申请免费SSL证书

2019-05-14 本文已影响0人辛多雷

准备

centos 7.4
Let's Encrypt certbot-auto

部署certbot-auto

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
mv certbot-auto /usr/local/bin/

手动创建证书

这里的domainname可以是 *.domain.com也可以是 aa.domain.com

certbot-auto certonly -d 'domainname' --manual --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

第一次运行需要填写域名到期的通知地地址

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): email@qq.com

开始创建证书:

-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
-------------------------------------------------------------------------------
(Y)es/(N)o: N
-------------------------------------------------------------------------------
Are you OK with your IP being logged?
(Y)es/(N)o: Y
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.domainname.com with the following value:

FTctTRfyr6zmfwtI7Gcv7Omgj5Jf202UgCJ-NIX3GtE

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue

添加DNS记录
$\color{red}{这儿需要添加完域名解析后后才能按回车否则会重新出现解析值错误}$
记录类型：TXT
主机记录：_acme-challenge.domainname.com
记录值：FTctTRfyr6zmfwtI7Gcv7Omgj5Jf202UgCJ-NIX3GtE
获取证书
证书路径:

ls /etc/letsencrypt/live/{domainname}
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

其中
fullchain.pem 重命名为{domainname}.pem
privkey.pem 重命名为{domainname}.key
这两个文件就可以给nginx作为证书了

问题记录
- 需要域名解析：看看是不是txt域名配置错误

challenge failed for domain

失败次数过多:一个小时后再试或者个ip重试

自动nginx

直接输入

certbot-auto  --nginx

选择域名

申请免费SSL证书

准备

部署certbot-auto

手动创建证书

自动nginx

猜你喜欢

热点阅读