16 lines
43 KiB
HTML
16 lines
43 KiB
HTML
<!DOCTYPE html><html lang="zh-CN"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="theme-color" content="#222"><meta name="generator" content="Hexo 5.4.2"><link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png"><link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png"><link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png"><link rel="mask-icon" href="/images/logo.svg" color="#222"><link rel="stylesheet" href="/css/main.css"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css" integrity="sha256-HtsXJanqjKTc8vVQjO4YMhiqFoXkfBsjBWcX91T1jr8=" crossorigin="anonymous"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.1.1/animate.min.css" integrity="sha256-PR7ttpcvz8qrF57fur/yAx1qXMFJeJFiA6pSzWi0OIE=" crossorigin="anonymous"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.css" integrity="sha256-Vzbj7sDDS/woiFS3uNKo8eIuni59rjyNGtXfstRzStA=" crossorigin="anonymous"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/pace/1.2.4/themes/blue/pace-theme-minimal.css"><script src="https://cdnjs.cloudflare.com/ajax/libs/pace/1.2.4/pace.min.js" integrity="sha256-gqd7YTjg/BtfqWSwsJOvndl0Bxc8gFImLEkXQT8+qj0=" crossorigin="anonymous"></script><script class="next-config" data-name="main" type="application/json">{"hostname":"kiki.kim","root":"/","images":"/images","scheme":"Gemini","darkmode":false,"version":"8.15.1","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12},"copycode":{"enable":true,"style":"flat"},"bookmark":{"enable":false,"color":"#222","save":"auto"},"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"stickytabs":false,"motion":{"enable":true,"async":false,"transition":{"menu_item":"fadeInDown","post_block":"fadeIn","post_header":"fadeInDown","post_body":"fadeInDown","coll_header":"fadeInLeft","sidebar":"fadeInUp"}},"prism":false,"i18n":{"placeholder":"搜索...","empty":"没有找到任何搜索结果:${query}","hits_time":"找到 ${hits} 个搜索结果(用时 ${time} 毫秒)","hits":"找到 ${hits} 个搜索结果"},"path":"/search.xml","localsearch":{"enable":true,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false}}</script><script src="/js/config.js"></script><meta name="description" content="之前博客一直都是都使用的http协议,主要是访问量一直都不大,最主要的还是懒得去折腾证书,最近趁着有点空闲搞一下。"><meta property="og:type" content="article"><meta property="og:title" content="通过certbot+nginx申请泛域名证书"><meta property="og:url" content="http://kiki.kim/2022/03/20/%E9%80%9A%E8%BF%87certbot+nginx%E7%94%B3%E8%AF%B7%E6%B3%9B%E5%9F%9F%E5%90%8D%E8%AF%81%E4%B9%A6/index.html"><meta property="og:site_name" content="随言碎语"><meta property="og:description" content="之前博客一直都是都使用的http协议,主要是访问量一直都不大,最主要的还是懒得去折腾证书,最近趁着有点空闲搞一下。"><meta property="og:locale" content="zh_CN"><meta property="article:published_time" content="2022-03-20T11:56:34.000Z"><meta property="article:modified_time" content="2023-05-02T14:16:48.575Z"><meta property="article:author" content="小梦同学的blog"><meta property="article:tag" content="Linux"><meta property="article:tag" content="nginx"><meta property="article:tag" content="certbot"><meta name="twitter:card" content="summary"><link rel="canonical" href="http://kiki.kim/2022/03/20/%E9%80%9A%E8%BF%87certbot+nginx%E7%94%B3%E8%AF%B7%E6%B3%9B%E5%9F%9F%E5%90%8D%E8%AF%81%E4%B9%A6/"><script class="next-config" data-name="page" type="application/json">{"sidebar":"","isHome":false,"isPost":true,"lang":"zh-CN","comments":true,"permalink":"http://kiki.kim/2022/03/20/%E9%80%9A%E8%BF%87certbot+nginx%E7%94%B3%E8%AF%B7%E6%B3%9B%E5%9F%9F%E5%90%8D%E8%AF%81%E4%B9%A6/","path":"2022/03/20/通过certbot+nginx申请泛域名证书/","title":"通过certbot+nginx申请泛域名证书"}</script><script class="next-config" data-name="calendar" type="application/json">""</script><title>通过certbot+nginx申请泛域名证书 | 随言碎语</title><noscript><link rel="stylesheet" href="/css/noscript.css"></noscript><link