阅读 https://www1.hi.cn/docs/best-practice/secure-aapanel-https
参考 说明 · acmesh-official/acme.sh Wiki · GitHub

总结起来就是一段SSH命令：

email="my@example.com" # 记得修改成你的邮箱
ip=$(curl -s -4 ip.sb)
webroot=$(cat $((grep -r " "$ip /www/server/panel/vhost/nginx/ || grep -r "default_server" /www/server/panel/vhost/nginx/) | grep server_name | awk '{print $1}' | cut -d ':' -f1) | egrep 'root ' | awk '{print $2}' | cut -d ';' -f1)

if [ -z "$webroot" ]; then
  echo "请先创建1个IP站点或者设置1个默认站点！"
  exit 1
fi

export LE_WORKING_DIR=/root/.acme.sh

/bin/cp -rf /www/server/panel/ssl/privateKey.pem /www/server/panel/ssl/privateKey.pem.bak
/bin/cp -rf /www/server/panel/ssl/certificate.pem /www/server/panel/ssl/certificate.pem.bak
/bin/cp -rf /www/server/panel/vhost/cert/$ip/privkey.pem /www/server/panel/vhost/cert/$ip/privkey.pem.bak
/bin/cp -rf /www/server/panel/vhost/cert/$ip/fullchain.pem /www/server/panel/vhost/cert/$ip/fullchain.pem.bak

/root/.acme.sh/acme.sh --register-account \
    --email $email \
    --server https://acme.hi.cn/directory && \
    \
/root/.acme.sh/acme.sh --issue \
    -d $ip --webroot $webroot \
    --server https://acme.hi.cn/directory \
    --force && \
    \
echo "复制宝塔面板证书" && \
/bin/cp -rf /root/.acme.sh/$ip/$ip.key /www/server/panel/ssl/privateKey.pem && \
/bin/cp -rf /root/.acme.sh/$ip/fullchain.cer /www/server/panel/ssl/certificate.pem && \
    \
echo "True" > /www/server/panel/data/ssl.pl && \
    \
bt reload && \
    \
echo "安装站点证书（如有）" && \
/bin/cp -rf /root/.acme.sh/$ip/$ip.key /www/server/panel/vhost/cert/$ip/privkey.pem && \
/bin/cp -rf /root/.acme.sh/$ip/fullchain.cer /www/server/panel/vhost/cert/$ip/fullchain.pem && \
    \
bt reload && \
    \
echo "成功续期"