download acme.sh

1
curl  https://get.acme.sh | sh

goto acme.sh directory

1
cd ~/.acme.sh

add issued domain

1
./acme.sh --issue --dns -d "*.domain" --yes-I-know-dns-manual-mode-enough-go-ahead-please

add txt dns record
then renew

1
./acme.sh --issue --dns -d "*.domain" --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew

config nginx

1
2
ssl_certificate    /path/*.domain/fullchain.cer;
ssl_certificate_key /path/*.domain/*.domain.key;