HA
/
hexo-blog-deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
hexo-blog-deploy/2022/12/20/通过certbot+nginx申请泛域名证书/index.html

16 lines
42 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="zh-CN"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="theme-color" content="#222"><meta name="generator" content="Hexo 5.4.2"><link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png"><link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png"><link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png"><link rel="mask-icon" href="/images/logo.svg" color="#222"><link rel="stylesheet" href="/css/main.css"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css" integrity="sha256-HtsXJanqjKTc8vVQjO4YMhiqFoXkfBsjBWcX91T1jr8=" crossorigin="anonymous"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.1.1/animate.min.css" integrity="sha256-PR7ttpcvz8qrF57fur/yAx1qXMFJeJFiA6pSzWi0OIE=" crossorigin="anonymous"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.css" integrity="sha256-Vzbj7sDDS/woiFS3uNKo8eIuni59rjyNGtXfstRzStA=" crossorigin="anonymous"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/pace/1.2.4/themes/blue/pace-theme-minimal.css"><script src="https://cdnjs.cloudflare.com/ajax/libs/pace/1.2.4/pace.min.js" integrity="sha256-gqd7YTjg/BtfqWSwsJOvndl0Bxc8gFImLEkXQT8+qj0=" crossorigin="anonymous"></script><script class="next-config" data-name="main" type="application/json">{"hostname":"kiki.kim","root":"/","images":"/images","scheme":"Gemini","darkmode":false,"version":"8.15.1","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12},"copycode":{"enable":true,"style":"flat"},"bookmark":{"enable":false,"color":"#222","save":"auto"},"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"stickytabs":false,"motion":{"enable":true,"async":false,"transition":{"menu_item":"fadeInDown","post_block":"fadeIn","post_header":"fadeInDown","post_body":"fadeInDown","coll_header":"fadeInLeft","sidebar":"fadeInUp"}},"prism":false,"i18n":{"placeholder":"搜索...","empty":"没有找到任何搜索结果:${query}","hits_time":"找到 ${hits} 个搜索结果(用时 ${time} 毫秒)","hits":"找到 ${hits} 个搜索结果"},"path":"/search.xml","localsearch":{"enable":true,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false}}</script><script src="/js/config.js"></script><meta name="description" content="之前博客一直都是都使用的http协议主要是访问量一直都不大最主要的还是懒得去折腾证书最近趁着有点空闲搞一下。"><meta property="og:type" content="article"><meta property="og:title" content="通过certbot+nginx申请泛域名证书"><meta property="og:url" content="http://kiki.kim/2022/12/20/%E9%80%9A%E8%BF%87certbot+nginx%E7%94%B3%E8%AF%B7%E6%B3%9B%E5%9F%9F%E5%90%8D%E8%AF%81%E4%B9%A6/index.html"><meta property="og:site_name" content="随言碎语"><meta property="og:description" content="之前博客一直都是都使用的http协议主要是访问量一直都不大最主要的还是懒得去折腾证书最近趁着有点空闲搞一下。"><meta property="og:locale" content="zh_CN"><meta property="article:published_time" content="2022-12-20T11:56:34.000Z"><meta property="article:modified_time" content="2023-04-27T09:49:41.611Z"><meta property="article:author" content="小梦同学的blog"><meta property="article:tag" content="Linux"><meta property="article:tag" content="nginx"><meta property="article:tag" content="certbot"><meta name="twitter:card" content="summary"><link rel="canonical" href="http://kiki.kim/2022/12/20/%E9%80%9A%E8%BF%87certbot+nginx%E7%94%B3%E8%AF%B7%E6%B3%9B%E5%9F%9F%E5%90%8D%E8%AF%81%E4%B9%A6/"><script class="next-config" data-name="page" type="application/json">{"sidebar":"","isHome":false,"isPost":true,"lang":"zh-CN","comments":true,"permalink":"http://kiki.kim/2022/12/20/%E9%80%9A%E8%BF%87certbot+nginx%E7%94%B3%E8%AF%B7%E6%B3%9B%E5%9F%9F%E5%90%8D%E8%AF%81%E4%B9%A6/","path":"2022/12/20/通过certbot+nginx申请泛域名证书/","title":"通过certbot+nginx申请泛域名证书"}</script><script class="next-config" data-name="calendar" type="application/json">""</script><title>通过certbot+nginx申请泛域名证书 | 随言碎语</title><noscript><link rel="stylesheet" href="/css/noscript.css"></noscript><link