<var id="xpn71"></var>
<ins id="xpn71"></ins>
<cite id="xpn71"><noframes id="xpn71">
<ins id="xpn71"></ins>
<cite id="xpn71"></cite><del id="xpn71"></del> <var id="xpn71"><dl id="xpn71"></dl></var>
<ins id="xpn71"><span id="xpn71"><listing id="xpn71"></listing></span></ins>
<cite id="xpn71"><dl id="xpn71"></dl></cite><ins id="xpn71"></ins>
<thead id="xpn71"><dl id="xpn71"><progress id="xpn71"></progress></dl></thead>
<var id="xpn71"><dl id="xpn71"><listing id="xpn71"></listing></dl></var>
<listing id="xpn71"></listing>
<var id="xpn71"></var><cite id="xpn71"><dl id="xpn71"></dl></cite> <cite id="xpn71"><dl id="xpn71"></dl></cite><menuitem id="xpn71"><dl id="xpn71"><listing id="xpn71"></listing></dl></menuitem>
<progress id="xpn71"><ruby id="xpn71"><span id="xpn71"></span></ruby></progress>
<ins id="xpn71"></ins>
<cite id="xpn71"></cite>
<thead id="xpn71"></thead>
<cite id="xpn71"><video id="xpn71"><thead id="xpn71"></thead></video></cite>
<cite id="xpn71"></cite>
<ins id="xpn71"><dl id="xpn71"></dl></ins>
<thead id="xpn71"><dl id="xpn71"><address id="xpn71"></address></dl></thead>
<thead id="xpn71"></thead><cite id="xpn71"></cite>
<thead id="xpn71"></thead>
<cite id="xpn71"><dl id="xpn71"></dl></cite>
<ins id="xpn71"></ins><address id="xpn71"><i id="xpn71"><th id="xpn71"></th></i></address>

Let’s Encrypt Wildcard 免費泛域名SSL證書一鍵申請與SSL使用教程

免費教程   2018年03月18日 9:35  

要說免費SSL證書,絕對要推薦Let’s Encrypt,申請免費,安裝簡單,可以無限期的續期。目前wzfou.com主站用的就是Let’s Encrypt的免費SSL證書,有人擔心自己沒有VPS主機無法使用Let’s Encrypt證書,其實現在你可以直接在線申請Let’s Encrypt了。

Let’s Encrypt的單域名SSL證書極大的推動了SSL證書在世界范圍內的普及,而現在更加讓人興奮的消息是:經過無數次的跳票,Let’s Encrypt Wildcard 免費泛域名SSL證書終于上線了!任何個人都是可以免費申請,利用腳本Acme.sh可以實現一鍵簽發,十分方便。

acme.sh 實現了 acme 協議, 可以從 letsencrypt 生成免費的證書。主要步驟:安裝 acme.sh、生成證書 、copy 證書到 nginx/apache 或者其他服務 、更新證書 、更新 acme.sh。Let’s Encrypt Wildcard 免費泛域名SSL證書有效期依然為三個月,acme.sh會自動續期。

本篇文章就來分享一下Let’s Encrypt Wildcard 免費泛域名SSL證書一鍵申請與SSL使用教程,更多的關于建站經驗與建站資源,你可以試試:

PayPal連連提現五個注意事項-賬號綁定,失敗鎖定,手續費與提現時長

十個你可能不知道的CloudFlare免費CDN加速技巧-SSL\DDOS\Cache

自建CDN加速-Nginx反向綁定,緩存加速,自動更新緩存和獲取真實IP

一、Let’s Encrypt泛域名SSL證書申請前準備

官網:

https://letsencrypt.org/

https://github.com/Neilpang/acme.sh

https://wzfou.com/vps-bangdan/

1.1 VPS服務器

要安裝Let’s Encrypt Wildcard 免費泛域名SSL證書,你至少需要一臺VPS主機,關于選購VPS主機可以看我寫的各在VPS主機測評:接入CN2線路VPS主機商和機房匯總和VPS主機排行榜單。

不嫌備+案麻煩的話,可以選擇阿里云VPS、騰訊云VPS、京東云VPS等國內的VPS主機商,想要速度快的免備+案的VPS,可以試試CN2線路或者香港、韓國機房的VPS,這類有阿里云香港、CN2 VPS、Kdatacenter等等。

