certbot

最新推荐文章于 2024-05-31 09:42:54 发布

Til The Day I Die

最新推荐文章于 2024-05-31 09:42:54 发布

阅读量66

点赞数

文章标签：运维

本文链接：https://blog.csdn.net/weixin_43334719/article/details/134187255

版权

yum -y install epel-release
yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
yum install certbot python2-certbot-nginx
certbot --server https://acme-v02.api.letsencrypt.org/directory -d "hxxxj.xyz" -d "*.hxxxj.xyz" --manual --preferred-challenges dns-01 certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): ****@qq.com
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Requesting a certificate for hxxxj.xyz and *.hxxxj.xyz
Performing the following challenges:
dns-01 challenge for hxxxj.xyz
dns-01 challenge for hxxxj.xyz

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.hxxxj.xyz with the following value:
# 添加云解析
_4lRdnZb3qWqw7rSe7TWX0JbkuJ2bpzPUiSjNiHgWCo

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.hxxxj.xyz with the following value:
# 添加云解析
V3ZjJnweuR_WfbpUgiiAYydGG3-zbYsbZbIEQL9gd40

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Subscribe to the EFF mailing list (email: 956221406@qq.com).
Starting new HTTPS connection (1): supporters.eff.org
An unexpected error occurred:
TypeError: __str__ returned non-string (type Error)
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/hxxxj.xyz/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/hxxxj.xyz/privkey.pem
   Your certificate will expire on 2024-01-31. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

更新证书

# 泛域名自动更新方式
##1.安装 aliyun cli 工具
wget https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz
tar xzvf aliyun-cli-linux-latest-amd64.tgz
cp aliyun /usr/local/bin
rm -rf aliyun
##2.安装完成后需要配置凭证信息
创建阿里云AccessKey
access-key-id：LTAI5txxxxxxxxxxx22RaSop5dDQq
access-key-secret：bg2urcxxxxxxxxxxxxxxWo425fZaWrK0kQ


aliyun configure set \
  --profile akProfile \
  --mode AK \
  --region cn-hangzhou \
  --access-key-id LTAI5txxxxxxxxxxx22RaSop5dDQq \
  --access-key-secret bg2urcxxxxxxxxxxxxxxWo425fZaWrK0kQ
 
##3.安装 certbot-dns-aliyun 插件
wget https://cdn.jsdelivr.net/gh/justjavac/certbot-dns-aliyun@main/alidns.sh
cp alidns.sh /usr/local/bin
chmod +x /usr/local/bin/alidns.sh
ln -s /usr/local/bin/alidns.sh /usr/local/bin/alidns
rm -rf alidns.sh

certbot renew --manual --preferred-challenges dns --manual-auth-hook "alidns" --manual-cleanup-hook "alidns clean"
加--force-renew 强制刷新