Introduce
Website: https://letsencrypt.org/
Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open.
>>>> ACME: https://webencrypt.org/acme/
Certbot
Certbot, previously the Let's Encrypt Client, is EFF's tool to obtain certs from Let's Encrypt, and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Certbot Official site: https://certbot.eff.org/
Get Certbot from: https://github.com/certbot/certbot
Install
CentOS 6
# sudo yum install epel-release
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
CentOS 7
# yum install epel-release
# yum install certbot
Cert
$ certbot[-auto] certonly
$ certbot[-auto] certonly --standalone -d example.com -d www.example.com
Wildcard
$ certbot certonly \
-d *.example.com \
-d example.com \
--manual \
--preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:
UUN3Xf4jat9SWh_YssVK36P8EHa****************
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Renew
# certbot[-auto] renew [--dry-run] [--quiet]
Alternatives
- https://github.com/Neilpang/acme.sh - An ACME Shell script: acme.sh
- https://github.com/diafygi/acme-tiny - A tiny script to issue and renew TLS certs from Let's Encrypt
Reference
- https://certbot.eff.org/docs/
- h
t - How To Secure Nginx with Let's Encrypt on CentOS 7t p s : / / w w w . d i g i t a l o c e a n . c o m / c o m m u n i t y / t u t o r i a l s / h o w - t o - s e c u r e - n g i n x - w i t h - l e t - s - e n c r y p t - o n - c e n t o s - 7 - h
t - 更换博客HTTPS证书为Let's Encrypt的通配证书t p s : / / b l o g . f r o g n e w . c o m / 2 0 1 8 / 0 7 / l e t s - e n c r y p t - w i l d c a r d - c e r t i f i c a t e s . h t m l