rel="alternate" href="/atom.xml" title="随言碎语" type="application/atom+xml"><style>.darkmode--activated{--body-bg-color:#282828;--content-bg-color:#333;--card-bg-color:#555;--text-color:#ccc;--blockquote-color:#bbb;--link-color:#ccc;--link-hover-color:#eee;--brand-color:#ddd;--brand-hover-color:#ddd;--table-row-odd-bg-color:#282828;--table-row-hover-bg-color:#363636;--menu-item-bg-color:#555;--btn-default-bg:#222;--btn-default-color:#ccc;--btn-default-border-color:#555;--btn-default-hover-bg:#666;--btn-default-hover-color:#ccc;--btn-default-hover-border-color:#666;--highlight-background:#282b2e;--highlight-foreground:#a9b7c6;--highlight-gutter-background:#34393d;--highlight-gutter-foreground:#9ca9b6}.darkmode--activated img{opacity:.75}.darkmode--activated img:hover{opacity:.9}.darkmode--activated code{color:#69dbdc;background:0 0}button.darkmode-toggle{z-index:9999}.darkmode-ignore,img{display:flex!important}.beian img{display:inline-block!important}</style></head><body itemscope itemtype="http://schema.org/WebPage" class="use-motion"><div class="headband"></div><main class="main"><div class="column"><header class="header" itemscope itemtype="http://schema.org/WPHeader"><div class="site-brand-container"><div class="site-nav-toggle"><div class="toggle" aria-label="切换导航栏" role="button"><span class="toggle-line"></span> <span class="toggle-line"></span> <span class="toggle-line"></span></div></div><div class="site-meta"><a href="/" class="brand" rel="start"><i class="logo-line"></i><p class="site-title">随言碎语</p><i class="logo-line"></i></a><p class="site-subtitle" itemprop="description">咕叽咕叽</p></div><div class="site-nav-right"><div class="toggle popup-trigger" aria-label="搜索" role="button"><i class="fa fa-search fa-fw fa-lg"></i></div></div></div><nav class="site-nav"><ul class="main-menu menu"><li class="menu-item menu-item-home"><a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a></li><li class="menu-item menu-item-tags"><a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签<span class="badge">63</span></a></li><li class="menu-item menu-item-archives"><a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档<span class="badge">55</span></a></li><li class="menu-item menu-item-about"><a href="/about/" rel="section"><i class="fa fa-user fa-fw"></i>关于</a></li><li class="menu-item menu-item-guestbook"><a href="/guestbook/" rel="section"><i class="fa fa-book fa-fw"></i>留言板</a></li><li class="menu-item menu-item-search"><a role="button" class="popup-trigger"><i class="fa fa-search fa-fw"></i>搜索</a></li></ul></nav><div class="search-pop-overlay"><div class="popup search-popup"><div class="search-header"><span class="search-icon"><i class="fa fa-search"></i></span><div class="search-input-container"><input autocomplete="off" autocapitalize="off" maxlength="80" placeholder="搜索..." spellcheck="false" type="search" class="search-input"></div><span class="popup-btn-close" role="button"><i class="fa fa-times-circle"></i></span></div><div class="search-result-container no-result"><div class="search-result-icon"><i class="fa fa-spinner fa-pulse fa-5x"></i></div></div></div></div></header><aside class="sidebar"><div class="sidebar-inner sidebar-nav-active sidebar-toc-active"><ul class="sidebar-nav"><li class="sidebar-nav-toc">文章目录</li><li class="sidebar-nav-overview">站点概览</li></ul><div class="sidebar-panel-container"><div class="post-toc-wrap sidebar-panel"><div class="post-toc animated"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#1-%E5%87%86%E5%A4%87%E7%8E%AF%E5%A2%83"><span class="nav-number">1.</span> <span class="nav-text">1.准备环境</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#2-%E5%AE%89%E8%A3%85nginx"><span class="nav-number">2.</span> <span class="nav-text">2.安装nginx</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E9%97%AE%E9%A2%98"><span class="nav-number">3.</span> <span class="nav-text">问题</span></a></li></ol></div></div><div class="site-overview-wrap sidebar-panel"><div class="site-author animated" itemprop="author" itemscope itemtype="http://schema.org/Person"><img class="site-author-image" itemprop="image" alt="小梦同学的blog" src="https://halliday.oss-cn-nanjing.aliyuncs.com/imagesbjx.png"><p class="site-author-name" itemprop="name">小梦同学的blog</p><div class="site-description" itemprop="description">欲买桂花同载酒,终不似,少年游。