1. 首页
  2. 站长资源
  3. 服务资源

Let’s Encrypt免费泛域名证书签发centos/Debian

Let’s Encrypt之前一直有提供免费三个月的单域名证书,市面上比较多见,在早期的时候官方就说要发布泛域名的证书,直到今天我们才可以正式申请到,目前泛域名的证书也是三个月的,你可以设置cron自动执行,快到三个月的时候自动更新申请到一个新的证书。由于使用到ACME V2 的dns技术申请,仅支持 CloudXNS、DNSpod、Cloudflare 等。推荐全自动化部署:https://gov.com.sb/go?url=https://certbot.eff.org/

centos申请方法:

1、下载acm.sh

curl https://gov.com.sb/go?url=https://get.acme.sh | sh

2、请求证书(泛域名以*.s-b.me为例)

cd /.acme.sh
./acme.sh --issue -d *.s-b.me  -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

输出:

[Sat Mar 24 13:10:07 UTC 2018] Registering account
[Sat Mar 24 13:10:08 UTC 2018] Registered
[Sat Mar 24 13:10:08 UTC 2018] ACCOUNT_THUMBPRINT='hS_gwvXaqMtxJh2Bz0asmWK3r7iMYIknkOWDqO1a76U'
[Sat Mar 24 13:10:08 UTC 2018] Creating domain key
[Sat Mar 24 13:10:09 UTC 2018] The domain key is here: /root/.acme.sh/*.s-b.me/*.s-b.me.key
[Sat Mar 24 13:10:09 UTC 2018] Multi domain='DNS:*.s-b.me,DNS:s-b.me'
[Sat Mar 24 13:10:09 UTC 2018] Getting domain auth token for each domain
[Sat Mar 24 13:10:10 UTC 2018] Getting webroot for domain='*.s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] Getting webroot for domain='s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] Add the following TXT record:
[Sat Mar 24 13:10:10 UTC 2018] Domain: '_acme-challenge.s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] TXT value: '6sf1Iuh7r****************bHPs8QriJf8ibpszRk'
[Sat Mar 24 13:10:10 UTC 2018] Please be aware that you prepend _acme-challenge. before your domain
[Sat Mar 24 13:10:10 UTC 2018] so the resulting subdomain will be: _acme-challenge.s-b.me
[Sat Mar 24 13:10:10 UTC 2018] Add the following TXT record:
[Sat Mar 24 13:10:10 UTC 2018] Domain: '_acme-challenge.s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] TXT value: 'iA68V9A14****************mlrsZx24raM-S0gmpI'
[Sat Mar 24 13:10:10 UTC 2018] Please be aware that you prepend _acme-challenge. before your domain
[Sat Mar 24 13:10:10 UTC 2018] so the resulting subdomain will be: _acme-challenge.s-b.me
[Sat Mar 24 13:10:10 UTC 2018] Please add the TXT records to the domains, and re-run with --renew.
[Sat Mar 24 13:10:10 UTC 2018] Please add '--debug' or '--log' to check more details.
[Sat Mar 24 13:10:10 UTC 2018] See: https://gov.com.sb/go?url=https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

3、参考输出,添加域名txt记录,以验证域名所有权

_acme-challenge.s-b.me    txt    iA68V9A14****************mlrsZx24raM-S0gmpI
_acme-challenge.s-b.me    txt    6sf1Iuh7r****************bHPs8QriJf8ibpszRk

 

4、申请泛解析证书

./acme.sh --renew -d *.s-b.me  -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

如果顺利,会在当前目录下生成以泛域名为名字的证书目录

/root/.acme.sh
*.s-b.me/
├── ca.cer
├── fullchain.cer
├── *.s-b.me.cer
├── *.s-b.me.conf
├── *.s-b.me.csr
├── *.s-b.me.csr.conf
└── *.s-b.me.key

5、配置nginx或其他web server以支持SSL访问

.cer            是证书文件
.key            是私钥文件
fullchain.cer   是证书链证书

6、证书续期

通过crontab或者其他定时任务系统执行

./acme.sh --renew -d *.s-b.me  -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
在 Debian下申请
  • 下载相关依赖
  • 下载 ACME.SH
  • 获取 CloudXNS 的 API KEY 和 Secret KEY

注意:务必将你安装 ACME.SH 的 VPS IP 设置进入白名单

  • 执行签发程序此处以我的域名为例 gov.com.sb
  • 证书获取, 此处以我的域名为例 gov.com.sb
    CSR、KEY、CERT 都在此路径下:

原创文章,作者:然星,如若转载,请注明出处:https://gov.com.sb/lets-encrypt-2.html

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注

联系我们

电话:+1 909 475 7355

邮件:admin@gov.com.sb

尊重中美法律法规

如遇版权法律问题删帖请联系邮箱