获取Certbot
# https://certbot.eff.org/docs/install.html#system-requirements
wget https://dl.eff.org/certbot-auto
# 授权
chmod +x ./certbot-auto
# 查看帮助
./certbot-auto -h
创建证书
# 会自动安装依赖
# 创建通配弄证书
./certbot-auto certonly -d *.bitgap.cn --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
证书存放目录
/etc/letsencrypt/live/bitgap.cn/fullchain.pem
证书续期
mkdir -p /usr/local/openresty/nginx/html/.well-known/acme-challenge
vi /etc/letsencrypt/renewal/bitgap.cn.sh
#!/bin/bash
echo $CERTBOT_VALIDATION > /usr/local/openresty/nginx/html/.well-known/acme-challenge/$CERTBOT_TOKEN
chmod +x /etc/letsencrypt/renewal/bitgap.cn.sh
# --force-renew 强制刷新
/home/certbot-auto renew --force-renew --manual-auth-hook /etc/letsencrypt/renewal/bitgap.cn.sh
自动续期
vi /home/sslrenew.sh
#!/bin/bash
#刷新证书
/home/certbot-auto renew --force-renew --manual-auth-hook /etc/letsencrypt/renewal/bitgap.cn.sh
#重新加载
nginx -p `pwd`/ -s reload
vi /etc/crontab
#两个月执行一次
* * * */2 * root /home/sslrenew.sh
参考文档:
https://certbot.eff.org/docs/using.html
http://www.infoq.com/cn/news/2018/03/lets-encrypt-wildcard-https
https://www.cnblogs.com/stulzq/p/8628163.html
http://letsencrypt.readthedocs.io/en/latest/using.html#id22