</div></div><div class="site-state-wrap animated"><nav class="site-state"><div class="site-state-item site-state-posts"><a href="/archives/"><span class="site-state-item-count">55</span> <span class="site-state-item-name">日志</span></a></div><div class="site-state-item site-state-tags"><a href="/tags/"><span class="site-state-item-count">63</span> <span class="site-state-item-name">标签</span></a></div></nav></div><div class="links-of-author animated"><span class="links-of-author-item"><a href="https://github.com/M-HALLIDAY" title="GitHub → https://github.com/M-HALLIDAY" rel="noopener me" target="_blank"><i class="fab fa-github fa-fw"></i></a> </span><span class="links-of-author-item"><a href="mailto:halliday2023@163.com" title="E-Mail → mailto:halliday2023@163.com" rel="noopener me" target="_blank"><i class="fa fa-envelope fa-fw"></i></a> </span><span class="links-of-author-item"><a href="/atom.xml" title="RSS → /atom.xml" rel="noopener me"><i class="fa fa-rss fa-fw"></i></a></span></div><div class="cc-license animated" itemprop="license"><a href="https://creativecommons.org/licenses/by-nc-sa/4.0/zh-CN" class="cc-opacity" rel="noopener" target="_blank"><img src="https://cdnjs.cloudflare.com/ajax/libs/creativecommons-vocabulary/2020.11.3/assets/license_badges/small/by_nc_sa.svg" alt="Creative Commons"></a></div></div></div></div><div class="sidebar-inner sidebar-blogroll"><div class="links-of-blogroll animated"><div class="links-of-blogroll-title"><i class="fa fa-globe fa-fw"></i> 链接</div><ul class="links-of-blogroll-list"><li class="links-of-blogroll-item"><a href="https://laosu.ml/" title="https://laosu.ml/" rel="noopener" target="_blank">老苏的blog</a></li></ul></div></div></aside></div><div class="main-inner post posts-expand"><div class="post-block"><article itemscope itemtype="http://schema.org/Article" class="post-content" lang="zh-CN"><link itemprop="mainEntityOfPage" href="http://kiki.kim/2022/03/20/%E9%80%9A%E8%BF%87certbot+nginx%E7%94%B3%E8%AF%B7%E6%B3%9B%E5%9F%9F%E5%90%8D%E8%AF%81%E4%B9%A6/"><span hidden itemprop="author" itemscope itemtype="http://schema.org/Person"><meta itemprop="image" content="https://halliday.oss-cn-nanjing.aliyuncs.com/imagesbjx.png"><meta itemprop="name" content="小梦同学的blog"></span><span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization"><meta itemprop="name" content="随言碎语"><meta itemprop="description" content="欲买桂花同载酒,终不似,少年游。"></span><span hidden itemprop="post" itemscope itemtype="http://schema.org/CreativeWork"><meta itemprop="name" content="通过certbot+nginx申请泛域名证书 | 随言碎语"><meta itemprop="description" content=""></span><header class="post-header"><h1 class="post-title" itemprop="name headline">通过certbot+nginx申请泛域名证书</h1><div class="post-meta-container"><div class="post-meta"><span class="post-meta-item"><span class="post-meta-item-icon"><i class="far fa-calendar"></i> </span><span class="post-meta-item-text">发表于</span> <time title="创建时间:2022-03-20 19:56:34" itemprop="dateCreated datePublished" datetime="2022-03-20T19:56:34+08:00">2022-03-20</time> </span><span class="post-meta-item"><span class="post-meta-item-icon"><i class="far fa-calendar-check"></i> </span><span class="post-meta-item-text">更新于</span> <time title="修改时间:2023-05-02 22:16:48" itemprop="dateModified" datetime="2023-05-02T22:16:48+08:00">2023-05-02</time> </span><span class="post-meta-item" title="阅读次数" id="busuanzi_container_page_pv"><span class="post-meta-item-icon"><i class="far fa-eye"></i> </span><span class="post-meta-item-text">阅读次数:</span> <span id="busuanzi_value_page_pv"></span> </span><span class="post-meta-break"></span> <span class="post-meta-item" title="本文字数"><span class="post-meta-item-icon"><i class="far fa-file-word"></i> </span><span class="post-meta-item-text">本文字数:</span> <span>6.5k</span> </span><span class="post-meta-item" title="阅读时长"><span class="post-meta-item-icon"><i class="far fa-clock"></i> </span><span class="post-meta-item-text">阅读时长 ≈</span> <span>12 分钟</span></span></div></div></header><div class="post-body" itemprop="articleBody"><p>之前博客一直都是都使用的http协议,主要是访问量一直都不大,最主要的还是懒得去折腾证书,最近趁着有点空闲搞一下。