Apr
26
一般情况下使用certbot来申请证书,但使用动态域名的时候,不能使用80和443端口.所以一直没有申请下来.
只能使用aliyun或者腾讯云的证书来申请.
但这样每年处理一下.而且时间长了.也不一定记得去更换.就算记得更新的过程也是挺麻烦的.
最好能像阿里那样使用dns来验证域名这样就可以一劳永逸了.
acme.sh可以使用创建泛域名的证书
curl https://get.acme.sh | sh -s email=tim@atim.cn
source ~/.bashrc
acme.sh --issue --dns -d *.ddns.atim.cn --yes-I-know-dns-manual-mode-enough-go-ahead-please
到这里出会报错,提示找不到dns定义的txt值.
[Mon 26 Apr 2021 10:29:11 PM CST] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon 26 Apr 2021 10:29:11 PM CST] Creating domain key
[Mon 26 Apr 2021 10:29:11 PM CST] The domain key is here: /root/.acme.sh/a.alpicool.com/ddns.atim.cnkey
[Mon 26 Apr 2021 10:29:11 PM CST] Single domain='ddns.atim.cn'
[Mon 26 Apr 2021 10:29:11 PM CST] Getting domain auth token for each domain
[Mon 26 Apr 2021 10:29:14 PM CST] Getting webroot for domain='ddns.atim.cn'
[Mon 26 Apr 2021 10:29:14 PM CST] Add the following TXT record:
[Mon 26 Apr 2021 10:29:14 PM CST] Domain: '_acme-challenge.ddns.atim.cn'
[Mon 26 Apr 2021 10:29:14 PM CST] TXT value: 'xxxxxxxxxxx'
[Mon 26 Apr 2021 10:29:14 PM CST] Please be aware that you prepend _acme-challenge. before your domain
[Mon 26 Apr 2021 10:29:14 PM CST] so the resulting subdomain will be: _acme-challenge.ddns.atim.cn
[Mon 26 Apr 2021 10:29:14 PM CST] Please add the TXT records to the domains, and re-run with --renew.
[Mon 26 Apr 2021 10:29:14 PM CST] Please add '--debug' or '--log' to check more details.
[Mon 26 Apr 2021 10:29:14 PM CST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
然后手动到域名里添加域名记录:
域名为:_acme-challenge.ddns.atim.cn
值为:xxxxxxxxxxx
添加完成后重新验证
acme.sh --renew --dns -d *.ddns.atim.cn
然后把对nginx或者apache里配置证书.就可以正常使用,可以参考<使用certbot自动生成证书>
只能使用aliyun或者腾讯云的证书来申请.
但这样每年处理一下.而且时间长了.也不一定记得去更换.就算记得更新的过程也是挺麻烦的.
最好能像阿里那样使用dns来验证域名这样就可以一劳永逸了.
acme.sh可以使用创建泛域名的证书
curl https://get.acme.sh | sh -s email=tim@atim.cn
source ~/.bashrc
acme.sh --issue --dns -d *.ddns.atim.cn --yes-I-know-dns-manual-mode-enough-go-ahead-please
到这里出会报错,提示找不到dns定义的txt值.
[Mon 26 Apr 2021 10:29:11 PM CST] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon 26 Apr 2021 10:29:11 PM CST] Creating domain key
[Mon 26 Apr 2021 10:29:11 PM CST] The domain key is here: /root/.acme.sh/a.alpicool.com/ddns.atim.cnkey
[Mon 26 Apr 2021 10:29:11 PM CST] Single domain='ddns.atim.cn'
[Mon 26 Apr 2021 10:29:11 PM CST] Getting domain auth token for each domain
[Mon 26 Apr 2021 10:29:14 PM CST] Getting webroot for domain='ddns.atim.cn'
[Mon 26 Apr 2021 10:29:14 PM CST] Add the following TXT record:
[Mon 26 Apr 2021 10:29:14 PM CST] Domain: '_acme-challenge.ddns.atim.cn'
[Mon 26 Apr 2021 10:29:14 PM CST] TXT value: 'xxxxxxxxxxx'
[Mon 26 Apr 2021 10:29:14 PM CST] Please be aware that you prepend _acme-challenge. before your domain
[Mon 26 Apr 2021 10:29:14 PM CST] so the resulting subdomain will be: _acme-challenge.ddns.atim.cn
[Mon 26 Apr 2021 10:29:14 PM CST] Please add the TXT records to the domains, and re-run with --renew.
[Mon 26 Apr 2021 10:29:14 PM CST] Please add '--debug' or '--log' to check more details.
[Mon 26 Apr 2021 10:29:14 PM CST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
然后手动到域名里添加域名记录:
域名为:_acme-challenge.ddns.atim.cn
值为:xxxxxxxxxxx
添加完成后重新验证
acme.sh --renew --dns -d *.ddns.atim.cn
然后把对nginx或者apache里配置证书.就可以正常使用,可以参考<使用certbot自动生成证书>