-
Notifications
You must be signed in to change notification settings - Fork 2
Let's Encrypt泛域名ssl证书
Xiaoshi Xu edited this page Sep 10, 2018
·
15 revisions
/usr/local/script/ssl/certbot-auto certonly -d *.eefocus.com -d *.moore8.com -d *.eeboard.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
--manual交互式获取,--preferred-challenges dns使用DNS验证的方式(泛域名只能使用DNS验证),--server指明支持acme-v02的Server地址,默认是acme-v01的地址。
按照要求输入邮箱,同意协议,当看到下面信息:
------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.moore8.com with the following value:
JHkwGFgXq3OgedI-4RU1X0EcFUz7cxIPN7r1Qyw5JTw
Before continuing, verify the record is deployed.
------------------------------------------------------------
这一步到dnspod 找到moore8增加一条txt
_acme-challenge TXT 默认 JHkwGFgXq3OgedI-4RU1X0EcFUz7cxIPN7r1Qyw5JTw
Press Enter to Continue
重复把eeboard 增加到dnspod中
-
证书续约
- ./certbot-auto renew
-
在原有证书上新增域名
- eefocus.com 是原有域名,一下命令代表将 *.cirmall.com 和 cirmall.com 加到原有域名证书下。根域名不能忘。
- 注意!需要将所有域名都列出,这个命令会提示你正在添加或删除哪些域名。
/usr/local/script/ssl/certbot-auto certonly --cert-name eefocus.com --expand -d *.cirmall.com,*.cndzz.com,*.datasheet5.com,*.ecbcamp.com,*.eeboard.com,*.eefocus.com,*.eehub.cn,*.moore8.com,*.openhw.com,*.semidata.info,*.stepfpga.com,cirmall.com,cndzz.com,datasheet5.com,ecbcamp.com,eeboard.com,eefocus.com,eehub.cn,moore8.com,openhw.com,semidata.info,stepfpga.com,eefcdn.com,*.eefcdn.com,stmcu.org.cn,*.stmcu.org.cn,global.stats.eefocus.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
- 到dnspod里添加记录,做dns认证。参见前面一部分。
- 将旧证书备份,将新证书放入指定目录。参见入口cron
crontab -l
cat /usr/local/script/ssl/update_ssl.sh