rel="alternate" href="/atom.xml" title="随言碎语" type="application/atom+xml"><style>.darkmode--activated{--body-bg-color:#282828;--content-bg-color:#333;--card-bg-color:#555;--text-color:#ccc;--blockquote-color:#bbb;--link-color:#ccc;--link-hover-color:#eee;--brand-color:#ddd;--brand-hover-color:#ddd;--table-row-odd-bg-color:#282828;--table-row-hover-bg-color:#363636;--menu-item-bg-color:#555;--btn-default-bg:#222;--btn-default-color:#ccc;--btn-default-border-color:#555;--btn-default-hover-bg:#666;--btn-default-hover-color:#ccc;--btn-default-hover-border-color:#666;--highlight-background:#282b2e;--highlight-foreground:#a9b7c6;--highlight-gutter-background:#34393d;--highlight-gutter-foreground:#9ca9b6}.darkmode--activated img{opacity:.75}.darkmode--activated img:hover{opacity:.9}.darkmode--activated code{color:#69dbdc;background:0 0}button.darkmode-toggle{z-index:9999}.darkmode-ignore,img{display:flex!important}.beian img{display:inline-block!important}</style></head><body itemscope itemtype="http://schema.org/WebPage" class="use-motion"><div class="headband"></div><main class="main"><div class="column"><header class="header" itemscope itemtype="http://schema.org/WPHeader"><div class="site-brand-container"><div class="site-nav-toggle"><div class="toggle" aria-label="切换导航栏" role="button"><span class="toggle-line"></span> <span class="toggle-line"></span> <span class="toggle-line"></span></div></div><div class="site-meta"><a href="/" class="brand" rel="start"><i class="logo-line"></i><p class="site-title">随言碎语</p><i class="logo-line"></i></a><p class="site-subtitle" itemprop="description">咕叽咕叽</p></div><div class="site-nav-right"><div class="toggle popup-trigger" aria-label="搜索" role="button"><i class="fa fa-search fa-fw fa-lg"></i></div></div></div><nav class="site-nav"><ul class="main-menu menu"><li class="menu-item menu-item-home"><a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a></li><li class="menu-item menu-item-tags"><a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签<span class="badge">46</span></a></li><li class="menu-item menu-item-archives"><a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档<span class="badge">32</span></a></li><li class="menu-item menu-item-about"><a href="/about/" rel="section"><i class="fa fa-user fa-fw"></i>关于</a></li><li class="menu-item menu-item-guestbook"><a href="/guestbook/" rel="section"><i class="fa fa-book fa-fw"></i>留言板</a></li><li class="menu-item menu-item-search"><a role="button" class="popup-trigger"><i class="fa fa-search fa-fw"></i>搜索</a></li></ul></nav><div class="search-pop-overlay"><div class="popup search-popup"><div class="search-header"><span class="search-icon"><i class="fa fa-search"></i></span><div class="search-input-container"><input autocomplete="off" autocapitalize="off" maxlength="80" placeholder="搜索..." spellcheck="false" type="search" class="search-input"></div><span class="popup-btn-close" role="button"><i class="fa fa-times-circle"></i></span></div><div class="search-result-container no-result"><div class="search-result-icon"><i class="fa fa-spinner fa-pulse fa-5x"></i></div></div></div></div></header><aside class="sidebar"><div class="sidebar-inner sidebar-nav-active sidebar-toc-active"><ul class="sidebar-nav"><li class="sidebar-nav-toc">文章目录</li><li class="sidebar-nav-overview">站点概览</li></ul><div class="sidebar-panel-container"><div class="post-toc-wrap sidebar-panel"><div class="post-toc animated"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#1-%E5%87%86%E5%A4%87%E7%8E%AF%E5%A2%83"><span class="nav-number">1.</span> <span class="nav-text">1.准备环境</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#2-%E5%AE%89%E8%A3%85nginx"><span class="nav-number">2.</span> <span class="nav-text">2.安装nginx</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E9%97%AE%E9%A2%98"><span class="nav-number">3.</span> <span class="nav-text">问题</span></a></li></ol></div></div><div class="site-overview-wrap sidebar-panel"><div class="site-author animated" itemprop="author" itemscope itemtype="http://schema.org/Person"><img class="site-author-image" itemprop="image" alt="小梦同学的blog" src="https://halliday.oss-cn-nanjing.aliyuncs.com/imagesbjx.png"><p class="site-author-name" itemprop="name">小梦同学的blog</p><div class="site-description" itemprop="description">欲买桂花同载酒,终不似,少年游。