yum install certbot
sudo certbot certonly --manual -d *.5460net.com -d 5460net.com --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
然后验证域名txt
验证通过后
配置nginx的ssl证书
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/5460net.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/5460net.com/privkey.pem; # managed by Certbot
自动续期
下载 https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
$ git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
$ cd certbot-letencrypt-wildcardcertificates-alydns-au
$ chmod 0777 au.sh
vim au.sh
替换掉py文件中的ACCESS_KEY_ID
和ACCESS_KEY_SECRET
,首先需要开放云控制台中的accesskeys
,如何开放可以去查阅其他资料,这里不做描述
然后编写renew.sh脚本
vim renew.sh
内容如下:
certbot renew --manual --preferred-challenges dns --manual-auth-hook au.sh
然后保存,运行renew.sh,就可以续期了
chmod 777 renew.sh
./renew.sh
编写定时器定时续期
vim /etc/crontab
0 0 0 */2 * root sh /certbot-letencrypt-wildcardcertificates-alydns-au/renew.sh
service crond restart