certbot
nginx配置
location /.well-known {
alias /var/www/dd.aq2.cn/.well-known;
}
或者nginx配置
location ~ "^/\.well-known/acme-challenge/(.*)$" {
default_type text/plain;
return 200 "$1.IL3bE2eqHDs1k0Lmxm63CXpLvzmosMuUDIywEIBTPnG";
}
采用
certbot certonly --text --agree-tos --email webmaster@excample.com --standalone -d dd.aq2.cn
采用DNS手动认证
certbot certonly --manual -d dd.aq2.cn --agree-tos --no-bootstrap --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
采用webroot认证
certbot certonly --text --agree-tos --email webmaster@excample.com --webroot -w /var/www/dd.aq2.cn -d dd.aq2.cn
重新签发证书
certbot renew
泛域名签发证书
certbot certonly --preferred-challenges dns --manual -d *.aq2.cn -d aq2.cn --server https://acme-v02.api.letsencrypt.org/directory
重新签发证书自动重启nginx,编辑certbot-post-hook.sh
#!/bin/sh
systemctl restart nginx.service
给权限
chmod 500 /root/certbot-post-hook.sh
chown root:root /root/certbot-post-hook.sh
创建 cronjob 文件 /etc/cron.d/certbot 内容如下
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 3 * * * root perl -e 'sleep int(rand(3600))' && certbot-auto -q renew --post-hook "/root/certbot-post-hook.sh"
请登录之后再进行评论