安装前的准备
- 原文地址https://note.so1234.top
-
查看python版本(要求版本大于2.7.0)
python -V - 如果python版本低于2.7.0建议不要随意更新python,会影响yum的正常使用
-
安装库支持
yum install yum-utils -y yum-config-manager \ --enable \ rhui-REGION-rhel-server-extras \ rhui-REGION-rhel-server-optional \ -
安装certbot-nginx
cd /root wget https://dl.eff.org/certbot-auto cp /root/certbot-auto /usr/local/bin/ chmod -R 755 /usr/local/bin/certbot-auto -
生成证书(*.xxx.com为通配符域名)
certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d "*.xxx.com" -d "xxx.com" --manual --preferred-challenges dns-01 certonly # 1.执行过程中输入邮箱 # 2.执行过程中输入A同意 # 3.执行过程中输入Y确认 # 4.执行过程中输入Y确认 # 5.执行过程中添加DNS的TXT解析记录,以阿里云DNS为例 # 1.记录类型TXT # 1.主机记录_xxx-xxx.xxx.com # 1.解析线路默认 # 1.记录值xxxxxx # 1.TTL 10分钟 # 6.按下回车,提示成功! -
按照成功后的提示,记下证书文件的路径,提示信息类似如下
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/xxx.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/xxx.com/privkey.pem Your cert will expire on 2xxx-xx-xx. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le # 生成的文件放在: /etc/letsencrypt/live/xxx.com/fullchain.pem /etc/letsencrypt/live/xxx.com/privkey.pem # 该证书到期的时间是 2xxx-xx-xx # 所以要设置自动更新证书 -
自动更新
# 测试是否支持自动更新 certbot-auto renew --dry-run # 使用自动更新 certbot-auto renew # 在crontab配置:每5天尝试自动更新(频率小于90天即可) crontab -e 0 0 */5 * * root -c certbot-auto renew ESC :wq - 配置nginx
- 完成
- 领支付宝红包支持作者