Certbot 申请和续签 SSL 证书
Let's Encrypt 是当前最常用的免费
HTTPS
证书生成工具之一。该服务由非营利组织提供,致力于为全球范围内的网站提供便捷的自动化证书颁发服务。虽然 Let's Encrypt 证书的有效期只有90天,但是可以自动续期,这使得 Let's Encrypt 更加易于使用和部署。
Certbot 安装
在 Ubuntu/Debian 系统上安装 Certbot
apt update && apt install certbot -y
证书申请与续签
注意 *.uain.ccc
为你自己的域名,需要修改
certbot certonly -d *.uain.cc --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
填写信息
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): # 这里输入你的邮箱
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y # 输入 Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y # 输入 Y
Account registered.
Requesting a certificate for *.runoob.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
xxxxxxx.uain.ccc. # 这里需要设置域名解析,需要到域名后台填写信息,参考下图
with the following value:
aIwqY00CZtziVwr-xxxxxxxxxxxxxx # 这里是域名解析的内容,参考下图
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.runoob.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue # 参考下图设置完域名解析后,按回车就可以生成了,记住一定要先解析设置完成后再回车,然后生成的证书信息如下:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/uain.cc/fullchain.pem
Key is saved at: /etc/letsencrypt/live/uain.cc/privkey.pem
This certificate expires on 2024-12-21.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Let's Encrypt 颁发的证书有效期为 90 天,可以使用以下命令进行续签证书:
certbot certonly --force-renewal --manual -d '*.uain.cc' \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory
执行以上续签命令后,就会让我们更新下 DNS 解析记录:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.uain.cc
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.uain.cc.
with the following value:
ckxo1wGXbP1CtNQ3ZRfvHxxxxxx # 这里会显示你要更改的 DNS 解析记录值,设置好就可以完成更新了
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.jysahre.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -