)私钥;注意:证书私钥的类型决定了申请到的证书是RSA证书还是ECC(ECDSA)证书,RSA类型适用性更广也更常见;本客户端不会对此私钥进行保存或发送给其他任何人;证书签发后在部署到服务器时,需使用到此私钥;建议每次申请证书时均生成新的证书私钥。
The generated or filled private key is only used for ACME interface signature,
and supports RSA (2048-bit+) and ECC (prime256v1、, secp384r1、, secp521r1 curve)
private keys; Note: The type of certificate private key determines whether the
applied certificate is an RSA certificate or a ECC(ECDSA) certificate, RSA type
is more widely applicable and more common; this client will not save or send
this private key to anyone else; this private key needs to be used when
deploying to the server after the certificate is issued; it is recommended to
generate a new certificate private key every time you apply for a certificate.
创建新RSA私钥 Generate RSA private key 创建新ECC私钥 Generate ECC private key 手动填写私钥
Manually fill in the private key


* ACME账户的私钥: Private key of ACME account:
生成或填写的私钥仅用于ACME接口签名,支持RSA(2048位+)、ECC(prime256v1、, secp384r1、,
secp521r1曲线)私钥;账户私钥类型对证书无影响;本客户端不会对此私钥进行保存或发送给其他任何人;一个私钥相当于一个账户,可用于吊销已签发的证书;建议每次申请证书时使用相同的一个私钥(这样短期内多次申请证书时,验证域名所有权的参数极有可能会保持相同),不过每次都生成一个新的私钥大部分情况下也不会有问题。
The generated or filled private key is only used for ACME interface signature,
and supports RSA (2048-bit+) and ECC (prime256v1、, secp384r1、, secp521r1 curve)
private keys; the account private key type has no effect on the certificate;
this client will not save or send this private key to anyone else; A private key
is equivalent to an account and can be used to revoke an issued certificate; it
is recommended to use the same private key every time you apply for a
certificate (in this way, the parameters used to verify the domain name
ownership are likely to remain identical when multiple certificate applications
are made in a short period of time); However, generating a new private key every
time will not be a problem in most cases.
注意:如果你选择的ACME服务(比如Google)要求提供EAB凭据并且限制了同一个EAB凭据只能绑定到一个ACME账户(私钥),那每次使用此EAB凭据时必须使用相同的一个私钥(首次时如果新创建了私钥,此新私钥需立即保存起来下次和此EAB凭据一起使用)。
Note: If the ACME service you choose (such as Google) requires EAB credentials
and limits the same EAB credentials to only one ACME account (private key), then
you must use the same private key every time you use this EAB credential (if you
generate a new private key for the first time, this new private key needs to be
saved immediately and used with this EAB credential next time).
创建新RSA私钥 Generate RSA private key 创建新ECC私钥 Generate ECC private key 手动填写私钥
Manually fill in the private key


* ACME账户的联系邮箱: Contact email of ACME account:
此邮箱地址用于证书颁发机构给你发送邮件,比如:证书过期前的续期通知提醒。 This email address is used by the
certificate authority to send you emails, such as a reminder of renewal notice
before the certificate expires.
记住 Remember
EAB凭据: EAB Credentials:
当前ACME服务要求提供外部账号绑定凭据(External Account Binding),比如ZeroSSL:你可以在ZeroSSL的管理控制台的
Developer 中获得此凭据,所以你需要先注册一个ZeroSSL的账号。 The current ACME service requires
external account binding credentials, such as ZeroSSL: You can obtain this
credentials in the Developer of the ZeroSSL management console, so you need to
register a ZeroSSL account first.
*EAB KID:

*HMAC KEY:

我同意此证书颁发机构ACME服务的服务条款。I agree to the terms of service for this Certificate
Authority ACME Service.
确定 OK

步骤三:验证域名所有权 Step 3: Verify Domain Ownership
等待中,请先完成第二步... Waiting, please complete step 2 first...
请给每个域名选择一个你合适的验证方式(推荐采用DNS验证,比较简单和通用),然后根据显示的提示完成对应的配置操作。 Please select a
suitable verification method for each domain name (DNS Verify is recommended,
which is relatively simple and common), and then complete the corresponding
configuration operations according to the displayed prompts.

