Let’s Encrypt SSL证书通过DNS TXT记录交互模式手动续期

2023-03-0313:50:21网站管理维护Comments1,352 views字数 1470阅读模式

三个月时间到了,证书需要续期,在网上找了好久都是通过脚本自动执行的方式进行续期的,在这里都不适用,通过参考各种资料和摸索,找到以下方法供参考:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

sudo certbot certonly --renew-by-default -d YOURDOMAIN --manual --preferred-challenges dns文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

certonly 只申请证书
--renew-by-default 通过默认配置更新证书
-d YOURDOMAIN 需要更新证书的域名
--manual 交互方式执行
--preferred-challenges dns 通过DNS TXT记录的方式进行认证文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

执行以上命令后返回如下结果:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for YOURDOMAIN文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

输入 Y后返回:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.YOURDOMAIN with the following value:文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

Fhx3AXM****************e4TchYU文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

Once this is deployed,
-------------------------------------------------------------------------------
Press Enter to Continue文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

此时登录域名管理后台,添加_acme-challenge.YOURDOMAIN域名的TXT记录,值为Fhx3AXM****************e4TchYU,保存后输入以下命令进行确认已经正常解析:
dig -t txt _acme-challenge.YOURDOMAIN
如果返回结果中有上面填写的值说明已经添加并解析成功,此时返回证书更新界面按回车继续.正常情况下会返回如下结果.文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem文章源自菜鸟学院-https://www.cainiaoxueyuan.com/wg/31169.html

  • 本站内容整理自互联网,仅提供信息存储空间服务,以方便学习之用。如对文章、图片、字体等版权有疑问,请在下方留言,管理员看到后,将第一时间进行处理。
  • 转载请务必保留本文链接:https://www.cainiaoxueyuan.com/wg/31169.html

Comment

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定