1.2 做好DNS解析

Let’s Encrypt支持DNSPod、CloudXNS、Amazon Route53、CloudFlare等DNS解析,你需要先把域名的NS修改好。

二、Let’s Encrypt SSL工具acme.sh

2.1 安裝acme.sh

acme.sh 實現了 acme 協議, 可以從 letsencrypt 生成免費的證書。安裝很簡單, 一個命令:

  • curl https://get.acme.sh | sh

普通用戶和 root 用戶都可以安裝使用。 acme.sh 安裝到你的 home 目錄下:~/.acme.sh/,并創建 一個 bash 的 alias, 方便你的使用: acme.sh=~/.acme.sh/acme.sh

同時acme.sh 自動為你創建 cronjob, 每天 0:00 點自動檢測所有的證書, 如果快過期了, 需要更新, 則會自動更新證書。安裝過程不會污染已有的系統任何功能和文件, 所有的修改都限制在安裝目錄中: ~/.acme.sh/。

2.2 獲取DNS API

目前acme.sh需要使用到DNS API驗證域名。這里以DNSPOD為例,進入到用戶中心就可以找到API了。

點擊新建一個API。

最后你可以復制API的ID與Key了。

2.3 簽發Let’s Encrypt 泛域名證書

這里以DNSPod為演示,如果你是使用的其它的DNS,請參考本文下的附錄,不同的DNS的命令是不同的。執行以下命令保存DNSPOD的API Key 和 ID。

  • export DP_Id="1234"
    export DP_Key="sADDsdasdgdsf"

這個 DP_Id and DP_Key 保存在 ~/.acme.sh/account.conf 。執行以下命令就可以簽發Let’s Encrypt 泛域名證書了:

  • acme.sh --issue --dns dns_dp -d wzfou.com -d *.wzfou.com

整個簽發過程還是很快的,完成后你就可以生成的SSL證書路徑了。

現在打開證書路徑,Fullchain.cer就是完成的域名證書了,wzfou.com.key就是Key了,你只要下載這兩個文件就可以啟用Let’s Encrypt SSL證書了。

三、Let’s Encrypt SSL證書安裝

實際上目前流行的VPS主機面板都已經支持自定義SSL證書或者是一鍵申請安裝Let’s Encrypt SSL證書了,例如BT.cn寶塔面板、OneinStack、LNMP、WDCP、AppNode面板等。 更多的安裝方法請參考:服務器控制面板榜單。

四、附錄:各大DNS API獲取與簽發SSL

說明:

  • 附錄參考自:https://github.com/Neilpang/acme.sh/blob/master/dnsapi/README.md
  • DNS解析服務匯總:https://wzfou.com/mianfei-dns/
  • 簽發泛域名SSL時請把命令部分:-d www.example.com 改成 :-d *.example.com

4.1 CloudFlare DNS API

First you need to login to your CloudFlare account to get your API key.

Ok, let’s issue a cert now:

  • acme.sh --issue --dns dns_cf -d example.com -d www.example.com

The CF_Key and CF_Email will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4.2 DNSPod DNS API

First you need to login to your DNSPod account to get your API Key and ID.

  • export DP_Id="1234"
    export DP_Key="sADDsdasdgdsf"

Ok, let’s issue a cert now:

  • acme.sh --issue --dns dns_dp -d example.com -d www.example.com

The DP_Id and DP_Key will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4.3 CloudXNS DNS API

First you need to login to your CloudXNS account to get your API Key and Secret.

  • export CX_Key="1234"
    export CX_Secret="sADDsdasdgdsf"

Ok, let’s issue a cert now:

  • acme.sh --issue --dns dns_cx -d example.com -d www.example.com

The CX_Key and CX_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4.4 阿里云Aliyun DNS API

First you need to login to your 阿里云 Aliyun account to get your API key. https://ak-console.aliyun.com/#/accesskey

  • export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
    export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"

Ok, let’s issue a cert now:

  • acme.sh --issue --dns dns_ali -d example.com -d www.example.com

The Ali_Key and Ali_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4.5 GoDaddy DNS API

First you need to login to your GoDaddy account to get your API Key and Secret. https://developer.godaddy.com/keys/

Please create a Production key, instead of a Test key.