请每个域名选择好对应的验证方式,根据显示的提示进行对应的配置操作;必须所有域名配置完成后,再来点击下面的“开始验证”按钮进行验证,如果验证失败,需要返回第二步重新开始操作。
Please select the corresponding verify method for each domain name, and perform
the corresponding configuration operation according to the displayed prompts;
after all domain names are configured, click the "Start Verify" button below to
verify, if the verify fails, you need to go back to the step 2 Start the
operation.
开始验证 Start Verify 取消 Cancel 重试 Retry

步骤四:下载保存证书PEM文件 Step 4: Download and save the certificate PEM file
等待中,请先完成第三步... Waiting, please complete step 3 first...
* 保存证书PEM文件: Save certificate PEM file:
必须保存此文件,请点击下载按钮下载,或者将证书文本内容复制保存为your_domain.pem文件(PEM纯文本格式);文件名后缀可改成 .crt 或
.cer,这样在Windows中能直接双击打开查看。本PEM格式文件已包含你的域名证书、和完整证书链,文本中第一个CERTIFICATE为你的域名证书,后面的为证书颁发机构的中间证书和根证书,如过有需要你可以自行拆分成多个.pem文件。
This file must be saved, please click the download button to download, or copy
the text content of the certificate and save it as your_domain.pem file (PEM
plain text format); the file name suffix can be changed to .crt or .cer , so
that it can be directly double-clicked to open and view in Windows. This PEM
format file already contains your domain name certificate and complete
certificate chain. The first CERTIFICATE in the text is your domain name
certificate, followed by the intermediate certificate and root certificate of
the certificate authority, if necessary, you can split it into multiple .pem
files.
下载保存 Download
* 保存证书私钥KEY文件: Save the certificate private key KEY file:
请点击下载按钮下载,或者将私钥文本内容复制保存为your_domain.key文件(PEM纯文本格式,.key后缀可自行修改成.pem)。如果第二步操作中你手动填写了证书私钥,此处的证书私钥和你填写的是完全一样的,可以不需要重复保存;如果你是新创建的证书私钥,则你必须下载保存此证书私钥文件。
Please click the download button to download, or copy and save the text content
of the private key as your_domain.key file (PEM plain text format, the .key
suffix can be modified to .pem by yourself). If you manually filled in the
certificate private key in the step 2, the certificate private key here is
exactly the same as what you filled in, and you don’t need to save it
repeatedly; if you are a newly created certificate private key, you must
download and save it This certificate private key file.
下载保存 Download
* 保存记录LOG文件: Save the record LOG file:
建议下载保存此文件,本记录文件包含了所有数据,包括:证书PEM文本、证书私钥PEM文本、账户私钥PEM文本、所有配置参数。下次你需要续签新证书时,可以将本记录文件直接拖拽进本页面,会自动填写所有参数。
It is recommended to download and save this file. This record file contains all
data, including: certificate PEM text, certificate private key PEM text, account
private key PEM text, and all configuration parameters. Next time you need to
renew a new certificate, you can drag and drop the record file directly into
this page, and all parameters will be filled in automatically.
下载保存 Download
你需要其他格式的证书文件? Do you need certificate files in other formats?
大部分服务器程序支持直接使用 your_domain.pem+your_domain.key 来配置开启HTTPS(比如Nginx),如果你需要
*.pfx、*.p12 格式的证书(比如用于IIS),请用下面命令将PEM证书转换成 pfx/p12 格式: Most server programs
support directly using your_domain.pem+your_domain.key to configure and enable
HTTPS (such as Nginx). If you need a certificate in *.pfx or *.p12 format (such
as for IIS), please use the following command to convert the PEM certificate
Convert to pfx/p12 format:
openssl pkcs12 -export -out your_domain.pfx -inkey your_domain.key -in
your_domain.pem
IIS证书链缺失? IIS certificate chain missing?
对于Windows
IIS服务器,你需要将证书链安装到“本地计算机”的“中间证书颁发机构”中;请将PEM证书中的所有证书拆分成单个PEM文件(后缀改成.crt或.cer),然后将系统中缺失的中间证书双击打开然后安装进去;详细参考:
