通过certbot-auto自动生成工具来操作。
下载
wget https://dl.eff.org/certbot-auto chmod +x certbot-auto
生成证书
./certbot-auto certonly --email ***@gmail.com -d *.xxx.cn -d xxx.cn --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
添加域名解析
Please deploy a DNS TXT record under the name _acme-challenge.xxx.cn with the following value: KJhxf69xxxl01AxxxxYjwnixxxxglEugBEuxxxg Before continuing, verify the record is deployed. (This must be set up in addition to the previous challenges; do not remove, replace, or undo the previous challenge tasks yet. Note that you might be asked to create multiple distinct TXT records with the same name. This is permitted by DNS standards.) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
验证TXT解析是否生效
yum install -y bind-utils dig -t txt _acme-challenge.xxxx.cn @8.8.8.8
续期
./certbot renew --dry-run
更简单的方法,使用docker + acme.sh
腾讯云域名
docker run --rm -it -v /root/cert:/acme.sh -e DP_Id=*** -e DP_Key=*** neilpang/acme.sh --issue -d aaa.com -d *.aaa.com --dns dns_dp
阿里云域名
docker run --rm -it -v /root/cert:/acme.sh -e Ali_Key=*** -e Ali_Secret=*** neilpang/acme.sh --issue -d bbb.com -d *.bbb.com --dns dns_ali --force