Let's encrypt申請泛域名證書

時間 2019-11-19

標籤 let's let encrypt 申請域名證書简体版

原文原文鏈接

一、下載工具html

wget https://dl.eff.org/certbot-autonginx

chmod a+x ./certbot-autobootstrap

二、初始化api

./certbot-auto服務器

三、獲取證書（1）dom

./certbot-auto certonly --manual -d *.mydomain.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directoryide

將*.mydomain.com換成你的域名。工具

注意：mydomain.com域名必須爲你本身全部，且你能操做跟它相關的DNS記錄。同時，執行certbot-auto命令的服務器必須就是mydomain.com所對應的服務器。ui

當咱們看到相似如下信息時，就須要停一會：this

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.mydomain.com with the following value:

xfnee7V1DS2ZlOLllasdkv-HltYfsdfahrradfU47xxs

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue

四、配置DNS記錄

根據第3步的信息，登陸咱們的DNS控制檯，添加TXT記錄：

TXT　　_acme-challenge.mydomain.com　　xfnee7V1DS2ZlOLllasdkv-HltYfsdfahrradfU47xxs

五、獲取證書（2）

等DNS信息生效後，就繼續獲取證書（1）的步驟，按下回車，系統會自動開始認證。

等待一會，若是出現如下信息，則說明證書生成成功。

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mydomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mydomain.com/privkey.pem
Your cert will expire on 2019-01-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le