For Windows IIS server, you need to install the certificate chain into
"Intermediate Certification Authorities" in "Local Computer"; please split all
certificates in PEM certificate into a single PEM file (change the suffix to
.crt or .cer), then double-click to open the missing intermediate certificate in
the system Then install it; detailed reference:
http://support.microsoft.com/kb/954755
本客户端部分原理简介 Introduction to the principle of this client
得益于现代浏览器的 crypto.subtle 对加密功能标准化,不依赖其他任何js库就能在网页上实现 RSA、ECC
的加密、解密、签名、验证、和密钥对生成。在本客户端内的 X509 对象中:用 X509.CreateCSR 来生成CSR,用 X509.KeyGenerate
来创建PEM格式密钥,用 X509.KeyParse 来解析PEM格式密钥,用 X509.KeyExport
来导出PEM格式密钥;这些功能都是根据相应的标准用js代码在二进制层面上实现的,二进制数据操作封装在了 ASN1 对象中:实现了 ASN.1
标准的二进制解析和封包,使用 ASN1.ParsePEM 方法可以解析任意的PEM格式密钥或证书。以上这些都是实现ACME网页客户端的核心基础。 Thanks
to the standardization of encryption functions by crypto.subtle of modern
browsers, RSA and ECC encryption, decryption, signature, verification, and key
pair generation can be implemented on web pages without relying on any other js
library. In the X509 object in this client: use X509.CreateCSR to generate CSR,
use X509.KeyGenerate to create PEM format key, use X509.KeyParse to parse PEM
format key, use X509.KeyExport to export PEM format key; These functions are
implemented at the binary level with js code according to the corresponding
standards, and binary data operations are encapsulated in ASN1 objects: ASN.1
standard binary parsing and encapsulation are implemented, Arbitrary PEM format
keys or certificates can be parsed using the ASN1.ParsePEM method. These are the
core foundations for implementing the ACME web client.
然后就是对接ACME实现证书的签发,和实现交互UI;对接ACME可以直接参考 RFC 8555
标准。有些证书颁发机构的ACME服务对浏览器支持不良,未提供齐全的 Access-Control-*
响应头,导致网页内无法直接调用服务接口;目前采用的解决办法非常简单粗暴,比如ZeroSSL:检测到此ACME服务存在跨域问题时,会调用
acmeReadDirGotoCORS()
方法告诉用户操作步骤(你可以点此手动调用此方法),通过在他们的页面内运行本客户端来消除跨域问题(既然打不过,那就加入他们)。 Then it is to
connect with ACME to realize certificate issuance and realize interactive UI;
for connecting with ACME, you can directly refer to the RFC 8555 standard. The
ACME services of some certificate authorities do not support browsers well, and
do not provide complete Access-Control-* response headers, so that the service
interface cannot be called directly in the web page; the current solution is
very simple and rude, such as ZeroSSL: detect this ACME When there is a
cross-domain problem with the service, the acmeReadDirGotoCORS() method will be
called to tell the user the operation steps (you can call this method manually
by clicking here), and the cross-domain problem will be eliminated by running
this client in their page (if we can't beat them, we'd better join them).
QQ群:交流与支持 QQ group: communication and support
欢迎加QQ群:421882406,纯小写口令:xiangyuecn。如需功能定制,网站、App、小程序、前端和后端等开发需求,请加此QQ群,联系群主(即作者),谢谢~
Welcome to join the QQ group: 421882406 , code: xiangyuecn . If you need
function customization, website, app, applet, front-end and back-end development
needs, please join this QQ group and contact the group owner (ie the author),
thank you~
The Chinese-English translation is mainly from: Chrome comes with translation +
Baidu translation, which is translated from Chinese to English.
版本: 1.0.230820Ver: 1.0.230820 License: GPL-3.0

赏包辣条? Donate a Coke?
客户端工具开发维护不易,期望本项目对你能有所帮助,欢迎通过下面按钮打赏作者~
It is not easy to develop and maintain client tools. I hope this project can
help you. Welcome to reward the author through the following buttons~
打赏 😘 Donate 😘
Language: 中文 | EN