安装EPEL源
yum -y install epel-release.noarch
安装cerbot的rpm包
yum -y install certbot
开始生成证书
certbot certonly --manual -d *.6666li.club
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Enter 'c' to cancel): ***.@**.com ---输入邮箱第一次启动出现
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: -------------------输入A第一次启动时出现
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: ----------------- -输入 Y or n 第一次启动时出现
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y ---------------- 输入Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.6666li.club with the following value:
8Irdbsr18mcZV5xZYAEo_pb0FlEY7IV42ElCXdQj8Ng
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
手动添加TXT记录 _acme-challenge 对应值为----8Irdbsr18mcZV5xZYAEo_pb0FlEY7IV42ElCXdQj8Ng
验证命令
dig txt _acme-challenge.6666li.club
输出如下
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> txt _acme-challenge.6666li.club
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1470
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;_acme-challenge.6666li.club. IN TXT
;; ANSWER SECTION:
_acme-challenge.6666li.club. 5 IN TXT "8Irdbsr18mcZV5xZYAEo_pb0FlEY7IV42ElCXdQj8Ng"
;; Query time: 55 msec
;; SERVER: 192.168.11.2#53(192.168.11.2)
;; WHEN: Mon May 20 10:30:06 CST 2019
;; MSG SIZE rcvd: 101
验证成功
接上步输入回车继续
Please deploy a DNS TXT record under the name
_acme-challenge.6666li.club with the following value:
8Irdbsr18mcZV5xZYAEo_pb0FlEY7IV42ElCXdQj8Ng
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
证书生成成功
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/6666li.club/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/6666li.club/privkey.pem
证书自动续订命令
certbot renew
HA证书生成
cat fullchain.pem privkey.pem > servername.pem