https://blog.ohtly.com/tags/acme/ Recent content in Acme on OHTLY Blog Hugo zh-cn Tue, 23 Jun 2026 20:32:32 +0800 https://blog.ohtly.com/posts/2026-06-23-caddy-https-openclaw/ Tue, 23 Jun 2026 20:32:32 +0800 https://blog.ohtly.com/posts/2026-06-23-caddy-https-openclaw/ <p>办公室内网的 OpenClaw Gateway 之前用 Caddy 做了反向代理，但只有自签名证书，浏览器每次弹出安全警告。需要换上合法的 Let&rsquo;s Encrypt 证书，又不能把 80/443 端口暴露到公网。</p> <h2 id="方案caddy--aliyun-dns-01"> 方案：Caddy + Aliyun DNS-01 <a class="heading-link" href="#%e6%96%b9%e6%a1%88caddy--aliyun-dns-01"> <i class="fa-solid fa-link" aria-hidden="true" title="链接到标题"></i> <span class="sr-only">链接到标题</span> </a> </h2> <p>DNS-01 挑战不要求目标服务器开放 80 或 443 端口，只要 DNS API 能写入 <code>_acme_challenge</code> 的 TXT 记录就能完成验证。Caddy 的 <code>alidns</code> 模块直接对接阿里云 DNS API，适合纯内网服务。</p> <h2 id="步骤"> 步骤 <a class="heading-link" href="#%e6%ad%a5%e9%aa%a4"> <i class="fa-solid fa-link" aria-hidden="true" title="链接到标题"></i> <span class="sr-only">链接到标题</span> </a> </h2> <h3 id="1-dns-记录"> 1. DNS 记录 <a class="heading-link" href="#1-dns-%e8%ae%b0%e5%bd%95"> <i class="fa-solid fa-link" aria-hidden="true" title="链接到标题"></i> <span class="sr-only">链接到标题</span> </a> </h3> <p>添加 A 记录，指向内网 IP：</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>aliyun alidns AddDomainRecord <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --DomainName example.com <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --RR openclaw <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --Type A <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --Value 192.168.*.* </span></span></code></pre></div><p>DNS 记录只在办公室内网可达，公网无法直接访问。</p>