centos+nginx申请Let's Encrypt 通配符HTTPS证书

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/q85795362/article/details/79715012

一、下载certbot

#打开root目录
cd /root
#下载
wget https://dl.eff.org/certbot-auto
#给予执行权限
chmod a+x certbot-auto

二、申请证书

注意红色字体为需要申请证书的域名

sudo ./certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d "*.baidu.com" -d "baidu.com" --manual --preferred-challenges dns-01 certonly

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator manual, Installer None

Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): 

输入邮箱   或者 输入c进行取消

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
-------------------------------------------------------------------------------

(A)gree/(C)ancel: 

A同意条款  或者  C取消

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------

(Y)es/(N)o: 

Y同意分享邮箱  或者  N不同意

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.


Are you OK with your IP being logged?
-------------------------------------------------------------------------------

(Y)es/(N)o: 

Y已公开服务器IP  或者  N没有公开

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.域名.com with the following value:


4pIOgw0qR4YjMJiLPMnxxx8r96Uahq9PnJRxyKVSLfI


Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------

去自己的域名服务器设置TXT解析

然后回车就可以了

最后看看nginx配置是否配置好