[Let’s Encrypt] Wildcard Certbot 安全憑證

Lab
1

Option A

1. 產生SSL指令

sudo certbot certonly --manual -d YOURDOMAINNAME.com -d '*.YOURDOMAINNAME.com' --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

2. 請在Cloudflare/DNS 增加 TXT record

_acme-challenge.YOURDOMAINNAME.com   TXT  CHANGEME-_3pJ2j0PBuadeNroxWopMz16W9DLifPc

3. 驗證成功就會產生憑證

result

4. 設定自動更新

sudo certbot renew --dry-run

完成

Option B

1. 安裝 ptyhon3 的套件

sudo apt-get install -y python3-pip python3-setuptools

2. 安裝cloudflare dns plugins

sudo pip3 install certbot-dns-cloudflare

3. 檢查certbot套件

certbot plugins

4. 取得cloudflare Global API key

https://s3.tenten.co/share/Screenshot-from-2018-03-14-10-26-44.png
https://s3.tenten.co/share/Screenshot-from-2018-03-14-10-26-44.png949×386 35.4 KB

5. 將Cloudflare API key建檔

sudo nano /etc/letsencrypt/dnscloudflare.ini

dns_cloudflare_api_key = blahblahblah44399342234bland
dns_cloudflare_email = mylogin@example.com

6. 安全考量

sudo chmod 600 /etc/letsencrypt/dnscloudflare.ini

7. 設定讀取cloudflare API

sudo nano /etc/letsencrypt/cli.ini

dns-cloudflare-credentials = /etc/letsencrypt/dnscloudflare.ini
server = https://acme-v02.api.letsencrypt.org/directory

8. 申請certificate

sudo certbot certonly -d YOURDOMAINNAME.com -d '*.YOURDOMAINNAME.com' --dns-cloudflare

9. 設定自動更新

sudo certbot renew --dry-run

完成

1 Like