sudo certbot certonly --manual --preferred-challenges dns -d gaobo.name
certonly --manual 代表手动签发证书,不进行其他配置工作。
--preferred-challenges dns 代表验证方式使用 DNS 进行域名所有权的验证,也可以选择 http 方式进行验证。
-d gaobo.name 则是域名配置,后面可以多次使用 -d DOMAIN 来配置多个域名。
修改 DNS 解析
在执行上面的命令之后,会有几步相关的操作让你确认。之后会给你一段口令让你设置到 DNS 解析上:
1 2 3 4 5 6 7 8 9
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.gaobo.name with the following value:
aO0HEtcVvHPPGY2a8JHEzjIXcDj8QD0kWb48Xmbh3g8
Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
按照提示设置好之后,按回车键即可。
成功签发
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/gaobo.name/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/gaobo.name/privkey.pem Your cert will expire on 2020-02-20. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le