</p><span id="more"></span><h2 id="1-准备环境">1.准备环境</h2><ul><li>cenotos 7</li><li>certbot</li><li>nginx</li><li><a target="_blank" rel="noopener" href="https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au">certbot-letencrypt-wildcardcertificates-alydns-au</a></li></ul><h2 id="2-安装nginx">2.安装nginx</h2><ol><li><p>直接使用yum来安装</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 opt]# yum install nginx</span><br></pre></td></tr></table></figure></li><li><p>配置代理</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">使用 vim 创建 demo.conf</span></span><br><span class="line">[root@c7-docker-1 opt]# vim /etc/nginx/conf.d/demo.conf</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">创建以下内容</span></span><br><span class="line">server {</span><br><span class="line"> listen 80;</span><br><span class="line"></span><br><span class="line"> server_name example.com; #你的域名</span><br><span class="line"></span><br><span class="line"> location / {</span><br><span class="line"> proxy_set_header HOST $host;</span><br><span class="line"> proxy_set_header X-Forwarded-Proto $scheme;</span><br><span class="line"> proxy_set_header X-Real-IP $remote_addr;</span><br><span class="line"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</span><br><span class="line"></span><br><span class="line"> proxy_pass http://127.0.0.1:1000/; #你的服务地址,随便找个本地的服务,能够访问就行</span><br><span class="line"> }</span><br><span class="line">}</span><br><span class="line"></span><br></pre></td></tr></table></figure></li><li><p>重启服并确认访问域名能到代理到你本地</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 opt]# systemctl start nginx.service</span><br><span class="line"> </span><br><span class="line"> 浏览器访问 example.com 确定能访问到本地对应的服务</span><br></pre></td></tr></table></figure></li><li><p>安装cerbot及其相关工具</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 opt]# yum install vim certbot python2-certbot-nginx -y</span><br></pre></td></tr></table></figure></li><li><p>下载<code>certbot-letencrypt-wildcardcertificates-alydns-au</code></p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 opt]# cd /opt/</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">git <span class="built_in">clone</span>工具到本地</span></span><br><span class="line"></span><br><span class="line">[root@c7-docker-1 opt]# git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au </span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">也可以直接从github下载整个项目解压到这个目录下就行</span></span><br></pre></td></tr></table></figure></li><li><p>配置<code>certbot-letencrypt-wildcardcertificates-alydns-au</code></p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"> # </span><span class="language-bash">为了方便使用改个名字</span></span><br><span class="line"> [root@c7-docker-1 opt]# mv certbot-letencrypt-wildcardcertificates-alydns-au certbot</span><br><span class="line"> </span><br><span class="line"> [root@c7-docker-1 opt]# cd certbot</span><br><span class="line"> </span><br><span class="line"> [root@c7-docker-1 opt]# vim domain.ini</span><br><span class="line"> </span><br><span class="line"> 检查默认域名信息,若没有自己的根域名需要自行添加</span><br><span class="line"> </span><br><span class="line"> [root@c7-docker-1 opt]# vim au.sh --根据自己的平台去填写对应的信息</span><br><span class="line"> </span><br><span class="line"> #填写阿里云的AccessKey ID及AccessKey Secret</span><br><span class="line"> #如何申请见https://help.aliyun.com/knowledge_detail/38738.html</span><br><span class="line"> ALY_KEY=""</span><br><span class="line"> ALY_TOKEN=""</span><br><span class="line"> </span><br><span class="line"> #填写腾讯云的SecretId及SecretKey</span><br><span class="line"> #如何申请见https://console.cloud.tencent.com/cam/capi</span><br><span class="line"> TXY_KEY=""</span><br><span class="line"> TXY_TOKEN=""</span><br><span class="line"> </span><br><span class="line"> #填写华为云的 Access Key Id 及 Secret Access Key</span><br><span