系统: CentOS 7
https://certbot.eff.org/lets-encrypt/centosrhel7-nginx
-
sudo yum install python2-certbot-dns-cloudflare
-
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-
sudo yum install certbot python2-certbot-nginx
-
sudo yum install python2-certbot-dns-cloudflare
-
注册并添加域名: https://dash.cloudflare.com/login
-
添加路径和文件
~/.secrets/certbot/cloudflare.ini
内容:# Cloudflare API token used by Certbot dns_cloudflare_api_token = 你的api token
-
chmod 600 ~/.secrets/certbot/cloudflare.ini
-
certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d *.yinxianwei.com --email example@qq.com
-
nginx配置泛域名解析
# /etc/nginx/conf.d/www.conf server { server_name ~^(?<subdomain>.+)\.yinxianwei\.com$; root /usr/share/nginx/$subdomain; index index.html index.htm index.php; fastcgi_intercept_errors on; error_page 404 = /404.html; location / { try_files $uri $uri/ =404; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location ~ /\.ht { deny all; } }
-
certbot run -a manual -i nginx -d *.yinxianwei.com
-
按照提示域名添加解析
记录类型: TXT 主机记录: _acme-challenge 记录值: 提示字符串
-
选择重定向https
-
自动更新:
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
一个教程: https://www.willh.cn/articles/2018/07/27/1532676216270.html