2018 年 1 月Let’s Encrypt CA 宣布免费提供通配符证书(Wildcard certificate)。通配符证书是一种可被多个子域使用的公钥证书。这意味着,单个证书可用于提供多台服务器或一台服务器托管的多个子域名的网页加密,显著降低了个人和小型企业采用 HTTPS 的门槛。

acme.sh 实现了 acme 协议, 可以从 letsencrypt 生成免费的证书。安装很简单, 一个命令:

curl https://get.acme.sh | sh

acme.sh 会自动安装到你的用户home目录:~/.acme.sh/并创建 一个 bash 的 alias, 方便使用: acme.sh=~/.acme.sh/acme.sh

附录:各大DNS API获取与签发SSL
泛域名解析请将-d www.example.com修改为-d *.example.com
1 CloudFlare DNS API

First you need to login to your CloudFlare account to get your API key.

export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export CF_Email="xxxx@sss.com"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_cf -d example.com -d www.example.com

The CF_Key and CF_Email will be saved in ~/.acme.sh/account.conf and will be reused when needed.

2 DNSPod DNS API

First you need to login to your DNSPod account to get your API Key and ID.

export DP_Id=""

export DP_Key="sADDsdasdgdsf"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_dp -d example.com -d www.example.com

The DP_Id and DP_Key will be saved in ~/.acme.sh/account.conf and will be reused when needed.

3 CloudXNS DNS API

First you need to login to your CloudXNS account to get your API Key and Secret.

export CX_Key=""

export CX_Secret="sADDsdasdgdsf"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_cx -d example.com -d www.example.com

The CX_Key and CX_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4 阿里云Aliyun DNS API

First you need to login to your 阿里云 Aliyun account to get your API key. https://ak-console.aliyun.com/#/accesskey

export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_ali -d example.com -d www.example.com

The Ali_Key and Ali_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

5 GoDaddy DNS API

First you need to login to your GoDaddy account to get your API Key and Secret. https://developer.godaddy.com/keys/

Please create a Production key, instead of a Test key.

export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_gd -d example.com -d www.example.com

The GD_Key and GD_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

6 PowerDNS DNS API

First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration. https://doc.powerdns.com/md/httpapi/README/

export PDNS_Url="http://ns.example.com:8081"

export PDNS_ServerId="localhost"

export PDNS_Token="0123456789ABCDEF"

export PDNS_Ttl=

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_pdns -d example.com -d www.example.com

The PDNS_Url, PDNS_ServerId, PDNS_Token and PDNS_Ttl will be saved in ~/.acme.sh/account.conf and will be reused when needed.

7 Amazon Route53 DNS API

方法见:https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API

export AWS_ACCESS_KEY_ID=XXXXXXXXXX

export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX

To issue a cert:

acme.sh --issue --dns dns_aws -d example.com -d www.example.com

The AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY will be saved in ~/.acme.sh/account.conf and will be reused when needed.

8 Linode DNS API

First you need to login to your Linode account to get your API Key. https://manager.linode.com/profile/api

Then add an API key with label ACME and copy the new key.

export LINODE_API_KEY="..."

Due to the reload time of any changes in the DNS records, we have to use the dnssleep option to wait at least 15 minutes for the changes to take effect.

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_linode --dnssleep  -d example.com -d www.example.com

The LINODE_API_KEY will be saved in ~/.acme.sh/account.conf and will be reused when needed.

9 DigitalOcean DNS API (native)

You need to obtain a read and write capable API key from your DigitalOcean account. See: https://www.digitalocean.com/help/api/

export DO_API_KEY="92ae126553ebd61ac3a3ae34834cc"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_dgon -d example.com -d www.example.com

10 Namesilo DNS API

You’ll need to generate an API key at https://www.namesilo.com/account_api.php Optionally you may restrict the access to an IP range there.

export Namesilo_Key="xxxxxxxxxxxxxxxxxxxxxxxx"

And now you can issue certs with:

acme.sh --issue --dns dns_namesilo --dnssleep  -d example.com -d www.example.com

11 使用自定义API

If your API is not supported yet, you can write your own DNS API.

Let’s assume you want to name it ‘myapi’:

Create a bash script named

~/.acme.sh/dns_myapi.sh

In the script you must have a function named dns_myapi_add() which will be called by acme.sh to add the DNS records.