class="line"> #如何申请见https://support.huaweicloud.com/devg-apisign/api-sign-provide.html</span><br><span class="line"> HWY_KEY=""</span><br><span class="line"> HWY_TOKEN=""</span><br><span class="line"> </span><br><span class="line"> #GoDaddy的SecretId及SecretKey</span><br><span class="line"> #如何申请见https://developer.godaddy.com/getstarted</span><br><span class="line"> GODADDY_KEY=""</span><br><span class="line"> GODADDY_TOKEN=""</span><br><span class="line"> </span><br><span class="line"><span class="meta prompt_"> # </span><span class="language-bash">保存后给这个脚本赋权限</span></span><br><span class="line"> [root@c7-docker-1 opt]# chmod 0777 au.sh</span><br><span class="line"></span><br><span class="line">7. 测试一下是否可以使用</span><br><span class="line"></span><br><span class="line"> ```shell</span><br><span class="line"> [root@c7-docker-1 certbot]# certbot certonly \</span><br><span class="line"> -d *.test.com \</span><br><span class="line"> --manual --preferred-challenges dns \</span><br><span class="line"> --dry-run --manual-auth-hook "/opt/certbot/au.sh php aly add" \</span><br><span class="line"> --manual-cleanup-hook "/opt/certbot/au.sh php aly clean"</span><br><span class="line"> </span><br><span class="line"> Saving debug log to /var/log/letsencrypt/letsencrypt.log</span><br><span class="line"> Plugins selected: Authenticator manual, Installer None</span><br><span class="line"> Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org</span><br><span class="line"> Simulating a certificate request for *.test.com</span><br><span class="line"> Performing the following challenges:</span><br><span class="line"> dns-01 challenge for test.com</span><br><span class="line"> Running manual-auth-hook command: /opt/certbot/au.sh php aly add</span><br><span class="line"> Waiting for verification...</span><br><span class="line"> Cleaning up challenges</span><br><span class="line"> Running manual-cleanup-hook command: /opt/certbot/au.sh php aly clean</span><br><span class="line"> </span><br><span class="line"> IMPORTANT NOTES:</span><br><span class="line"> - The dry run was successful.</span><br><span class="line"> </span><br><span class="line"> ---根据提示输入邮箱地址,同意协议信息即可</span><br><span class="line"> </span><br></pre></td></tr></table></figure></li><li><p>正式申请</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 certbot]# certbot certonly \</span><br><span class="line">-d test.com \</span><br><span class="line">-d *.test.com \ # 如果只申请泛域名 -d *.test.com 即可,如果还有别的,可继续 -d </span><br><span class="line">--manual --preferred-challenges dns \</span><br><span class="line">--manual-auth-hook "/opt/certbot/au.sh php aly add" \</span><br><span class="line">--manual-cleanup-hook "/opt/certbot/au.sh php aly clean"</span><br><span class="line"></span><br><span class="line">Saving debug log to /var/log/letsencrypt/letsencrypt.log</span><br><span class="line">Plugins selected: Authenticator manual, Installer None</span><br><span class="line">Enter email address (used for urgent renewal and security notices)</span><br><span class="line"> (Enter 'c' to cancel): halliday2023@163.com</span><br><span class="line">Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org</span><br><span class="line"></span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">Please read the Terms of Service at</span><br><span class="line">https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must</span><br><span class="line">agree in order to register with the ACME server. Do you agree?</span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">(Y)es/(N)o: y</span><br><span class="line"></span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">Would you be willing, once your first certificate is successfully issued, to</span><br><span class="line">share your email address with the Electronic Frontier Foundation, a founding</span><br><span class="line">partner of the Let's Encrypt project and the non-profit organization that</span><br><span class="line">develops Certbot? We'd like to send you email about our work encrypting the web,</span><br><span class="line">EFF news, campaigns, and ways to support digital freedom.