</div></div><div class="site-state-wrap animated"><nav class="site-state"><div class="site-state-item site-state-posts"><a href="/archives/"><span class="site-state-item-count">32</span> <span class="site-state-item-name">日志</span></a></div><div class="site-state-item site-state-tags"><a href="/tags/"><span class="site-state-item-count">46</span> <span class="site-state-item-name">标签</span></a></div></nav></div><div class="links-of-author animated"><span class="links-of-author-item"><a href="https://github.com/M-HALLIDAY" title="GitHub → https:&#x2F;&#x2F;github.com&#x2F;M-HALLIDAY" rel="noopener me" target="_blank"><i class="fab fa-github fa-fw"></i></a> </span><span class="links-of-author-item"><a href="mailto:halliday2023@163.com" title="E-Mail → mailto:halliday2023@163.com" rel="noopener me" target="_blank"><i class="fa fa-envelope fa-fw"></i></a> </span><span class="links-of-author-item"><a href="/atom.xml" title="RSS → &#x2F;atom.xml" rel="noopener me"><i class="fa fa-rss fa-fw"></i></a></span></div><div class="cc-license animated" itemprop="license"><a href="https://creativecommons.org/licenses/by-nc-sa/4.0/zh-CN" class="cc-opacity" rel="noopener" target="_blank"><img src="https://cdnjs.cloudflare.com/ajax/libs/creativecommons-vocabulary/2020.11.3/assets/license_badges/small/by_nc_sa.svg" alt="Creative Commons"></a></div></div></div></div><div class="sidebar-inner sidebar-blogroll"><div class="links-of-blogroll animated"><div class="links-of-blogroll-title"><i class="fa fa-globe fa-fw"></i> 链接</div><ul class="links-of-blogroll-list"><li class="links-of-blogroll-item"><a href="https://laosu.ml/" title="https:&#x2F;&#x2F;laosu.ml&#x2F;" rel="noopener" target="_blank">老苏的blog</a></li></ul></div></div></aside></div><div class="main-inner post posts-expand"><div class="post-block"><article itemscope itemtype="http://schema.org/Article" class="post-content" lang="zh-CN"><link itemprop="mainEntityOfPage" href="http://kiki.kim/2022/12/20/%E9%80%9A%E8%BF%87certbot+nginx%E7%94%B3%E8%AF%B7%E6%B3%9B%E5%9F%9F%E5%90%8D%E8%AF%81%E4%B9%A6/"><span hidden itemprop="author" itemscope itemtype="http://schema.org/Person"><meta itemprop="image" content="https://halliday.oss-cn-nanjing.aliyuncs.com/imagesbjx.png"><meta itemprop="name" content="小梦同学的blog"></span><span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization"><meta itemprop="name" content="随言碎语"><meta itemprop="description" content="欲买桂花同载酒,终不似,少年游。"></span><span hidden itemprop="post" itemscope itemtype="http://schema.org/CreativeWork"><meta itemprop="name" content="通过certbot+nginx申请泛域名证书 | 随言碎语"><meta itemprop="description" content=""></span><header class="post-header"><h1 class="post-title" itemprop="name headline">通过certbot+nginx申请泛域名证书</h1><div class="post-meta-container"><div class="post-meta"><span class="post-meta-item"><span class="post-meta-item-icon"><i class="far fa-calendar"></i> </span><span class="post-meta-item-text">发表于</span> <time title="创建时间2022-12-20 19:56:34" itemprop="dateCreated datePublished" datetime="2022-12-20T19:56:34+08:00">2022-12-20</time> </span><span class="post-meta-item"><span class="post-meta-item-icon"><i class="far fa-calendar-check"></i> </span><span class="post-meta-item-text">更新于</span> <time title="修改时间2023-04-27 17:49:41" itemprop="dateModified" datetime="2023-04-27T17:49:41+08:00">2023-04-27</time> </span><span class="post-meta-item" title="阅读次数" id="busuanzi_container_page_pv"><span class="post-meta-item-icon"><i class="far fa-eye"></i> </span><span class="post-meta-item-text">阅读次数:</span> <span id="busuanzi_value_page_pv"></span> </span><span class="post-meta-break"></span> <span class="post-meta-item" title="本文字数"><span class="post-meta-item-icon"><i class="far fa-file-word"></i> </span><span class="post-meta-item-text">本文字数:</span> <span>6.5k</span> </span><span class="post-meta-item" title="阅读时长"><span class="post-meta-item-icon"><i class="far fa-clock"></i> </span><span class="post-meta-item-text">阅读时长 &asymp;</span> <span>12 分钟</span></span></div></div></header><div class="post-body" itemprop="articleBody"><p>之前博客一直都是都使用的http协议主要是访问量一直都不大最主要的还是懒得去折腾证书最近趁着有点空闲搞一下。