yum install certbot
sudo certbot certonly --manual -d *.5460net.com -d 5460net.com --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
然後驗證域名txt
驗證通過後
配置nginx的ssl證書
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/5460net.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/5460net.com/privkey.pem; # managed by Certbot
自動續期
下載 https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
$ git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
$ cd certbot-letencrypt-wildcardcertificates-alydns-au
$ chmod 0777 au.sh
vim au.sh
替換掉py文件中的ACCESS_KEY_ID
和ACCESS_KEY_SECRET
,首先需要開放雲控制檯中的accesskeys
,如何開放可以去查閱其他資料,這裏不做描述
然後編寫renew.sh腳本
vim renew.sh
內容如下:
certbot renew --manual --preferred-challenges dns --manual-auth-hook au.sh
然後保存,運行renew.sh,就可以續期了
chmod 777 renew.sh
./renew.sh
編寫定時器定時續期
vim /etc/crontab
0 0 0 */2 * root sh /certbot-letencrypt-wildcardcertificates-alydns-au/renew.sh
service crond restart