搭建Ngrok时需要一个泛域名解析,扒了众多文档搞定了泛域名ssl证书的申请
这里使用的是Certbot来签发。
官网文档:https://certbot.eff.org/docs/using.html
直接使用官网首页的安装方法是无法使用最新的Let's Encrypt的v2 API,这里加参数
--server https://acme-v02.api.letsencrypt.org/directory现在的命令是:
root@aliyun:~# certbot certonly --standalone -d *.example.com --server https://acme-v02.api.letsencrypt.org/directory结果提示:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.原因是没有DNS验证
添加参数:
--preferred-challenges dns扒官方文档后,发现泛域名需要dns-01验证。文档说明了改验证方法可自动验证,但需要安装插件,且DNS服务商为下列服务商:
cloudflare
cloudxns
digitalocean
dnsimple
dnsmadeeasy
google
luadns
nsone
rfc2136
route53我的是阿里云的免费解析,所以没有API来自动验证,故添加参数:
--manual结合一下,命令为:
root@aliyun:~# certbot certonly --preferred-challenges dns --manual -d *.example.com --server https://acme-v02.api.letsencrypt.org/directory签发证书时提示添加TXT记录
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:
kxxxxxxxxxxxxx_xxxxxxxxxxx_Q
Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------在阿里云解析一下TXT记录即可
这样等待签发完成即可
1770
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