</p><span id="more"></span><h2 id="1-准备环境"><a href="#1-准备环境" class="headerlink" title="1.准备环境"></a>1.准备环境</h2><ul><li>cenotos 7</li><li>certbot</li><li>nginx</li><li><a target="_blank" rel="noopener" href="https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au">certbot-letencrypt-wildcardcertificates-alydns-au</a></li></ul><h2 id="2-安装nginx"><a href="#2-安装nginx" class="headerlink" title="2.安装nginx"></a>2.安装nginx</h2><ol><li><p>直接使用yum来安装</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 opt]# yum install nginx</span><br></pre></td></tr></table></figure></li><li><p>配置代理</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">使用 vim 创建 demo.conf</span></span><br><span class="line">[root@c7-docker-1 opt]# vim /etc/nginx/conf.d/demo.conf</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">创建以下内容</span></span><br><span class="line">server &#123;</span><br><span class="line"> listen 80;</span><br><span class="line"></span><br><span class="line"> server_name example.com; #你的域名</span><br><span class="line"></span><br><span class="line"> location / &#123;</span><br><span class="line"> proxy_set_header HOST $host;</span><br><span class="line"> proxy_set_header X-Forwarded-Proto $scheme;</span><br><span class="line"> proxy_set_header X-Real-IP $remote_addr;</span><br><span class="line"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</span><br><span class="line"></span><br><span class="line"> proxy_pass http://127.0.0.1:1000/; #你的服务地址,随便找个本地的服务,能够访问就行</span><br><span class="line"> &#125;</span><br><span class="line">&#125;</span><br><span class="line"></span><br></pre></td></tr></table></figure></li><li><p>重启服并确认访问域名能到代理到你本地</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 opt]# systemctl start nginx.service</span><br><span class="line"> </span><br><span class="line"> 浏览器访问 example.com 确定能访问到本地对应的服务</span><br></pre></td></tr></table></figure></li><li><p>安装cerbot及其相关工具</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 opt]# yum install vim certbot python2-certbot-nginx -y</span><br></pre></td></tr></table></figure></li><li><p>下载<code>certbot-letencrypt-wildcardcertificates-alydns-au</code></p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 opt]# cd /opt/</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">git <span class="built_in">clone</span>工具到本地</span></span><br><span class="line"></span><br><span class="line">[root@c7-docker-1 opt]# git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au </span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">也可以直接从github下载整个项目解压到这个目录下就行</span></span><br></pre></td></tr></table></figure></li><li><p>配置<code>certbot-letencrypt-wildcardcertificates-alydns-au</code></p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"> # </span><span class="language-bash">为了方便使用改个名字</span></span><br><span class="line"> [root@c7-docker-1 opt]# mv certbot-letencrypt-wildcardcertificates-alydns-au certbot</span><br><span class="line"> </span><br><span class="line"> [root@c7-docker-1 opt]# cd certbot</span><br><span class="line"> </span><br><span class="line"> [root@c7-docker-1 opt]# vim domain.ini</span><br><span class="line"> </span><br><span class="line"> 检查默认域名信息,若没有自己的根域名需要自行添加</span><br><span class="line"> </span><br><span class="line"> [root@c7-docker-1 opt]# vim au.sh --根据自己的平台去填写对应的信息</span><br><span class="line"> </span><br><span class="line"> #填写阿里云的AccessKey ID及AccessKey Secret</span><br><span class="line"> #如何申请见https://help.aliyun.com/knowledge_detail/38738.html</span><br><span class="line"> ALY_KEY=&quot;&quot;</span><br><span class="line"> ALY_TOKEN=&quot;&quot;</span><br><span class="line"> </span><br><span class="line"> #填写腾讯云的SecretId及SecretKey</span><br><span