0 Let's Encrypt介绍
Let's Encrypt是一家免费、开放、自动化的证书颁发机构(CA),
为公众的利益而运行(由非盈利组织互联网安全研究小组(ISRG)运营)。

1 安装Let's Encrypt
git clone https://github.com/letsencrypt/letsencrypt

2 生成通配符证书
cd letsencrypt
或者 cd certbot
./certbot-auto certonly -d *.huchangyi.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
./certbot-auto certonly -d *.huchangyi.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

3 域名服务商新增DNS
配置一条 TXT 记录

4 证书续签
crontab -e
0 /12 certbot renew --quiet --renew-hook "/etc/init.d/nginx reload"

5 证书路径
/etc/letsencrypt/live/

6 nginx配置
ssl_certificate /etc/letsencrypt/live/huchangyi.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/huchangyi.com/privkey.pem;

7 取消证书
certbot revoke --cert-path /etc/letsencrypt/live/you.cn/cert.pem
certbot delete --cert-name huchangyi.com

标签: none

评论已关闭