  • export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
    export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"

Ok, let’s issue a cert now:

  • acme.sh --issue --dns dns_gd -d example.com -d www.example.com

The GD_Key and GD_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4.6 PowerDNS DNS API

First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration. https://doc.powerdns.com/md/httpapi/README/

  • export PDNS_Url="http://ns.example.com:8081"
    export PDNS_ServerId="localhost"
    export PDNS_Token="0123456789ABCDEF"
    export PDNS_Ttl=60

Ok, let’s issue a cert now:

  • acme.sh --issue --dns dns_pdns -d example.com -d www.example.com

The PDNS_Url, PDNS_ServerId, PDNS_Token and PDNS_Ttl will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4.7 Amazon Route53 DNS API

方法見:https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API

  • export AWS_ACCESS_KEY_ID=XXXXXXXXXX
    export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX

To issue a cert:

  • acme.sh --issue --dns dns_aws -d example.com -d www.example.com

The AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4.8 Linode DNS API

First you need to login to your Linode account to get your API Key. https://manager.linode.com/profile/api

Then add an API key with label ACME and copy the new key.

  • export LINODE_API_KEY="..."

Due to the reload time of any changes in the DNS records, we have to use the dnssleep option to wait at least 15 minutes for the changes to take effect.

Ok, let’s issue a cert now:

  • acme.sh --issue --dns dns_linode --dnssleep 900 -d example.com -d www.example.com

The LINODE_API_KEY will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4.9 DigitalOcean DNS API (native)

You need to obtain a read and write capable API key from your DigitalOcean account. See: https://www.digitalocean.com/help/api/

  • export DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc"

Ok, let’s issue a cert now:

  • acme.sh --issue --dns dns_dgon -d example.com -d www.example.com

4.10 Namesilo DNS API

You’ll need to generate an API key at https://www.namesilo.com/account_api.php Optionally you may restrict the access to an IP range there.

  • export Namesilo_Key="xxxxxxxxxxxxxxxxxxxxxxxx"

And now you can issue certs with:

  • acme.sh --issue --dns dns_namesilo --dnssleep 900 -d example.com -d www.example.com

4.11 使用自定義API

If your API is not supported yet, you can write your own DNS API.

Let’s assume you want to name it ‘myapi’:

Create a bash script named ~/.acme.sh/dns_myapi.sh,

In the script you must have a function named dns_myapi_add() which will be called by acme.sh to add the DNS records.

Then you can use your API to issue cert like this:

  • acme.sh --issue --dns dns_myapi -d example.com -d www.example.com

五、總結

Let’s Encrypt Wildcard 免費泛域名SSL證書申請與安裝還是比較簡單的,目前我們可以通過腳本來申請Let’s Encrypt泛域名SSL,相信不久之后各大VPS主機控制面板就會有一鍵申請與安裝泛域名SSL證書了。

Let’s Encrypt Wildcard 免費泛域名SSL證書需要用到DNS驗證,附錄里已經列出了各大DNS域名解析獲取API以及簽發SSL證書的命令,大家可以參考一下,如果是簽發泛域名SSL,請把www換成*號即可。

您或許對下面這些文章有興趣:                    本月吐槽辛苦排行榜

看貼要回貼有N種理由!看帖不回貼的后果你懂得的!


評論內容 (*必填):
(Ctrl + Enter提交)   

