安装
sudo apt install certbot验证
执行下面命令
# 泛域名:
certbot certonly -d *.test.com --manual --preferred-challenges dns
# 主域名:
certbot certonly -d test.com --manual --preferred-challenges dns之后 Certbot 会返回下面信息
dongdaming@nuc:/etc/nginx/sites-available$ sudo certbot certonly -d *.beekc.top --manual --preferred-challenges dns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.beekc.top
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.beekc.top.
with the following value:
A123456789
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.beekc.top.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue根据信息在配置 DNS 解析服务器。这里为 _acme-challenge.beekc.top 添加一条 TXT 记录,内容为 A123456789
配置完 DNS服务器后,返回终端按下回车,Certbot 会完成剩余的工作。证书生成在 /etc/letsencrypt/live/beekc.top/
自动续期
建立文件/etc/systemd/system/certbot.service,输入下面内容
[Unit]
Description=Let's Encrypt renewal
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tosExecStart 参照 使用 Certbot 通过阿里云 DNS 申请与续订域名证书 进行配置,也可以直接参照文中使用 cron 配置定时任务。
建立文件 /etc/systemd/system/certbot.timer,并输入如下内容
[Unit]
Description=Monthly renewal of Let's Encrypt's certificates at 4:00 AM
[Timer]
OnCalendar=*-*-01 04:00:00
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=timers.targetonCalendar 为执行周期,这里配置为每月1号四点执行,RandomizedDelaySec 为随机延迟,防止大量服务整点执行,冲击服务器负载。
启用服务
systemctl enable certbot.timer
systemctl start certbot.timer