certbot证书生成指令
2023-05-22 本文已影响0人
72d89184c236
1, 单个域名
certbot certonly --standalone -d static.xxx.io --non-interactive --agree-tos --email xxxx@qq.com --http-01-port=9999
2, 多个域名
certbot certonly --standalone -d static.xxx.io -d www.xxx.io -d contract-api.xxx.io -d static.xxx.io -d user-api.xxx.io --expand --non-interactive --agree-tos --email xxxx@qq.com --http-01-port=9999
自动更新脚本:
#!/usr/bin/env bash
# Renew the certificate
certbot renew --force-renewal
# Concatenate new cert files, with less output (avoiding the use tee and its output to stdout)
bash -c "cat /etc/letsencrypt/live/xxx.io/fullchain.pem /etc/letsencrypt/live/xxx.io/privkey.pem > /etc/ssl/certs/xxx.io.pem"
# Reload HAProxy
systemctl restart haproxy
haproxy 配置:
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
backend letsencrypt-backend
server letsencrypt 127.0.0.1:9999