</span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">(Y)es/(N)o: N --这个表示是否接受推广,可以拒绝</span><br><span class="line">Account registered.</span><br><span class="line">Requesting a certificate for *.test.com</span><br><span class="line">Performing the following challenges:</span><br><span class="line">dns-01 challenge for test.com</span><br><span class="line">Running manual-auth-hook command: /opt/certbot/au.sh php aly add</span><br><span class="line">Waiting for verification...</span><br><span class="line">Cleaning up challenges</span><br><span class="line">Running manual-cleanup-hook command: /opt/certbot/au.sh php aly clean</span><br><span class="line"></span><br><span class="line">IMPORTANT NOTES:</span><br><span class="line"> - Congratulations! Your certificate and chain have been saved at:</span><br><span class="line"> /etc/letsencrypt/live/test.com/fullchain.pem ----这里就是证书的地址</span><br><span class="line"> Your key file has been saved at:</span><br><span class="line"> /etc/letsencrypt/live/test.com/privkey.pem ----这是私钥</span><br><span class="line"> Your certificate will expire on 2023-07-24. To obtain a new or</span><br><span class="line"> tweaked version of this certificate in the future, simply run</span><br><span class="line"> certbot again. To non-interactively renew *all* of your</span><br><span class="line"> certificates, run "certbot renew"</span><br><span class="line"> - If you like Certbot, please consider supporting our work by:</span><br><span class="line"></span><br><span class="line"> Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate</span><br><span class="line"> Donating to EFF: https://eff.org/donate-le</span><br><span class="line"></span><br></pre></td></tr></table></figure></li><li><p>撤销证书</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">[root@c7-docker-1 certbot]# certbot delete</span><br><span class="line">Saving debug log to /var/log/letsencrypt/letsencrypt.log</span><br><span class="line"></span><br><span class="line">Which certificate(s) would you like to delete?</span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">1: liuhaolin.com</span><br><span class="line">- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -</span><br><span class="line">Select the appropriate numbers separated by commas and/or spaces, or leave input</span><br><span class="line">blank to select all options shown (Enter 'c' to cancel):</span><br></pre></td></tr></table></figure></li><li><p>延期</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"> # </span><span class="language-bash">对机器上所有证书 renew</span></span><br><span class="line"> [root@c7-docker-1 certbot]# certbot renew --manual /</span><br><span class="line"> --preferred-challenges dns /</span><br><span class="line"> --manual-auth-hook "/脚本目录/au.sh php aly add" /</span><br><span class="line"> --manual-cleanup-hook "/脚本目录/au.sh php aly clean"</span><br><span class="line"> </span><br><span class="line"> 注:证书有效期<30天才会renew</span><br><span class="line"> </span><br><span class="line"> </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">添加crontab</span></span><br><span class="line"> [root@c7-docker-1 certbot]# crontab -e</span><br><span class="line"> </span><br><span class="line"> 1 1 */1 * * root certbot-auto renew --manual --preferred-challenges dns --manual-auth-hook "/脚本目录/au.sh php aly add" --manual-cleanup-hook "/脚本目录/au.sh php aly clean"</span><br></pre></td></tr></table></figure></li></ol><h2 id="问题">问题</h2><ol><li><p>/opt/certbot/au.sh: line 112: /usr/bin/php: No such file or directory</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br></pre></td><td class="code"><pre><span class="line">Error output from manual-auth-hook command au.sh:</span><br><span class="line">/opt/certbot/au.sh: line 112: /usr/bin/php: No such file or directory</span><br><span class="line"></span><br><span class="line">Waiting for verification...