class="line"> #如何申请见https://console.cloud.tencent.com/cam/capi</span><br><span class="line"> TXY_KEY=&quot;&quot;</span><br><span class="line"> TXY_TOKEN=&quot;&quot;</span><br><span class="line"> </span><br><span class="line"> #填写华为云的 Access Key Id 及 Secret Access Key</span><br><span class="line"> #如何申请见https://support.huaweicloud.com/devg-apisign/api-sign-provide.html</span><br><span class="line"> HWY_KEY=&quot;&quot;</span><br><span class="line"> HWY_TOKEN=&quot;&quot;</span><br><span class="line"> </span><br><span class="line"> #GoDaddy的SecretId及SecretKey</span><br><span class="line"> #如何申请见https://developer.godaddy.com/getstarted</span><br><span class="line"> GODADDY_KEY=&quot;&quot;</span><br><span class="line"> GODADDY_TOKEN=&quot;&quot;</span><br><span class="line"> </span><br><span class="line"><span class="meta prompt_"> # </span><span class="language-bash">保存后给这个脚本赋权限</span></span><br><span class="line"> [root@c7-docker-1 opt]# chmod 0777 au.sh</span><br><span class="line"></span><br><span class="line">7. 测试一下是否可以使用</span><br><span class="line"></span><br><span class="line"> ```shell</span><br><span class="line"> [root@c7-docker-1 certbot]# certbot certonly \</span><br><span class="line"> -d *.test.com \</span><br><span class="line"> --manual --preferred-challenges dns \</span><br><span class="line"> --dry-run --manual-auth-hook &quot;/opt/certbot/au.sh php aly add&quot; \</span><br><span class="line"> --manual-cleanup-hook &quot;/opt/certbot/au.sh php aly clean&quot;</span><br><span class="line"> </span><br><span class="line"> Saving debug log to /var/log/letsencrypt/letsencrypt.log</span><br><span class="line"> Plugins selected: Authenticator manual, Installer None</span><br><span class="line"> Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org</span><br><span class="line"> Simulating a certificate request for *.test.com</span><br><span class="line"> Performing the following challenges:</span><br><span class="line"> dns-01 challenge for test.com</span><br><span class="line"> Running manual-auth-hook command: /opt/certbot/au.sh php aly add</span><br><span class="line"> Waiting for verification...</span><br><span class="line"> Cleaning up challenges</span><br><span class="line"> Running manual-cleanup-hook command: /opt/certbot/au.sh php aly clean</span><br><span class="line"> </span><br><span class="line"> IMPORTANT NOTES:</span><br><span class="line"> - The dry run was successful.</span><br><span class="line"> </span><br><span class="line"> ---根据提示输入邮箱地址,同意协议信息即可</span><br><span class="line"> </span><br></pre></td></tr></table></figure></li><li><p>正式申请</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 certbot]# certbot certonly \</span><br><span class="line">-d test.com \</span><br><span class="line">-d *.test.com \ # 如果只申请泛域名 -d *.test.com 即可,如果还有别的,可继续 -d </span><br><span class="line">--manual --preferred-challenges dns \</span><br><span class="line">--manual-auth-hook &quot;/opt/certbot/au.sh php aly add&quot; \</span><br><span class="line">--manual-cleanup-hook &quot;/opt/certbot/au.sh php aly clean&quot;</span><br><span class="line"></span><br><span class="line">Saving debug log to /var/log/letsencrypt/letsencrypt.log</span><br><span class="line">Plugins selected: Authenticator manual, Installer None</span><br><span class="line">Enter email address (used for urgent renewal and security notices)</span><br><span class="line"> (Enter &#x27;c&#x27; to cancel): halliday2023@163.com</span><br><span class="line">Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org</span><br><span class="line"></span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">Please read the Terms of Service at</span><br><span class="line">https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must</span><br><span class="line">agree in order to register with the ACME server. Do you agree?