centos7通配ssl域名使用snap的certbot版本的lets-encrypt记录
星期日, 2021-07-25 | Author: Lee | computer, linux | 8,620 views
之前直接使用脚本的形式现在已经不支持了,需要使用snap的模式
1.安装snap
sudo yum install epel-release -y sudo yum install snapd sudo systemctl enable --now snapd.socket sudo ln -s /var/lib/snapd/snap /snap sudo snap install core sudo snap refresh core |
2.移除历史的版本certbot
sudo yum remove certbot |
3.Install Certbot
sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot |
4.生成指定域名的证书信息
sudo certbot certonly --email xxx@xxx.com --manual -d *.xxx.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory |
会显示要配置下 DNS的TXT配置下即可(到域名服务商那边配置)
Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for *.xxx.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name: _acme-challenge.xxx.com. with the following value: ndQEiaMxxxxxxxxxxLat9pMGFAI9odZrc Before continuing, verify the TXT record has been deployed. Depending on the DNS provider, this may take some time, from a few seconds to multiple minutes. You can check if it has finished deploying with aid of online tools, such as the Google Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.xxx.com. Look for one or more bolded line(s) below the line ';ANSWER'. It should show the value(s) you've just added. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/xxx.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/xxx.com/privkey.pem This certificate expires on 2021-10-23. These files will be updated when the certificate renews. NEXT STEPS: - This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
5.配置NGINX下的证书信息再重新reload即可
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem; |
6.后续续期执行certbot renew
certbot renew |
文章作者: Lee
本文地址: https://www.pomelolee.com/2168.html
除非注明,Pomelo Lee文章均为原创,转载请以链接形式标明本文地址
No comments yet.
Leave a comment
Search
相关文章
热门文章
最新文章
文章分类
- ajax (10)
- algorithm-learn (3)
- Android (6)
- as (3)
- computer (85)
- Database (30)
- disucz (4)
- enterprise (1)
- erlang (2)
- flash (5)
- golang (3)
- html5 (18)
- ios (4)
- JAVA-and-J2EE (186)
- linux (143)
- mac (10)
- movie-music (11)
- pagemaker (36)
- php (50)
- spring-boot (2)
- Synology群晖 (2)
- Uncategorized (6)
- unity (1)
- webgame (15)
- wordpress (33)
- work-other (2)
- 低代码 (1)
- 体味生活 (40)
- 前端 (21)
- 大数据 (8)
- 游戏开发 (9)
- 爱上海 (19)
- 读书 (4)
- 软件 (3)