环境
系统:CentOS 7.4
安装Certbot
- 安装
# wget https://dl.eff.org/certbot-auto # chmod a+x certbot-auto # mv certbot-auto /usr/local/bin/
申请证书
-
申请
# certbot-auto certonly -d '*.yourdomain.com' --manual --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory注:
yourdomain.com替换为你自己的域名Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): youremail@qq.com ------------------------------------------------------------------------------- (A)gree/(C)ancel: A ------------------------------------------------------------------------------- (Y)es/(N)o: N ------------------------------------------------------------------------------- Are you OK with your IP being logged? (Y)es/(N)o: Y ------------------------------------------------------------------------------- Please deploy a DNS TXT record under the name _acme-challenge.yourdomain.com with the following value: u5iIS3JKCUpFEjL0_F9F0LE12345678UgDcOISEtx8o Before continuing, verify the record is deployed. ------------------------------------------------------------------------------- Press Enter to Continue 添加DNS记录
记录类型:TXT
主机记录:_acme-challenge.yourdomain.com,具体参考上一步
记录值:u5iIS3JKCUpFEjL0_F9F0LE12345678UgDcOISEtx8o,具体参考上一步-
验证DNS记录
# dig -t txt _acme-challenge.yourdomain.com 按回车,申请证书结束
其他
-
备份证书
# mkdir /data/cert/ # cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /data/cert/yourdomain.com.pem.20180510 # cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /data/cert/yourdomain.com.key.20180510 删除DNS记录
更新证书
步骤同申请证书
