Certbot 基于 CloudFlare/Aliyun DNS 申请 https SSL/TLS 证书

Linux
, , ,
1

准备 CloudFlare API Key

image
image3528×2056 449 KB

image
image3528×2056 406 KB

image
image3528×2056 431 KB

image
image3528×2056 413 KB

image
image3528×2056 346 KB

image
image3528×2056 417 KB

配置 CloudFlare API Key

mkdir -p ~/.secrets/certbot/

vim ~/.secrets/certbot/cloudflare.ini

dns_cloudflare_api_token=CloudFlare API Key

chmod 600 ~/.secrets/certbot/cloudflare.ini
chmod 700 ~/.secrets/certbot/

安装软件

# Ubuntu/Debian
sudo apt update
sudo apt install -y certbot python3-certbot-dns-cloudflare

# CentOS/RHEL/Rocky Linux
sudo dnf install -y epel-release
sudo dnf install -y certbot python3-certbot-dns-cloudflare

# 或者使用 pip
pip3 install certbot certbot-dns-cloudflare

申请证书

  • 证书存放位置:/etc/letsencrypt/archive//etc/letsencrypt/live/
  • 日志文件:/var/log/letsencrypt/letsencrypt.log
sudo certbot certonly \
  --dns-cloudflare \
  --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
  --email xuxiaowei@xuxiaowei.com.cn \
  -d xuxiaowei.com.cn \
  -d *.xuxiaowei.com.cn \
  -d xuxiaowei.io \
  -d *.xuxiaowei.io \
  --agree-tos \
  --non-interactive

root@iZj6cabd0bkfnfa0be1b24Z:~# sudo certbot certonly \
  --dns-cloudflare \
  --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
  --email xuxiaowei@xuxiaowei.com.cn \
  -d xuxiaowei.com.cn \
  -d *.xuxiaowei.com.cn \
  -d xuxiaowei.io \
  -d *.xuxiaowei.io \
  --agree-tos \
  --non-interactive
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for xuxiaowei.com.cn and 3 more domains
Waiting 10 seconds for DNS changes to propagate

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/xuxiaowei.com.cn/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/xuxiaowei.com.cn/privkey.pem
This certificate expires on 2026-04-14.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@iZj6cabd0bkfnfa0be1b24Z:~#
1 Like
2

阿里云

mkdir -p ~/.secrets/certbot/

vim ~/.secrets/certbot/aliyun.ini

dns_aliyun_access_key=
dns_aliyun_access_key_secret=

chmod 600 ~/.secrets/certbot/aliyun.ini
chmod 700 ~/.secrets/certbot/

sudo pip3 install certbot-dns-aliyun

sudo certbot certonly \
  --authenticator dns-aliyun \
  --dns-aliyun-credentials ~/.secrets/certbot/aliyun.ini \
  --email xuxiaowei@xuxiaowei.com.cn \
  -d xuxiaowei.com.cn \
  -d *.xuxiaowei.com.cn \
  -d xuxiaowei.io \
  -d *.xuxiaowei.io \
  --agree-tos \
  --non-interactive
1 Like
3

这个真方便 用了一下 还带自动续签的 比acme.sh方便多了

1 Like