CentOS 7配置Let’s Encrypt支持免费泛域名证书
生活随笔
收集整理的這篇文章主要介紹了
CentOS 7配置Let’s Encrypt支持免费泛域名证书
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
Let’s Encrypt從2018年開始支持泛域名證書,有效期3個月,目前僅支持acme方式申請,暫不支持certbot。
1、安裝acme.sh
curl https://get.acme.sh | sh?
2、請求證書(泛域名以*.s-b.me為例)
cd /.acme.sh ./acme.sh --issue -d *.s-b.me -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please輸出:
[Sat Mar 24 13:10:07 UTC 2018] Registering account [Sat Mar 24 13:10:08 UTC 2018] Registered [Sat Mar 24 13:10:08 UTC 2018] ACCOUNT_THUMBPRINT='hS_gwvXaqMtxJh2Bz0asmWK3r7iMYIknkOWDqO1a76U' [Sat Mar 24 13:10:08 UTC 2018] Creating domain key [Sat Mar 24 13:10:09 UTC 2018] The domain key is here: /root/.acme.sh/*.s-b.me/*.s-b.me.key [Sat Mar 24 13:10:09 UTC 2018] Multi domain='DNS:*.s-b.me,DNS:s-b.me' [Sat Mar 24 13:10:09 UTC 2018] Getting domain auth token for each domain [Sat Mar 24 13:10:10 UTC 2018] Getting webroot for domain='*.s-b.me' [Sat Mar 24 13:10:10 UTC 2018] Getting webroot for domain='s-b.me' [Sat Mar 24 13:10:10 UTC 2018] Add the following TXT record: [Sat Mar 24 13:10:10 UTC 2018] Domain: '_acme-challenge.s-b.me' [Sat Mar 24 13:10:10 UTC 2018] TXT value: '6sf1Iuh7r****************bHPs8QriJf8ibpszRk' [Sat Mar 24 13:10:10 UTC 2018] Please be aware that you prepend _acme-challenge. before your domain [Sat Mar 24 13:10:10 UTC 2018] so the resulting subdomain will be: _acme-challenge.s-b.me [Sat Mar 24 13:10:10 UTC 2018] Add the following TXT record: [Sat Mar 24 13:10:10 UTC 2018] Domain: '_acme-challenge.s-b.me' [Sat Mar 24 13:10:10 UTC 2018] TXT value: 'iA68V9A14****************mlrsZx24raM-S0gmpI' [Sat Mar 24 13:10:10 UTC 2018] Please be aware that you prepend _acme-challenge. before your domain [Sat Mar 24 13:10:10 UTC 2018] so the resulting subdomain will be: _acme-challenge.s-b.me [Sat Mar 24 13:10:10 UTC 2018] Please add the TXT records to the domains, and re-run with --renew. [Sat Mar 24 13:10:10 UTC 2018] Please add '--debug' or '--log' to check more details. [Sat Mar 24 13:10:10 UTC 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh?
3、參考輸出,添加域名txt記錄,以驗證域名所有權(quán)
_acme-challenge.s-b.me txt iA68V9A14****************mlrsZx24raM-S0gmpI _acme-challenge.s-b.me txt 6sf1Iuh7r****************bHPs8QriJf8ibpszRk?
4、申請泛解析證書
./acme.sh --renew -d *.s-b.me -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please如果順利,會在當(dāng)前目錄下生成以泛域名為名字的證書目錄
/root/.acme.sh *.s-b.me/ ├── ca.cer ├── fullchain.cer ├── *.s-b.me.cer ├── *.s-b.me.conf ├── *.s-b.me.csr ├── *.s-b.me.csr.conf └── *.s-b.me.key?
5、配置nginx或其他web server以支持SSL訪問
.cer 是證書文件 .key 是私鑰文件fullchain.cer 是證書鏈證書
?
6、證書續(xù)期
通過crontab或者其他定時任務(wù)系統(tǒng)執(zhí)行
./acme.sh --renew -d *.s-b.me -d s-b.me --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please?
?
【參考】
https://github.com/Neilpang/acme.sh
https://keelii.github.io/2016/06/12/free-https-cert-lets-encrypt-apply-install/
轉(zhuǎn)載于:https://www.cnblogs.com/imzye/p/8641524.html
總結(jié)
以上是生活随笔為你收集整理的CentOS 7配置Let’s Encrypt支持免费泛域名证书的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: show status like “ta
- 下一篇: [BZOJ 1452] Count