{"id":991,"date":"2024-06-01T13:43:20","date_gmt":"2024-06-01T05:43:20","guid":{"rendered":"https:\/\/www.dd-home.top\/?p=991"},"modified":"2024-08-27T10:48:34","modified_gmt":"2024-08-27T02:48:34","slug":"centos%e4%b8%8b%e4%bd%bf%e7%94%a8lets-encrypt%e3%80%81certbot%e9%85%8d%e7%bd%ae%e5%9f%9f%e5%90%8d%e8%af%81%e4%b9%a6","status":"publish","type":"post","link":"https:\/\/www.dd-home.top\/?p=991","title":{"rendered":"Centos\u4e0b\u4f7f\u7528Let\u2018s Encrypt\u3001Certbot\u914d\u7f6e\u57df\u540d\u8bc1\u4e66"},"content":{"rendered":"

<\/p>\n

# \u5b89\u88c5git<\/span><\/span>\r\nyum install git<\/span><\/span>\r\n\u200b<\/span>\r\n# \u8fdb\u5165\u7528\u6237\u76ee\u5f55<\/span><\/span>\r\ncd<\/span> ~<\/span>\r\n\u200b<\/span>\r\n# \u4e0b\u8f7dacme \u5b98\u65b9\u5730\u5740 https:\/\/gitee.com\/******\/acme.sh.git\uff08\u6211\u81ea\u5df1\u7684\uff09<\/span><\/span>\r\ngit<\/span> clone https:\/\/github.com\/acmesh-official\/acme.sh<\/span>\r\n\u200b<\/span>\r\ncd<\/span> acme.sh<\/span>\r\n\u200b<\/span>\r\n# \u521b\u5efa\u522b\u540d<\/span><\/span>\r\nalias acme.sh<\/span>=<\/span>~\/acme.sh\/acme.sh<\/span>\r\n\u200b<\/span>\r\n# \u6ce8\u518c\u8d26\u53f7 \u7528\u81ea\u5df1\u7684\u90ae\u7bb1<\/span><\/span>\r\n# zerossl https:\/\/zerossl.com\/<\/span><\/span>\r\nacme.sh --register-account<\/span> -m<\/span> example@mail.com --server<\/span> zerossl<\/span>\r\n\u200b<\/span>\r\n# \u4f1a\u8fd4\u56de\u8d26\u53f7\u6307\u7eb9 \u8fd4\u56de\u6570\u636e\u5982\u4e0b<\/span><\/span>\r\n[2024\u5e74 06<\/span>\u6708 01<\/span>\u65e5 \u661f\u671f\u516d 11<\/span>:21:10 CST] Create account key ok.<\/span>\r\n[2024\u5e74 06<\/span>\u6708 01<\/span>\u65e5 \u661f\u671f\u516d 11<\/span>:21:10 CST] No EAB credentials found for<\/span> ZeroSSL, let's get one<\/span><\/span>\r\n[2024\u5e74 06<\/span>\u6708 01<\/span>\u65e5 \u661f\u671f\u516d 11<\/span>:21:12 CST] Registering account: https:\/\/acme.zerossl.com\/v2\/DV90<\/span>\r\n[2024\u5e74 06<\/span>\u6708 01<\/span>\u65e5 \u661f\u671f\u516d 11<\/span>:21:16 CST] Registered<\/span>\r\n[2024\u5e74 06<\/span>\u6708 01<\/span>\u65e5 \u661f\u671f\u516d 11<\/span>:21:16 CST] ACCOUNT_THUMBPRINT<\/span>=<\/span>'*******************'<\/span><\/span>\r\n\u200b<\/span>\r\n# \u5b89\u88c5 epel<\/span><\/span>\r\nyum install epel-release<\/span>\r\n\u200b<\/span>\r\n# \u5b89\u88c5snapd<\/span><\/span>\r\nyum install snapd<\/span>\r\n\u200b<\/span>\r\n\u200b<\/span>\r\nsudo<\/span> systemctl enable --now<\/span> snapd.socket<\/span>\r\n\u200b<\/span>\r\n# \u521b\u5efa\u94fe\u63a5<\/span><\/span>\r\nsudo<\/span> ln<\/span> -s<\/span> \/var\/lib\/snapd\/snap \/snap<\/span>\r\n\u200b<\/span>\r\ncd<\/span> \/snap\/<\/span>\r\n\u200b<\/span>\r\nsudo<\/span> snap install core<\/span>\r\n\u200b<\/span>\r\nsudo<\/span> snap refresh core<\/span>\r\n\u200b<\/span>\r\nsudo<\/span> snap install --classic<\/span> certbot<\/span>\r\n\u200b<\/span>\r\nsudo<\/span> ln<\/span> -s<\/span> \/snap\/bin\/certbot \/usr\/bin\/certbot<\/span>\r\n\u200b<\/span>\r\ncertbot certificates<\/span>\r\n\u200b<\/span>\r\n# \u7533\u8bf7\u57df\u540d\u8bc1\u4e66\r\n<\/span><\/span># \u9700\u8981\u5728DNS\u4e2d\u914d\u7f6eTXT\u89e3\u6790\uff0c\u67e5\u770b\u8f93\u51fa \r\n# nslookup -type=txt _acme-challenge.example.com 8.8.8.8 \u67e5\u770b\u89e3\u6790\r\n# \u6ce8\u610f\u8fd4\u56de\u7684\u6570\u636e\u4fe1\u606f<\/span><\/span>\r\n#   Certificate is saved at: \/etc\/letsencrypt\/live\/xxx.xx\/fullchain.pem<\/span><\/span>\r\n#   Key is saved at: \u00a0 \u00a0 \u00a0 \u00a0 \/etc\/letsencrypt\/live\/xxx.xx\/privkey.pem<\/span><\/span>\r\n# \u6ce8\u610f\u914d\u7f6e\u5230nginx\u7684config\u4e2d<\/span><\/span>\r\n#   ssl_certificate \/etc\/letsencrypt\/live\/xxx.xx\/fullchain.pem;<\/span><\/span>\r\n#   ssl_certificate_key \/etc\/letsencrypt\/live\/xxx.xx\/privkey.pem;<\/span><\/span>\r\n#   \u901a\u8fc7 nginx -t \u6821\u9a8c\u914d\u7f6e<\/span><\/span>\r\n#   \u901a\u8fc7 nginx -s reload \u542f\u7528\u914d\u7f6e<\/span><\/span>\r\n\u200b<\/span>\r\ncertbot certonly --preferred-challenges<\/span> dns --manual<\/span> -d<\/span> *.***.***\uff08\u6cdb\u57df\u540d\uff09 -<\/span>***.***(\u4e3b\u57df\u540d) --server<\/span> https:\/\/acme-v02.api.letsencrypt.org\/directory<\/span>\r\n\u200b<\/span>\r\n# \u5f00\u542f\u81ea\u52a8\u66f4\u65b0<\/span><\/span>\r\necho<\/span> \"0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q --deploy-hook 'systemctl reload nginx'\"<\/span> | sudo<\/span> tee<\/span> -a<\/span> \/etc\/crontab > \/dev\/null<\/span>\r\n\u200b<\/span>\r\n# \u6216\u8005\u8fd9\u4e2a<\/span><\/span>\r\necho<\/span> 0<\/span> 0<\/span>,12 * * * python -c<\/span> 'import random; import time; time.sleep(random.random() * 3600)'<\/span> && certbot renew <\/span>\r\n\u200b<\/span>\r\n# \u67e5\u770b\u4efb\u52a1\u4fe1\u606f<\/span><\/span>\r\nsystemctl list-timers<\/span>\r\n\u200b\r\n# \u66f4\u65b0\r\ncertbot renew\r\n# \u9759\u9ed8\u66f4\u65b0 \r\ncertbot renew -q\r\n\r\n# \u66f4\u65b0\u5b8c\u6267\u884c\u811a\u672c\r\ncertbot renew -q --deploy-hook 'systemctl reload nginx'\r\n# \u624b\u52a8\u5f3a\u5236\u66f4\u65b0\r\ncertbot --force-renewal \r\n\r\n# \u67e5\u770b\u5df2\u7ecf\u751f\u6210\u7684\u8bc1\u4e66\uff08\u8bc1\u4e66\u540d\u79f0\u3001\u57df\u540d\u3001\u5230\u671f\u65f6\u95f4\u3001\u8bc1\u4e66\u8def\u5f84\uff09\r\ncertbot certificates\r\n\r\n# \u6ce8\u9500\u8bc1\u4e66\r\ncertbot revoke --cert-path \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\r\n\r\n# let's encrypt \u7684\u65e5\u5fd7\u8def\u5f84\r\n\/var\/log\/letsencrypt\r\n\r\n\r\n\/\/\u7b49\u5f85\u6574\u7406\r\ncertbot certonly --preferred-challenges dns --manual -d *.joylifeint.com -d joylifeint.com --key-type rsa --manual-auth-hook \"alidns\" --manual-cleanup-hook \"alidns clean\" --dry-run\r\n\r\n\/\/\u53c2\u8003\r\nhttps:\/\/github.com\/justjavac\/certbot-dns-aliyun?tab=readme-ov-file<\/span><\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,6],"tags":[],"class_list":["post-991","post","type-post","status-publish","format-standard","hentry","category-5","category-6"],"_links":{"self":[{"href":"https:\/\/www.dd-home.top\/index.php?rest_route=\/wp\/v2\/posts\/991","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dd-home.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dd-home.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dd-home.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dd-home.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=991"}],"version-history":[{"count":9,"href":"https:\/\/www.dd-home.top\/index.php?rest_route=\/wp\/v2\/posts\/991\/revisions"}],"predecessor-version":[{"id":1001,"href":"https:\/\/www.dd-home.top\/index.php?rest_route=\/wp\/v2\/posts\/991\/revisions\/1001"}],"wp:attachment":[{"href":"https:\/\/www.dd-home.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=991"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dd-home.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=991"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dd-home.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=991"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}