系统: CentOS 7

https://certbot.eff.org/lets-encrypt/centosrhel7-nginx

  1. sudo yum install python2-certbot-dns-cloudflare

  2. yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

  3. sudo yum install certbot python2-certbot-nginx

  4. sudo yum install python2-certbot-dns-cloudflare

  5. 注册并添加域名: https://dash.cloudflare.com/login

  6. 添加路径和文件
    ~/.secrets/certbot/cloudflare.ini
    内容: 

    1
    2
    # Cloudflare API token used by Certbot
    dns_cloudflare_api_token = 你的api token

  7. chmod 600 ~/.secrets/certbot/cloudflare.ini

  8. certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d *.yinxianwei.com --email example@qq.com

  9. nginx配置泛域名解析

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    # /etc/nginx/conf.d/www.conf
    server {
        server_name  ~^(?<subdomain>.+)\.yinxianwei\.com$;
        root   /usr/share/nginx/$subdomain; 
        index  index.html index.htm index.php;
        fastcgi_intercept_errors on;
        error_page  404      = /404.html;
        location / {
                try_files $uri $uri/ =404;
       }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        location ~ /\.ht {
            deny  all;
        }
    }

  10. certbot run -a manual -i nginx -d *.yinxianwei.com

  11. 按照提示域名添加解析

    1
    2
    3
    记录类型: TXT
    主机记录: _acme-challenge
    记录值: 提示字符串

  12. 选择重定向https

  13. 自动更新:
    echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

    https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au

一个教程: https://www.willh.cn/articles/2018/07/27/1532676216270.html

https://certbot-dns-cloudflare.readthedocs.io/en/stable/