letsencrypt免费证书申请

letsencrypt免费证书的有效期是90天,到期后重新签发证书

letsencrypt免费证书介绍

Let's Encrypt 是一个非营利性的证书颁发机构(Certificate Authority, CA),由互联网安全研究组(ISRG)运作,旨在通过提供免费的SSL/TLS证书来普及互联网加密连接。

证书申请

certbot工具安装

root@master:~# apt install -y certbot

certbot工具申请证书

  • 申请HTTPS证书时会涉及到域名的校验,在操作过程中,需要按提示去添加解析值来进行校验
root@master:~# certbot certonly  -d *.xxx.xxx --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for *.xxx.xxx

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.xxx.xxx.

with the following value:

H1k6_YOnFJryj-j-7Gf56SUQxHYLmn7Q6SgGRQs9B3c

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.seclabs.top.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/xxx.xxx/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/xxx.xxx/privkey.pem
This certificate expires on 2025-01-06.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@master:~#
  • DNS解析值

$ nslookup -type=txt _acme-challenge.xxx.xxx
Non-authoritative answer:
Server:  public1.114dns.com
Address:  114.114.114.114

_acme-challenge.xxx.xxx     text =

        "H1k6_YOnFJryj-j-7Gf56SUQxHYLmn7Q6SgGRQs9B3c"

证书存放的位置

root@master:/etc/letsencrypt/archive/xxx.xxx# tree
.
├── cert1.pem
├── chain1.pem
├── fullchain1.pem
└── privkey1.pem

0 directories, 4 files
root@master:/etc/letsencrypt/archive/xxx.xxx#
posted @ 2024-11-28 13:24  二乘八是十六  阅读(19)  评论(0编辑  收藏  举报