部落快速搜索欄

各類專題梳理

網站導航欄

X
?
返回頂部
<var id="xpn71"></var>
<ins id="xpn71"></ins>
<cite id="xpn71"><noframes id="xpn71">
<ins id="xpn71"></ins>
<cite id="xpn71"></cite><del id="xpn71"></del> <var id="xpn71"><dl id="xpn71"></dl></var>
<ins id="xpn71"><span id="xpn71"><listing id="xpn71"></listing></span></ins>
<cite id="xpn71"><dl id="xpn71"></dl></cite><ins id="xpn71"></ins>
<thead id="xpn71"><dl id="xpn71"><progress id="xpn71"></progress></dl></thead>
<var id="xpn71"><dl id="xpn71"><listing id="xpn71"></listing></dl></var>
<listing id="xpn71"></listing>
<var id="xpn71"></var><cite id="xpn71"><dl id="xpn71"></dl></cite> <cite id="xpn71"><dl id="xpn71"></dl></cite><menuitem id="xpn71"><dl id="xpn71"><listing id="xpn71"></listing></dl></menuitem>
<progress id="xpn71"><ruby id="xpn71"><span id="xpn71"></span></ruby></progress>
<ins id="xpn71"></ins>
<cite id="xpn71"></cite>
<thead id="xpn71"></thead>
<cite id="xpn71"><video id="xpn71"><thead id="xpn71"></thead></video></cite>
<cite id="xpn71"></cite>
<ins id="xpn71"><dl id="xpn71"></dl></ins>
<thead id="xpn71"><dl id="xpn71"><address id="xpn71"></address></dl></thead>
<thead id="xpn71"></thead><cite id="xpn71"></cite>
<thead id="xpn71"></thead>
<cite id="xpn71"><dl id="xpn71"></dl></cite>
<ins id="xpn71"></ins><address id="xpn71"><i id="xpn71"><th id="xpn71"></th></i></address>
青海快三昨天
<var id="xpn71"></var>
<ins id="xpn71"></ins>
<cite id="xpn71"><noframes id="xpn71">
<ins id="xpn71"></ins>
<cite id="xpn71"></cite><del id="xpn71"></del> <var id="xpn71"><dl id="xpn71"></dl></var>
<ins id="xpn71"><span id="xpn71"><listing id="xpn71"></listing></span></ins>
<cite id="xpn71"><dl id="xpn71"></dl></cite><ins id="xpn71"></ins>
<thead id="xpn71"><dl id="xpn71"><progress id="xpn71"></progress></dl></thead>
<var id="xpn71"><dl id="xpn71"><listing id="xpn71"></listing></dl></var>
<listing id="xpn71"></listing>
<var id="xpn71"></var><cite id="xpn71"><dl id="xpn71"></dl></cite> <cite id="xpn71"><dl id="xpn71"></dl></cite><menuitem id="xpn71"><dl id="xpn71"><listing id="xpn71"></listing></dl></menuitem>
<progress id="xpn71"><ruby id="xpn71"><span id="xpn71"></span></ruby></progress>
<ins id="xpn71"></ins>
<cite id="xpn71"></cite>
<thead id="xpn71"></thead>
<cite id="xpn71"><video id="xpn71"><thead id="xpn71"></thead></video></cite>
<cite id="xpn71"></cite>
<ins id="xpn71"><dl id="xpn71"></dl></ins>
<thead id="xpn71"><dl id="xpn71"><address id="xpn71"></address></dl></thead>
<thead id="xpn71"></thead><cite id="xpn71"></cite>
<thead id="xpn71"></thead>
<cite id="xpn71"><dl id="xpn71"></dl></cite>
<ins id="xpn71"></ins><address id="xpn71"><i id="xpn71"><th id="xpn71"></th></i></address>
<var id="xpn71"></var>
<ins id="xpn71"></ins>
<cite id="xpn71"><noframes id="xpn71">
<ins id="xpn71"></ins>
<cite id="xpn71"></cite><del id="xpn71"></del> <var id="xpn71"><dl id="xpn71"></dl></var>
<ins id="xpn71"><span id="xpn71"><listing id="xpn71"></listing></span></ins>
<cite id="xpn71"><dl id="xpn71"></dl></cite><ins id="xpn71"></ins>
<thead id="xpn71"><dl id="xpn71"><progress id="xpn71"></progress></dl></thead>
<var id="xpn71"><dl id="xpn71"><listing id="xpn71"></listing></dl></var>
<listing id="xpn71"></listing>
<var id="xpn71"></var><cite id="xpn71"><dl id="xpn71"></dl></cite> <cite id="xpn71"><dl id="xpn71"></dl></cite><menuitem id="xpn71"><dl id="xpn71"><listing id="xpn71"></listing></dl></menuitem>
<progress id="xpn71"><ruby id="xpn71"><span id="xpn71"></span></ruby></progress>
<ins id="xpn71"></ins>
<cite id="xpn71"></cite>
<thead id="xpn71"></thead>
<cite id="xpn71"><video id="xpn71"><thead id="xpn71"></thead></video></cite>
<cite id="xpn71"></cite>
<ins id="xpn71"><dl id="xpn71"></dl></ins>
<thead id="xpn71"><dl id="xpn71"><address id="xpn71"></address></dl></thead>
<thead id="xpn71"></thead><cite id="xpn71"></cite>
<thead id="xpn71"></thead>
<cite id="xpn71"><dl id="xpn71"></dl></cite>
<ins id="xpn71"></ins><address id="xpn71"><i id="xpn71"><th id="xpn71"></th></i></address>