</span><br><span class="line">Challenge failed for domain test.com</span><br><span class="line">dns-01 challenge for test.com</span><br><span class="line">Cleaning up challenges</span><br><span class="line">Running manual-cleanup-hook command: /opt/certbot/au.sh php aly clean</span><br><span class="line">Error output from manual-cleanup-hook command au.sh:</span><br><span class="line">/opt/certbot/au.sh: line 112: /usr/bin/php: No such file or directory</span><br><span class="line"></span><br><span class="line">Some challenges have failed.</span><br><span class="line"></span><br><span class="line">IMPORTANT NOTES:</span><br><span class="line"> - The following errors were reported by the server:</span><br><span class="line"></span><br><span class="line"> Domain: test.com</span><br><span class="line"> Type: unauthorized</span><br><span class="line"> Detail: No TXT record found at _acme-challenge.test.com</span><br><span class="line"></span><br><span class="line"> To fix these errors, please make sure that your domain name was</span><br><span class="line"> entered correctly and the DNS A/AAAA record(s) for that domain</span><br><span class="line"> contain(s) the right IP address.</span><br><span class="line"> </span><br><span class="line"> 原因:需要安装php</span><br><span class="line"> </span><br><span class="line"> 处理:</span><br><span class="line"> [root@c7-docker-1 certbot]# yum install php --版本>4以上均可</span><br></pre></td></tr></table></figure></li><li><p>感觉不需要nginx也能行,没有去验证这个猜想</p></li></ol></div><footer class="post-footer"><div><div style="text-align:center;color:#ccc;font-size:24px;padding-top:10px">----- The End -----</div><div><center><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/social-share.js/1.0.16/css/share.min.css"><div class="social-share" data-sites="weibo, qq, qzone,wechat"></div><script src="http://apps.bdimg.com/libs/jquery/1.8.2/jquery.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/social-share.js/1.0.16/js/social-share.min.js"></script></center></div></div><div class="post-copyright"><ul><li class="post-copyright-author"><strong>本文作者: </strong>小梦同学的blog</li><li class="post-copyright-link"><strong>本文链接:</strong> <a href="http://kiki.kim/2022/03/20/%E9%80%9A%E8%BF%87certbot+nginx%E7%94%B3%E8%AF%B7%E6%B3%9B%E5%9F%9F%E5%90%8D%E8%AF%81%E4%B9%A6/" title="通过certbot+nginx申请泛域名证书">http://kiki.kim/2022/03/20/通过certbot+nginx申请泛域名证书/</a></li><li class="post-copyright-license"><strong>版权声明: </strong>本博客所有文章除特别声明外,均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/zh-CN" rel="noopener" target="_blank"><i class="fab fa-fw fa-creative-commons"></i>BY-NC-SA</a> 许可协议。转载请注明出处!</li></ul></div><div class="post-tags"><a href="/tags/Linux/" rel="tag"><i class="fa fa-tag"></i> Linux</a> <a href="/tags/nginx/" rel="tag"><i class="fa fa-tag"></i> nginx</a> <a href="/tags/certbot/" rel="tag"><i class="fa fa-tag"></i> certbot</a></div><script type="text/javascript">for(var tagsall=document.getElementsByClassName("post-tags"),i=tagsall.length-1;0<=i;i--)for(var tags=tagsall[i].getElementsByTagName("a"),j=tags.length-1;0<=j;j--){var r,g,b,golden_ratio=.618033988749895,s=.5,v=.999,h=golden_ratio+.8*Math.random()-.5,h_i=parseInt(6*h),f=6*h-h_i,p=v*(1-s),q=v*(1-f*s),t=v*(1-(1-f)*s);switch(h_i){case 0:r=v,g=t,b=p;break;case 1:r=q,g=v,b=p;break;case 2:r=p,g=v,b=t;break;case 3:r=p,g=q,b=v;break;case 4:r=t,g=p,b=v;break;case 5:r=v,g=p,b=q;break;default:b=g=r=1}tags[j].style.background="rgba("+parseInt(255*r)+","+parseInt(255*g)+","+parseInt(255*b)+",0.5)"}</script><div class="post-nav"><div class="post-nav-item"><a href="/2022/03/11/python+behave+openpyxl%E7%AE%A1%E7%90%86%E6%B5%8B%E8%AF%95%E7%94%A8%E4%BE%8B/" rel="prev" title="python+behave+openpyxl管理测试用例"><i class="fa fa-chevron-left"></i> python+behave+openpyxl管理测试用例</a></div><div class="post-nav-item"><a href="/2022/04/21/docker%E6%90%AD%E5%BB%BAfrp%E6%9C%8D%E5%8A%A1%E7%AB%AF%E5%92%8C%E5%AE%A2%E6%88%B7%E7%AB%AF/" rel="next" title="docker搭建frp服务端和客户端">docker搭建frp服务端和客户端 <i class="fa fa-chevron-right"></i></a></div></div></footer></article></div></div></main><footer