1. 安裝CertBot

$ sudo yum install certbot python2-certbot-nginx

參考官方網址：https://certbot.eff.org/lets-encrypt/centosrhel7-nginx

2. 手動模式

2.1 輸入命令：

$ certbot certonly --preferred-challenges dns --manual  -d *.cncaq.com --server https://acme-v02.api.letsencrypt.org/directory

參數說明：

--preferred-challenges dns: 認證方式選擇DNS, 泛域名支持DNS
--manual: 手動模式, 這里為了簡單就使用手動認證了, 下面會說自動模式的使用.
-d *.cncaq.com: 就是要申請的泛域名了
--server https://acme-v02.api.letsencrypt.org/directory: 泛域名證書是新功能, 如果要使用就得加上這個參數

如果出現下列錯誤：

ImportError: cannot import name UnrewindableBodyError
pkg_resources.DistributionNotFound: The 'urllib3<1.23,>=1.21.1' distribution was not found and is required by requests
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.

則需要執行下列命令(參考https://github.com/certbot/certbot/issues/5534)：

pip install --upgrade --force-reinstall 'requests==2.6.0'

2.2 敲下回車：

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: y

2.3 再敲下y：

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.cncaq.com with the following value:

W2Z_PT1RQX8usavprZ1ly43Je2ayst3ShIBxpgicdEA

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------

2.4 在阿里雲控制台的域名解析服務中添加一個泛解析：

2.5 按下回車

Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/cncaq.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/cncaq.com/privkey.pem
   Your cert will expire on 2020-07-16. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

https://www.jianshu.com/p/1eb7060c5ede
https://blog.csdn.net/wc810267705/article/details/79917688
https://www.jianshu.com/p/43e74cddba45
https://www.jianshu.com/p/2c1de124d994

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 使用 certbot 申請泛域名https證書使用 certbot 申請泛域名https證書使用certbot申請泛域名證書用certbot申請Let's Encrypt泛域名證書 certbot-auto棄用后, 怎么繼續用certbot申請泛域名證書 Certbot 申請 Let's Encrypt 泛域名證書用於Windows IIS 使用 Certbot 自動申請並續訂阿里雲 DNS 免費泛域名證書 ubuntu certbot 生成免費泛域名證書 acme.sh申請免費SSL證書，泛域名證書，多域名證書域名綁定服務器——從域名注冊到使用certbot調用Cloudflare api申請SSL證書