</span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">(Y)es/(N)o: y</span><br><span class="line"></span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">Would you be willing, once your first certificate is successfully issued, to</span><br><span class="line">share your email address with the Electronic Frontier Foundation, a founding</span><br><span class="line">partner of the Let&#x27;s Encrypt project and the non-profit organization that</span><br><span class="line">develops Certbot? We&#x27;d like to send you email about our work encrypting the web,</span><br><span class="line">EFF news, campaigns, and ways to support digital freedom.</span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">(Y)es/(N)o: N --这个表示是否接受推广,可以拒绝</span><br><span class="line">Account registered.</span><br><span class="line">Requesting a certificate for *.test.com</span><br><span class="line">Performing the following challenges:</span><br><span class="line">dns-01 challenge for test.com</span><br><span class="line">Running manual-auth-hook command: /opt/certbot/au.sh php aly add</span><br><span class="line">Waiting for verification...</span><br><span class="line">Cleaning up challenges</span><br><span class="line">Running manual-cleanup-hook command: /opt/certbot/au.sh php aly clean</span><br><span class="line"></span><br><span class="line">IMPORTANT NOTES:</span><br><span class="line"> - Congratulations! Your certificate and chain have been saved at:</span><br><span class="line"> /etc/letsencrypt/live/test.com/fullchain.pem ----这里就是证书的地址</span><br><span class="line"> Your key file has been saved at:</span><br><span class="line"> /etc/letsencrypt/live/test.com/privkey.pem ----这是私钥</span><br><span class="line"> Your certificate will expire on 2023-07-24. To obtain a new or</span><br><span class="line"> tweaked version of this certificate in the future, simply run</span><br><span class="line"> certbot again. To non-interactively renew *all* of your</span><br><span class="line"> certificates, run &quot;certbot renew&quot;</span><br><span class="line"> - If you like Certbot, please consider supporting our work by:</span><br><span class="line"></span><br><span class="line"> Donating to ISRG / Let&#x27;s Encrypt: https://letsencrypt.org/donate</span><br><span class="line"> Donating to EFF: https://eff.org/donate-le</span><br><span class="line"></span><br></pre></td></tr></table></figure></li><li><p>撤销证书</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 certbot]# certbot delete</span><br><span class="line">Saving debug log to /var/log/letsencrypt/letsencrypt.log</span><br><span class="line"></span><br><span class="line">Which certificate(s) would you like to delete?</span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">1: liuhaolin.com</span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">Select the appropriate numbers separated by commas and/or spaces, or leave input</span><br><span class="line">blank to select all options shown (Enter &#x27;c&#x27; to cancel):</span><br></pre></td></tr></table></figure></li><li><p>延期</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"> # </span><span class="language-bash">对机器上所有证书 renew</span></span><br><span class="line"> [root@c7-docker-1 certbot]# certbot renew --manual /</span><br><span class="line"> --preferred-challenges dns /</span><br><span class="line"> --manual-auth-hook &quot;/脚本目录/au.sh php aly add&quot; /</span><br><span class="line"> --manual-cleanup-hook &quot;/脚本目录/au.sh php aly clean&quot;</span><br><span class="line"> </span><br><span class="line"> 注:证书有效期&lt;30天才会renew</span><br><span class="line"> </span><br><span class="line"> </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">添加crontab</span></span><br><span class="line"> [root@c7-docker-1 certbot]# crontab -e</span><br><span class="line"> </span><br><span class="line"> 1 1 */1 * * root certbot-auto renew --manual --preferred-challenges dns --manual-auth-hook &quot;/脚本目录/au.sh php aly add&quot; --manual-cleanup-hook &quot;/脚本目录/au.sh php aly clean&quot;</span><br></pre></td></tr></table></figure></li></ol><h2 id="问题"><a href="#问题" class="headerlink" title="问题"></a>问题</h2><ol><li><p>/opt/certbot/au.sh: line 112: /usr/bin/php: No such file or directory</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br></pre></td><td class="code"><pre><span class="line">Error output from manual-auth-hook command au.sh:</span><br><span class="line">/opt/certbot/au.sh: line 112: /usr/bin/php: No such file or directory</span><br><span class="line"></span><br><span class="line">Waiting for verification...