zoukankan      html  css  js  c++  java
  • letsencrypt免费https泛域名(*.yourdomain.com)证书申请

    安装环境CentOS
    *.example.com形式的域名即为泛域名,不通的子域名共用一个证书,省去多次申请的烦恼

    1. 工具安装
    安装最新的certbot
    sudo yum install -y certbot
    已安装cerbot,需升级至高版本
    sudo yum update -y certbot

    2. 证书申请
    将*.yourdomain.com 替换成你的泛域名
    运行命令:

    [root@host src]# sudo  ./certbot-auto certonly  -d *.domain --email main@domain --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory 
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator manual, Installer None
    Enter email address (used for urgent renewal and security notices) (Enter 'c' to
    cancel): xxx@163.com
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Please read the Terms of Service at
    https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
    agree in order to register with the ACME server at
    https://acme-v02.api.letsencrypt.org/directory
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    (A)gree/(C)ancel: A
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Would you be willing to share your email address with the Electronic Frontier
    Foundation, a founding partner of the Let's Encrypt project and the non-profit
    organization that develops Certbot? We'd like to send you email about our work
    encrypting the web, EFF news, campaigns, and ways to support digital freedom.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    (Y)es/(N)o: Y
    
    Obtaining a new certificate
    Performing the following challenges:
    dns-01 challenge for archerwong.cn
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NOTE: The IP of this machine will be publicly logged as having requested this
    certificate. If you're running certbot in manual mode on a machine that is not
    your server, please ensure you're okay with that.
    
    Are you OK with your IP being logged?
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    (Y)es/(N)o: (Y)es/(N)o: Y
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Please deploy a DNS TXT record under the name
    _acme-challenge.archerwong.cn with the following value:
    
    apQPzp-NYZ0md_D_2_fKr465Il3dDbdR_BlOSOJTYAo
    
    Before continuing, verify the record is deployed.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Press Enter to Continue

    出现以下内容后,请在阿里云云解析中添加一条TXT解析记录

    Please deploy a DNS TXT record under the name
    _acme-challenge.yourdomain.com with the following value: 
    
    xxxxx  
    
    Before continuing, verify the record is deployed.

    配置nginx

    server {
    
        listen 443 ssl;
    
        server_name www.domain.com domain.com;
    
        ssl on;
    
        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
    
        ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
    
        ssl_session_timeout 5m;
    
        ssl_protocols SSLv3 TLSv1;
    
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    
        ssl_prefer_server_ciphers on;
    
        location / {
    
            proxy_pass http://127.0.0.1:8090;
    
            proxy_set_header Host $host;
    
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    
        }
    
    }
  • 相关阅读:
    用protobuf编译时报错:protoc: error while loading shared libraries: libprotoc.so.9: cannot open shared object file: No such file or directory 的解决方法
    编译dubbo2.5.4时遇到的问题及解决
    在ubuntu16.04 下安装haproxy 1.5.11 做tcp负载均衡
    [原创] zabbix学习之旅七:如何远程操作被监控机器
    [原创] zabbix学习之旅五:如何快速搭建一个报警系统
    [原创] zabbix学习之旅四:mail客户端安装
    [原创] zabbix学习之旅三:agent安装
    [原创] zabbix学习之旅二:yum安装
    scipy 中关于排列组合的函数
    极大似然估计 (二)
  • 原文地址:https://www.cnblogs.com/enumx/p/12304295.html
Copyright © 2011-2022 走看看