手动配置泛域名https
使用 certbot 在CentOS7下配置nginx支持泛域名https, 例如我们申请这个域名的泛域名证书
使用 certbot 在CentOS7下配置nginx支持泛域名https, 例如我们申请zqyu.com这个域名的泛域名证书
$ sudo yum install python2-certbot-nginx$ certbot certonly --manual -d zqyu.com -d *.zqyu.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory安装过程中出现错误
ImportError: No module named ‘requests.packages.urllib3’
更新软件即可
$ pip uninstall requests$ pip uninstall urllib3$ yum remove python-urllib3$ yum remove python-requests$ yum install python-urllib3$ yum install python-requests$ yum install certbot重新执行生成证书的命令,按照提示填写相对应的信息,在域名的解析中添加解析TXT记录
Please deploy a DNS TXT record under the name_acme-challenge.[你的域名] with the following value:
LAgFSE1_ML8l2T35GuyW1Iq-HZ8dncQUkxd131fZq3w[这一串是安装过程中生成的token]
Before continuing, verify the record is deployed.安装成功后提示如下
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/[你的域名]/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/[你的域名]/privkey.pem Your cert will expire on 2019-01-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-leserver { listen 80; server_name [你的域名]; return 301 https://$server_name$request_uri;}server { listen 443 ssl; server_name [你的域名]; ssl_certificate /etc/letsencrypt/live/[你的域名]/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/[你的域名]/privkey.pem; root [你的网站根目录];
location / { access_log off; }}重新加载nginx规则nginx -s reload即可
Let’s Encrypt 证书的有效期是90天,到期后需要重新安装
$ yum remove certbot python2-certbot-nginx$ yum autoremove