</span><br><span class="line">Challenge failed for domain test.com</span><br><span class="line">dns-01 challenge for test.com</span><br><span class="line">Cleaning up challenges</span><br><span class="line">Running manual-cleanup-hook command: /opt/certbot/au.sh php aly clean</span><br><span class="line">Error output from manual-cleanup-hook command au.sh:</span><br><span class="line">/opt/certbot/au.sh: line 112: /usr/bin/php: No such file or directory</span><br><span class="line"></span><br><span class="line">Some challenges have failed.</span><br><span class="line"></span><br><span class="line">IMPORTANT NOTES:</span><br><span class="line"> - The following errors were reported by the server:</span><br><span class="line"></span><br><span class="line"> Domain: test.com</span><br><span class="line"> Type: unauthorized</span><br><span class="line"> Detail: No TXT record found at _acme-challenge.test.com</span><br><span class="line"></span><br><span class="line"> To fix these errors, please make sure that your domain name was</span><br><span class="line"> entered correctly and the DNS A/AAAA record(s) for that domain</span><br><span class="line"> contain(s) the right IP address.</span><br><span class="line"> </span><br><span class="line"> 原因需要安装php</span><br><span class="line"> </span><br><span class="line"> 处理:</span><br><span class="line"> [root@c7-docker-1 certbot]# yum install php --版本&gt;4以上均可</span><br></pre></td></tr></table></figure></li><li><p>感觉不需要nginx也能行没有去验证这个猜想</p></li></ol></div><footer class="post-footer"><div><div style="text-align:center;color:#ccc;font-size:24px;padding-top:10px">--------------------------------------- The End ---------------------------------------</div></div><div class="post-copyright"><ul><li class="post-copyright-author"><strong>本文作者: </strong>小梦同学的blog</li><li class="post-copyright-link"><strong>本文链接:</strong> <a href="http://kiki.kim/2022/12/20/%E9%80%9A%E8%BF%87certbot+nginx%E7%94%B3%E8%AF%B7%E6%B3%9B%E5%9F%9F%E5%90%8D%E8%AF%81%E4%B9%A6/" title="通过certbot+nginx申请泛域名证书">http://kiki.kim/2022/12/20/通过certbot+nginx申请泛域名证书/</a></li><li class="post-copyright-license"><strong>版权声明: </strong>本博客所有文章除特别声明外,均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/zh-CN" rel="noopener" target="_blank"><i class="fab fa-fw fa-creative-commons"></i>BY-NC-SA</a> 许可协议。转载请注明出处!</li></ul></div><div class="post-tags"><a href="/tags/Linux/" rel="tag"><i class="fa fa-tag"></i> Linux</a> <a href="/tags/nginx/" rel="tag"><i class="fa fa-tag"></i> nginx</a> <a href="/tags/certbot/" rel="tag"><i class="fa fa-tag"></i> certbot</a></div><script type="text/javascript">for(var tagsall=document.getElementsByClassName("post-tags"),i=tagsall.length-1;0<=i;i--)for(var tags=tagsall[i].getElementsByTagName("a"),j=tags.length-1;0<=j;j--){var r,g,b,golden_ratio=.618033988749895,s=.5,v=.999,h=golden_ratio+.8*Math.random()-.5,h_i=parseInt(6*h),f=6*h-h_i,p=v*(1-s),q=v*(1-f*s),t=v*(1-(1-f)*s);switch(h_i){case 0:r=v,g=t,b=p;break;case 1:r=q,g=v,b=p;break;case 2:r=p,g=v,b=t;break;case 3:r=p,g=q,b=v;break;case 4:r=t,g=p,b=v;break;case 5:r=v,g=p,b=q;break;default:b=g=r=1}tags[j].style.background="rgba("+parseInt(255*r)+","+parseInt(255*g)+","+parseInt(255*b)+",0.5)"}</script><div class="post-nav"><div class="post-nav-item"><a href="/2022/12/20/%E5%9F%BA%E4%BA%8Ebehave%E6%A1%86%E6%9E%B6%E7%9A%84%E7%AC%AC%E4%B8%89%E6%96%B9%E5%BA%93/" rel="prev" title="基于behave框架的第三方库"><i class="fa fa-chevron-left"></i> 基于behave框架的第三方库</a></div><div class="post-nav-item"><a href="/2023/02/23/esxi8.0%E5%AE%89%E8%A3%85/" rel="next" title="esxi8.0安装">esxi8.0安装 <i class="fa