免费的ssl泛域名证书
经验与学习 2025/12/22 18:34:19 点击:不统计
%77w%77%2E%66%6F%72%61%73%70%2E%63%6E
https://certbot.eff.org/ 提供了免费的域名证书,如果是单域名,可以实现自动续期
如果是泛域名需要dns 配置,下面将免费的 泛域名 证书 使用安装配置 说明一下:
1. 首先安装
sudo apt update
sudo apt install -y certbot python3-certbot-nginx
检查安装成功
certbot --version
2.生成证书步骤
(1)运行命令获取 证书
sudo certbot certonly \
--manual \
--preferred-challenges dns \
-d example.com \
-d "*.example.com"
(2)输入用户 邮箱
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): xxx@xx.com
(3) 同意协议
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf. You must agree
in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for example.com and *.example.com
(4)生成DNS TXT 对应的值,我们要手动处理到线上DNS中
Please deploy a DNS TXT record under the name:
_acme-challenge.example.com.
with the following value:
fadmZxj2REuboGMhhCgXqe9TnvKIpcQAokLltDaXqQ
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
(5) 添加域名 TXT解析后,新开终端 验证解析是否生效
dig TXT _acme-challenge.example.com
看到如下结果:
; <<>> DiG 9.10.6 <<>> TXT _acme-challenge.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22502
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.example.com. IN TXT
;; ANSWER SECTION:
_acme-challenge.example.com. 600 IN TXT "fadmZxj2REuboGMhhCgXqe9TnvKIpcQAokLltDaXqQ"
;; Query time: 69 msec
;; SERVER: 192.168.5.1#53(192.168.5.1)
;; WHEN: Mon Dec 22 16:40:20 CST 2025
;; MSG SIZE rcvd: 109
(6) 回到 第一个shell 命令行, 按回车。如果之前按了,重新生成即可。如果通过后
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem
This certificate expires on 2026-03-22.
3. nginx 配置
server
{
listen 443 ssl;
server_name www.example.com ;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
4. 重启nginx ,访问网页即可
学习www.网for站asp制.cn作
·上一篇:Clash Verge自定义配置 >> ·下一篇:网站制作学习网