Overview
First of all, let’s talk about what is a pan domain name. For example, if I want to make two websites, the first website is hello.google.com, and the second one is well.google.com, then usually I need to apply for two ssl certificates for each website. , but the pan-domain name means that I can use it for two websites at the same time as long as I apply for a *.google.com certificate
Environmental preparation
First of all, we need a linux, debian series and red hat series can be used, and then we install some environment dependencies
- debian series
apt-get update && apt-get install curl -y && apt-get install cron -y && apt-get install socat -y
- Red Hat Series
yum update && yum install curl -y && yum install cron -y && yum install socat -y
Download ACME.SH and execute
This script is the script used to apply for a free certificatecurl https://get.acme.sh | sh
Import Alibaba Cloud's Access Key ID and Access Key Secret into environment variables
Alibaba Cloud's Access Key ID and Access Key Secret can be obtained by logging in on the following pagehttps://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fak-console.aliyun.com%2F%3Fspm%3D5176.2020520001.0.0.0EJtVx#/accesskey
export Ali_Key=""
export Ali_Secret=""
Apply for a certificate
The next step is to apply for a certificate. Just replace the following bboysoul.cn with your own domain name.~/.acme.sh/acme.sh --issue --dns dns_ali -d bboysoul.cn -d *.bboysoul.cn
The following lines appear to indicate success
[Thu Mar 15 11:09:05 CST 2018] Your cert is in /root/.acme.sh/bboysoul.cn/bboysoul.cn.cer
[Thu Mar 15 11:09:05 CST 2018] Your cert key is in /root/.acme.sh/bboysoul.cn/bboysoul.cn.key
[Thu Mar 15 11:09:05 CST 2018] The intermediate CA cert is in /root/.acme.sh/bboysoul.cn/ca.cer
[Thu Mar 15 11:09:05 CST 2018] And the full chain certs is there: /root/.acme.sh/bboysoul.cn/fullchain.cer
Then just download these certificates, all files are under .acme.sh/your domain name directory
A few last words
The pagoda panel supports one-click application for the certificate of Let's Encrypt, but it is not a pan-domain certificate, but it is much more convenient
Welcome to follow Bboysoul's blog www.bboysoul.com Have Fun