class="footer"><div class="footer-inner"><div class="copyright">© <span itemprop="copyrightYear">2023</span> <span class="with-love"><i class="fa fa-heart"></i> </span><span class="author" itemprop="copyrightHolder">小梦同学的blog</span></div><div class="busuanzi-count"><span class="post-meta-item" id="busuanzi_container_site_uv"><span class="post-meta-item-icon"><i class="fa fa-user"></i> </span><span class="site-uv" title="总访客量"><span id="busuanzi_value_site_uv"></span> </span></span><span class="post-meta-item" id="busuanzi_container_site_pv"><span class="post-meta-item-icon"><i class="fa fa-eye"></i> </span><span class="site-pv" title="总访问量"><span id="busuanzi_value_site_pv"></span></span></span></div><div class="powered-by">由 <a href="https://hexo.io/" rel="noopener" target="_blank">Hexo</a> & <a href="https://theme-next.js.org/" rel="noopener" target="_blank">NexT.Gemini</a> 强力驱动</div><span id="timeDate">载入天数...</span> <span id="times">载入时分秒...</span><script>var now=new Date;function createtime(){var n=new Date("03/01/2023 10:00:00");now.setTime(now.getTime()+250),days=(now-n)/1e3/60/60/24,dnum=Math.floor(days),hours=(now-n)/1e3/60/60-24*dnum,hnum=Math.floor(hours),1==String(hnum).length&&(hnum="0"+hnum),minutes=(now-n)/1e3/60-1440*dnum-60*hnum,mnum=Math.floor(minutes),1==String(mnum).length&&(mnum="0"+mnum),seconds=(now-n)/1e3-86400*dnum-3600*hnum-60*mnum,snum=Math.round(seconds),1==String(snum).length&&(snum="0"+snum),document.getElementById("timeDate").innerHTML="本站已安全运行 "+dnum+" 天 ",document.getElementById("times").innerHTML=hnum+" 小时 "+mnum+" 分 "+snum+" 秒."}setInterval("createtime()",250)</script></div></footer><div class="back-to-top" role="button" aria-label="返回顶部"><i class="fa fa-arrow-up fa-lg"></i> <span>0%</span></div><div class="reading-progress-bar"></div><a href="https://github.com/M-HALLIDAY" class="github-corner" title="在 GitHub 上关注我" aria-label="在 GitHub 上关注我" rel="noopener" target="_blank"><svg width="80" height="80" viewBox="0 0 250 250" aria-hidden="true"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin:130px 106px" class="octo-arm"></path><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"></path></svg></a><noscript><div class="noscript-warning">Theme NexT works best with JavaScript enabled</div></noscript><script src="https://cdnjs.cloudflare.com/ajax/libs/animejs/3.2.1/anime.min.js" integrity="sha256-XL2inqUJaslATFnHdJOi9GfQ60on8Wx1C2H8DYiN1xY=" crossorigin="anonymous"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js" integrity="sha256-oP6HI9z1XaZNBrJURtCoUT5SUnxFr8s3BzRl+cbzUq8=" crossorigin="anonymous"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.js" integrity="sha256-yt2kYMy0w8AbtF89WXb2P1rfjcP/HTHLT7097U8Y5b8=" crossorigin="anonymous"></script><script src="/js/comments.js"></script><script src="/js/utils.js"></script><script src="/js/motion.js"></script><script src="/js/next-boot.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/hexo-generator-searchdb/1.4.1/search.js" integrity="sha256-1kfA5uHPf65M5cphT2dvymhkuyHPQp5A53EGZOnOLmc=" crossorigin="anonymous"></script><script src="/js/third-party/search/local-search.js"></script><script src="/js/third-party/fancybox.js"></script><script src="/js/third-party/pace.js"></script><script async src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script><script src="https://unpkg.com/darkmode-js@1.5.7/lib/darkmode-js.min.js"></script><script>var options = {
|
||
bottom: '64px',
|
||
right: 'unset',
|
||
left: '32px',
|
||
time: '0.5s',
|
||
mixColor: 'transparent',
|
||
backgroundColor: 'transparent',
|
||
buttonColorDark: '#100f2c',
|
||
buttonColorLight: '#fff',
|
||
saveInCookies: true,
|
||
label: '🌓',
|
||
autoMatchOsTheme: true
|
||
}
|
||
const darkmode = new Darkmode(options);
|
||
window.darkmode = darkmode;
|
||
darkmode.showWidget();</script><script async src="/js/cursor/love.min.js"></script><script type="text/javascript" src="//cdn.bootcss.com/canvas-nest.js/1.0.0/canvas-nest.min.js"></script></body></html> |