Introduce
Website: https://letsencrypt.org/
Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open.
>>>> ACME: https://webencrypt.org/acme/
Certbot
Certbot, previously the Let's Encrypt Client, is EFF's tool to obtain certs from Let's Encrypt, and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Certbot Official site: https://certbot.eff.org/
Get Certbot from: https://github.com/certbot/certbot
Install
CentOS 6
sudo yum install epel-release
$ wget https://dl.eff.org/certbot-auto $ chmod a+x certbot-auto
CentOS 7
yum install epel-release
yum install certbot
Cert
certbot[-auto] certonly
certbot[-auto] certonly --standalone -d example.com -d www.example.com
Wildcard
$ certbot certonly \ -d *.example.com \ -d example.com \ --manual \ --preferred-challenges dns \ --server https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.example.com with the following value: UUN3Xf4jat9SWh_YssVK36P8EHa**************** Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
Renew
certbot[-auto] renew [--dry-run] [--quiet]
Alternatives
- https://github.com/Neilpang/acme.sh
- An ACME Shell script: acme.sh
- https://github.com/diafygi/acme-tiny
- A tiny script to issue and renew TLS certs from Let's Encrypt
Reference
- https://certbot.eff.org/docs/
- h
t - How To Secure Nginx with Let's Encrypt on CentOS 7t p s : / / w w w . d i g i t a l o c e a n . c o m / c o m m u n i t y / t u t o r i a l s / h o w - t o - s e c u r e - n g i n x - w i t h - l e t - s - e n c r y p t - o n - c e n t o s - 7 - h
t - 更换博客HTTPS证书为Let's Encrypt的通配证书t p s : / / b l o g . f r o g n e w . c o m / 2 0 1 8 / 0 7 / l e t s - e n c r y p t - w i l d c a r d - c e r t i f i c a t e s . h t m l