Debian安装Certbot获取SSL证书
安装snapd
# 安装snapd
apt-get update
apt-get install snapd
# 安装 snapd core
snap install core
snap refresh core
通过snapd
安装certbot
snap install --classic certbot
# 软链接
ln -s /snap/bin/certbot /usr/bin/certbot
如果遇到无法下载,可能需要翻墙,请给snap
设置代理:
sudo snap set system proxy.http=http://127.0.0.1:1081
sudo snap set system proxy.https=http://127.0.0.1:1081
获取SSL证书
执行certbot certonly
certbot certonly -d "*.youdomain.com" --manual --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
root@docker00:/usr/bin# certbot certonly -d "*.youdomain.com" --manual --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): xxx@xxx.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.
Requesting a certificate for *.youdomain.com
Performing the following challenges:
dns-01 challenge for youdomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.youdomain.com with the following value:
<your_dns_txt_value>
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/youdomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/youdomain.com/privkey.pem
Your certificate will expire on 2021-07-01. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
- 阅读剩余部分 -