1. Home
  2. 站長資源
  3. 服務資源

Let’s Encrypt免費泛域名證書籤發centos/Debian

Let』s Encrypt之前一直有提供免費三個月的單域名證書,市面上比較多見,在早期的時候官方就說要發布泛域名的證書,直到今天我們才可以正式申請到,目前泛域名的證書也是三個月的,你可以設定cron自動執行,快到三個月的時候自動更新申請到一個新的證書。由於使用到ACME V2 的dns技術申請,僅支持 CloudXNS、DNSpod、Cloudflare 等。推薦全自動化部署:https://certbot.eff.org/

centos申請方法:

1、下載acm.sh

curl https://get.acme.sh | sh

2、請求證書(泛域名以*.s-b.me為例)

cd /.acme.sh
./acme.sh --issue -d *.s-b.me  -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

輸出:

[Sat Mar 24 13:10:07 UTC 2018] Registering account
[Sat Mar 24 13:10:08 UTC 2018] Registered
[Sat Mar 24 13:10:08 UTC 2018] ACCOUNT_THUMBPRINT='hS_gwvXaqMtxJh2Bz0asmWK3r7iMYIknkOWDqO1a76U'
[Sat Mar 24 13:10:08 UTC 2018] Creating domain key
[Sat Mar 24 13:10:09 UTC 2018] The domain key is here: /root/.acme.sh/*.s-b.me/*.s-b.me.key
[Sat Mar 24 13:10:09 UTC 2018] Multi domain='DNS:*.s-b.me,DNS:s-b.me'
[Sat Mar 24 13:10:09 UTC 2018] Getting domain auth token for each domain
[Sat Mar 24 13:10:10 UTC 2018] Getting webroot for domain='*.s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] Getting webroot for domain='s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] Add the following TXT record:
[Sat Mar 24 13:10:10 UTC 2018] Domain: '_acme-challenge.s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] TXT value: '6sf1Iuh7r****************bHPs8QriJf8ibpszRk'
[Sat Mar 24 13:10:10 UTC 2018] Please be aware that you prepend _acme-challenge. before your domain
[Sat Mar 24 13:10:10 UTC 2018] so the resulting subdomain will be: _acme-challenge.s-b.me
[Sat Mar 24 13:10:10 UTC 2018] Add the following TXT record:
[Sat Mar 24 13:10:10 UTC 2018] Domain: '_acme-challenge.s-b.me'
[Sat Mar 24 13:10:10 UTC 2018] TXT value: 'iA68V9A14****************mlrsZx24raM-S0gmpI'
[Sat Mar 24 13:10:10 UTC 2018] Please be aware that you prepend _acme-challenge. before your domain
[Sat Mar 24 13:10:10 UTC 2018] so the resulting subdomain will be: _acme-challenge.s-b.me
[Sat Mar 24 13:10:10 UTC 2018] Please add the TXT records to the domains, and re-run with --renew.
[Sat Mar 24 13:10:10 UTC 2018] Please add '--debug' or '--log' to check more details.
[Sat Mar 24 13:10:10 UTC 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

3、參考輸出,添加域名txt記錄,以驗證域名所有權

_acme-challenge.s-b.me    txt    iA68V9A14****************mlrsZx24raM-S0gmpI
_acme-challenge.s-b.me    txt    6sf1Iuh7r****************bHPs8QriJf8ibpszRk

 

4、申請泛解析證書

./acme.sh --renew -d *.s-b.me  -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

如果順利,會在當前目錄下生成以泛域名為名字的證書目錄

/root/.acme.sh
*.s-b.me/
├── ca.cer
├── fullchain.cer
├── *.s-b.me.cer
├── *.s-b.me.conf
├── *.s-b.me.csr
├── *.s-b.me.csr.conf
└── *.s-b.me.key

5、配置nginx或其他web server以支持SSL訪問

.cer            是證書文件
.key            是私鑰文件
fullchain.cer   是證書鏈證書

6、證書續期

通過crontab或者其他定時任務系統執行

./acme.sh --renew -d *.s-b.me  -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
在 Debian下申請
  • 下載相關依賴
  • 下載 ACME.SH
  • 獲取 CloudXNS 的 API KEY 和 Secret KEY

註意:務必將你安裝 ACME.SH 的 VPS IP 設定進入白名單

  • 執行簽發程序此處以我的域名為例 gov.com.sb
  • 證書獲取, 此處以我的域名為例 gov.com.sb
    CSR、KEY、CERT 都在此路徑下:

原创文章,作者:然星,如若转载,请注明出处:https://gov.com.sb/lets-encrypt-2.html

發佈回覆

你的電郵地址並不會被公開。 必要欄位標記為 *

Contact Us

電話:+1 909 475 7355

郵件:govsite@protonmail.ch

尊重中美法律法規
如遇版權法律問題删帖請聯繫郵箱