利用 certbot 申请 SSL 证书
- 运行
sudo certbot --manual --preferred-challenges dns certonly - 会弹出提示
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'大致是让你输入要申请整数的域名,
ctrl + c取消输入 - 当输入完域名之后,会提示
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o:大致是说,你的这台服务器的
ip会被记录用来申请了这个域名的证书我们输入
y来确认 - 我们确认完之后,
certbot会提示- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.你要申请证书的域名 with the following value: 随机字符串 Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue我们这个时候就需要到
DNS解析里面添加一条txt记录主机名为:
_acme-challenge.你要申请证书的记录值为:
随机生成的字符串 - 添加完毕之后等待半分钟到一分钟左右,以让
DNS广播 - 回到
ssh窗口键入回车以确认 - 稍等片刻
certbot会提示申请成功,并且给出证书的详细信息。
**最终证书目录位置为: /etc/letsencrypt/live/申请证书的域名/**