root@iZ5ts4ir4avgeumt2dhyhmZ:~# certbot certonly --webroot -w /data/websites/apache/site04/ Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected]# 填写申请证书获取通知的邮件地址
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y # 同意注册协议
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y # 这个是通知,你也可以选择 N Account registered. Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel): apache02.xxxxu.com # 输入你要创建证书的域名 Requesting a certificate for apache02.xxxxu.com
# 下面就是申请信息。 Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/apache02.xxxxu.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/apache02.xxxxu.com/privkey.pem This certificate expires on 2024-06-05. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background.
root@iZ5ts4ir4avgeumt2dhyhmZ:~# certbot certonly --standalone -d apache03.xxxxu.com,apache04.xxxxu.com -m [email protected] Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for apache03.xxxxu.com and apache04.xxxxu.com
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/apache03.xxxxu.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/apache03.xxxxu.com/privkey.pem This certificate expires on 2024-06-06. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background.
root@iZ5ts4ir4avgeumt2dhyhmZ:~# certbot certonly --standalone -d apache03.xxxxu.com,apache04.xxxxu.com -m [email protected] Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for apache03.xxxxu.com and apache04.xxxxu.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (R)etry/(C)ancel: C Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again. Ask forhelp or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@iZ5ts4ir4avgeumt2dhyhmZ:~# certbot certonly --manual -d apache05.xxxxu.com --preferred-challenges=dns -m [email protected] Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for apache05.xxxxu.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name:
_acme-challenge.apache05.xxxxu.com.
with the following value:
k-p2Ap2b9YOKB1JJL2XGVS9OFuVWSqZaKqz4zhXL5MU
Before continuing, verify the TXT record has been deployed. Depending on the DNS provider, this may take some time, from a few seconds to multiple minutes. You can check if it has finished deploying with aid of online tools, such as the Google Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.apache05.xxxxu.com. Look for one or more bolded line(s) below the line ';ANSWER'. It should show the value(s) you've just added. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue # 这里不要着急回车,先到你域名服务商去做上面给出的 txt 解析记录
2.做好域名的 txt 解析,如下:
注意: 做完解析后,不要立即去服务器申请证书的命令行回车,这里最好等待1~3分钟!
3.回到申请证书的命令行,执行回车。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Press Enter to Continue
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/apache05.xxxxu.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/apache05.xxxxu.com/privkey.pem This certificate expires on 2024-06-06. These files will be updated when the certificate renews.
NEXT STEPS: - This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
基于文件的认证
这种方式就是在基于 DNS 认证的方式上去掉参数 --preferred-challenges=dns, 但是,网站要能处于正常访问的状态!
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/ssl01.linuser.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/ssl01.linuser.com/privkey.pem This certificate expires on 2022-11-15. These files will be updated when the certificate renews.
NEXT STEPS: - This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -