通过Certbot申请域名通配符
安装snap
以centos7
为例子
1.sudo yum install epel-release
2.sudo yum install snapd
3.sudo systemctl enable --now snapd.socket
4.sudo ln -s /var/lib/snapd/snap /snap
安装Certbot
1.sudo snap install core
2.sudo snap refresh core
3.sudo yum remove certbot
4.sudo snap install --classic certbot
5.sudo ln -s /snap/bin/certbot /usr/bin/certbot
申请域名通配符
1.sudo certbot certonly --manual --preferred-challenges=dns-01
出现以下提示,输入邮箱回车即可
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel):
然后出现一些同意事项,按Y即可,然后到输入域名这里(主域名和*号域名,中间逗号或者空格隔开都行)
Account registered.
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): YouDomain.com,*.YouDomain.com
回车,然后出现
Please deploy a DNS TXT record under the name:
_acme-challenge.YouDomain.com.
with the following value:
YfBA-x2Vdw_j5t1gvBSSee8GX1PBx-y2hM1bx9rgijg
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.YouDomain.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
然后到域名服务商那里添加主机记录_acme-challenge
,值为上面给出的,也就是YfBA-x2Vdw_j5t1gvBSSee8GX1PBx-y2hM1bx9rgijg
,过一会 https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.YouDomain.com.
上面查下DNS记录,这个地址是输入域名后回车后显示出来的,确保记录值只有一条,有多条的话可能会验证失败。
这里提醒一下,如果主机名显示是这样_acme-challenge.YouDomain.com.
,在域名服务商解析那里填写的应该是_acme-challenge
如果显示的是_acme-challenge.www.YouDomain.com.
,那应该在域名服务商解析那里填写的是_acme-challenge.www
3.生成的证书在/etc/letsencrypt/live
目录下