let’s encrypt 申请阿里云通配符证书

Posted on Posted in linux

let's encrypt 申请阿里云通配符证书

安装

根据 官网 https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx 安装软件

安装阿里云 dns 插件

pip3 install certbot-dns-aliyun alidns

申请阿里云dns管理账号密钥

https://ram.console.aliyun.com/users 申请一个用户,然后赋予 dns 管理权限

然后获取 keysecret,写到下面的配置中

申请 https 证书

  • certonly 只申请证书,不参与配置
  • -d liuhonghe.me -d "*.liuhonghe.me" 全域名
certbot certonly -a certbot-dns-aliyun:dns-aliyun -i nginx --certbot-dns-aliyun:dns-aliyun-credentials /usr/local/nginx/conf/cert/credentials.ini -d liuhonghe.me -d "*.liuhonghe.me" --server https://acme-v02.api.letsencrypt.org/directory

cat credentials.ini # 
certbot_dns_aliyun:dns_aliyun_access_key = xxxxxxxxxxxxxxxx
certbot_dns_aliyun:dns_aliyun_access_key_secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

更新域名

通配符域名,只有3个月时间,所以需要定期更新域名

certbot renew

localhost 申请 https 域名证书

https://letsencrypt.org/docs/certificates-for-localhost/

openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Leave a Reply

Your email address will not be published. Required fields are marked *

11 + eighteen =