fa-chevron-right"></i></a></div></div></footer></article></div></div></main><footer class="footer"><div class="footer-inner"><div class="copyright">&copy; <span itemprop="copyrightYear">2023</span> <span class="with-love"><i class="fa fa-heart"></i> </span><span class="author" itemprop="copyrightHolder">小梦同学的blog</span></div><div class="busuanzi-count"><span class="post-meta-item" id="busuanzi_container_site_uv"><span class="post-meta-item-icon"><i class="fa fa-user"></i> </span><span class="site-uv" title="总访客量"><span id="busuanzi_value_site_uv"></span> </span></span><span class="post-meta-item" id="busuanzi_container_site_pv"><span class="post-meta-item-icon"><i class="fa fa-eye"></i> </span><span class="site-pv" title="总访问量"><span id="busuanzi_value_site_pv"></span></span></span></div><div class="powered-by"><a href="https://hexo.io/" rel="noopener" target="_blank">Hexo</a> & <a href="https://theme-next.js.org/" rel="noopener" target="_blank">NexT.Gemini</a> 强力驱动</div><span id="timeDate">载入天数...</span> <span id="times">载入时分秒...</span><script>var now=new Date;function createtime(){var n=new Date("03/01/2023 10:00:00");now.setTime(now.getTime()+250),days=(now-n)/1e3/60/60/24,dnum=Math.floor(days),hours=(now-n)/1e3/60/60-24*dnum,hnum=Math.floor(hours),1==String(hnum).length&&(hnum="0"+hnum),minutes=(now-n)/1e3/60-1440*dnum-60*hnum,mnum=Math.floor(minutes),1==String(mnum).length&&(mnum="0"+mnum),seconds=(now-n)/1e3-86400*dnum-3600*hnum-60*mnum,snum=Math.round(seconds),1==String(snum).length&&(snum="0"+snum),document.getElementById("timeDate").innerHTML="本站已安全运行 "+dnum+" 天 ",document.getElementById("times").innerHTML=hnum+" 小时 "+mnum+" 分 "+snum+" 秒."}setInterval("createtime()",250)</script></div></footer><div class="back-to-top" role="button" aria-label="返回顶部"><i class="fa fa-arrow-up fa-lg"></i> <span>0%</span></div><div class="reading-progress-bar"></div><a href="https://github.com/M-HALLIDAY" class="github-corner" title="在 GitHub 上关注我" aria-label="在 GitHub 上关注我" rel="noopener" target="_blank"><svg width="80" height="80" viewBox="0 0 250 250" aria-hidden="true"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin:130px 106px" class="octo-arm"></path><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"></path></svg></a><noscript><div class="noscript-warning">Theme NexT works best with JavaScript enabled</div></noscript><script src="https://cdnjs.cloudflare.com/ajax/libs/animejs/3.2.1/anime.min.js" integrity="sha256-XL2inqUJaslATFnHdJOi9GfQ60on8Wx1C2H8DYiN1xY=" crossorigin="anonymous"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js" integrity="sha256-oP6HI9z1XaZNBrJURtCoUT5SUnxFr8s3BzRl+cbzUq8=" crossorigin="anonymous"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.js" integrity="sha256-yt2kYMy0w8AbtF89WXb2P1rfjcP/HTHLT7097U8Y5b8=" crossorigin="anonymous"></script><script src="/js/comments.js"></script><script src="/js/utils.js"></script><script src="/js/motion.js"></script><script src="/js/next-boot.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/hexo-generator-searchdb/1.4.1/search.js" integrity="sha256-1kfA5uHPf65M5cphT2dvymhkuyHPQp5A53EGZOnOLmc=" crossorigin="anonymous"></script><script src="/js/third-party/search/local-search.js"></script><script src="/js/third-party/fancybox.js"></script><script src="/js/third-party/pace.js"></script><script async src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script><script src="https://unpkg.com/darkmode-js@1.5.7/lib/darkmode-js.min.js"></script><script>var options = {
bottom: '64px',
right: 'unset',
left: '32px',
time: '0.5s',
mixColor: 'transparent',
backgroundColor: 'transparent',
buttonColorDark: '#100f2c',
buttonColorLight: '#fff',
saveInCookies: true,
label: '🌓',
autoMatchOsTheme: true
}
const darkmode = new Darkmode(options);
window.darkmode = darkmode;
darkmode.showWidget();</script><script async src="/js/cursor/love.min.js"></script><script type="text/javascript" src="//cdn.bootcss.com/canvas-nest.js/1.0.0/canvas-nest.min.js"></script></body></html>
Reference in New Issue View Git Blame Copy Permalink