安装certbot
安装certbot
yum install epel-release -y yum install certbot -y
生成证书(*.xxx.com为通配符域名)
certbot certonly --manual --force-renewal --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 -d "*.xxx.com,xxx.com" # 1.执行过程中输入邮箱 # 2.执行过程中输入A同意 # 3.执行过程中输入Y确认 # 4.执行过程中输入Y确认 # 5.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例 # 记录类型TXT # 主机记录_xxx-xxx.xxx.com # 解析线路默认 # 记录值xxx # TTL 10分钟 # 6.按下回车,提示成功! # 7.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例 # 记录类型TXT # 主机记录_xxx-xxx.xxx.com # 解析线路默认 # 记录值xxx # TTL 10分钟 # 8.按下回车,提示成功!
按照成功后的提示,记下证书文件的路径,提示信息类似如下
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/xxx.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/xxx.com/privkey.pem Your cert will expire on 2xxx-xx-xx. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le # 生成的文件放在: /etc/letsencrypt/live/xxx.com/fullchain.pem /etc/letsencrypt/live/xxx.com/privkey.pem # 该证书有效期90天,90天后再重复本步骤,续期90天
- 配置Web服务器并重载配置