Appearance
免费https证书
申请通配符证书
shell
certbot certonly --preferred-challenges dns --manual -d example.com -d *.example.com --server https://acme-v02.api.letsencrypt.org/directory自签名证书
- 创建服务器证书密钥文件 server.key
openssl genrsa -des3 -out server.key 2048 - 创建服务器证书的申请文件 server.csr
openssl req -new -key server.key -out server.csr - 备份
cp server.key server.key.bak - 去除口令
openssl rsa -in server.key.bak -out server.key - 生成证书文件 server.crt
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
利用acme.sh申请免费证书
1. 快速安装
curl https://get.acme.sh | sh -s email=my@example.com
2. Advanced installation
shell
git clone https://github.com/acmesh-official/acme.sh.git
cd acme.sh
./acme.sh --install \
--home ~/myacme \
--config-home ~/myacme/data \
--cert-home ~/mycerts \
--accountemail "my@example.com" \
--accountkey ~/myaccount.key \
--accountconf ~/myaccount.conf \
--useragent "this is my client."3. 生成证书
准备工作(dnsapi · acmesh-official/acme.sh Wiki · GitHub)
shell
export CF_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
export CF_Account_ID="xxxxxxxxxxxxx"
acme.sh --issue -d example.com -d '*.example.com' --dns dns_cf
export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"
acme.sh --issue -d example.com -d '*.example.com' --dns dns_gd4. nginx example
shell
acme.sh --install-cert -d example.com \
--key-file /path/to/keyfile/in/nginx/key.pem \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd "service nginx force-reload"5. apache example
shell
acme.sh --install-cert -d example.com \
--cert-file /path/to/certfile/in/apache/cert.pem \
--key-file /path/to/keyfile/in/apache/key.pem \
--fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \
--reloadcmd "service apache2 force-reload"生成RSA公私钥
shell
openssl genrsa -out rsa_private_key.pem 2048
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem