- Published on
在 CentOS 8 服务器上使用 Certbot 手动获取 Namecheap DNS 泛域名证书
- Authors
- Name
- Leon
1. 运行Certbot获取证书
sudo certbot certonly --manual --preferred-challenges=dns -d '*.erp.tianjian.io'
# 输出:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.erp.tianjian.io
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.erp.tianjian.io.
with the following value:
66yvutswnWPWeXSOGY-0vJzVJ_KHsPD6GdUTFNRWZkE
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.erp.tianjian.io.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
2. 在Namecheap的DNS设置中添加TXT记录
| Type | Host | Value |
|---|---|---|
| TXT Record | _acme-challenge.erp | 66yvutswnWPWeXSOGY-0vJzVJ_KHsPD6GdUTFNRWZkE |
3. 检查TXT记录传播状态
# 访问
https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.erp.tianjian.io
# 输出
TXT
TTL:
29 minutes 59 seconds
VALUE:
"66yvutswnWPWeXSOGY-0vJzVJ_KHsPD6GdUTFNRWZkE"
4. 成功传播后,回到服务器终端Certbot会话中,回车继续
# 继续输出
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/erp.tianjian.io-0001/fullchain.pem
Key is saved at: /etc/letsencrypt/live/erp.tianjian.io-0001/privkey.pem
This certificate expires on 2024-04-17.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5. 手动续订证书
# 要续订这个证书,在证书到期日期之前重复执行这个相同的certbot命令
sudo certbot certonly --manual --preferred-challenges=dns -d '*.erp.tianjian.io'