Then you can use your API to issue cert like this:

acme.sh --issue --dns dns_myapi -d example.com -d www.example.com

Let’s Encrypt Wildcard 免费泛域名SSL证书获取安装的更多相关文章

  1. Let'sEncrypt 免费通配符/泛域名SSL证书添加使用教程

    Let'sEncrypt 免费通配符/泛域名SSL证书添加使用教程 通配符证书一般还是比较贵的一般最便宜的通配符证书5.60美元一年,只不过Let'sEncrypt的有效期是3个月,对于一般用户来说基 ...

  2. CentOS 7配置Let’s Encrypt支持免费泛域名证书

    Let’s Encrypt从2018年开始支持泛域名证书,有效期3个月,目前仅支持acme方式申请,暂不支持certbot. 1.安装acme.sh curl https://get.acme.sh ...

  3. let's encrypt部署免费泛域名证书

    环境说明 [root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) [root@localhos ...

  4. Let's Encrypt泛域名SSL证书申请

    操作系统:CentOS 7 github:https://github.com/Neilpang/acme.sh 有中文说明: https://github.com/Neilpang/acme.sh ...

  5. [细节版]Let'sEncrypt 免费通配符/泛域名SSL证书添加使用教程

    参考网址:https://lnmp.org/faq/letsencrypt-wildcard-ssl.html 使用的dns服务商:阿里云 , 更多服务商地址可见参考网址. 遇见的问题一. [Sat ...

  6. Let's Encrypt免费泛域名证书申请

    一. 下载acme.sh,以下四条命令任选一条即可 curl https://get.acme.sh | shwget -O - https://get.acme.sh | sh curl https ...

  7. Let’s encrypt 计划为网站提供免费的基本 SSL 证书,以加速互联网从 HTTP 向 HTTPS 过渡。

    Let’s encrypt 计划为网站提供免费的基本 SSL 证书,以加速互联网从 HTTP 向 HTTPS 过渡. 该项目由Mozilla.Cisco.Akamai.IdenTrust.EFF 和密 ...

  8. CA机构介绍(Certificate Authority 域名SSL证书颁发机构)

    SSL证书机构即CA机构的全称为Certificate Authority证书认证中心,只有通过WebTrust国际安全审计认证,根证书才能预装到主流浏览器,成为全球可信的ssl证书颁发机构. HTT ...

  9. 使用 certbot 申请泛域名https证书

    使用 certbot 申请泛域名https证书 Intro Certbot 是一个基于 Let's Encrypt 的自动化申请证书的工具,支持的系统和web server也很多,详见 Certbot ...

随机推荐

  1. python分类预测模型的特点

    python分类预测模型的特点 模型 模型特点 位于 SVM 强大的模型,可以用来回归,预测,分类等,而根据选取不同的和函数,模型可以是线性的/非线性的 sklearn.svm 决策树 基于" ...

  2. ubuntu 设置固定IP

    vim  /etc/network/interface address   要固定的IP地址 netmask  子网掩码  A类地址 默认255.0.0.0   B类地址默 255.255.0.0  ...

  3. tensorflow|tf.train.slice_input_producer|tf.train.Coordinator|tf.train.start_queue_runners

    #### ''' tf.train.slice_input_producer :定义样本放入文件名队列的方式[迭代次数,是否乱序],但此时文件名队列还没有真正写入数据 slice_input_prod ...

  4. Oracle 11g Compound Trigger

    Original Link In Oracle 11g, the concept of compound trigger was introduced. A compound trigger is a ...

  5. Debian 防火墙 打开 关闭

    Debian原来用的是UFW防火墙,之前没接触过这种类型防火墙,懵逼了半天,这里记录一下简单的使用规则,后期在使用过程中慢慢完善UFW防火墙的使用操作方法: 查看防火墙现有规则: ufw status ...

  6. 转 Page Object模式

    Page Object模式是Selenium中的一种测试设计模式,主要是将每一个页面设计为一个Class,其中包含页面中需要测试的元素(按钮,输入框,标题 等),这样在Selenium测试页面中可以通 ...

  7. 这么简单的 Redis 面试题都不懂,怎么拿offer?

    来源:mp.weixin.qq.com/s/daBkliC8dAT_zYyoLiS7WA 随着系统访问量的提高,复杂度的提升,响应性能成为一个重点的关注点.而缓存的使用成为一个重点.redis 作为缓 ...

  8. 讲真,下次打死我也不敢随便改serialVersionUID了

    讲真,下次打死我也不敢随便改serialVersionUID了 码农沉思录 码农沉思录 微信号 code-thinker 功能介绍 笔者为国内某知名企业不知名码农,专注Java Web领域多年,有丰富 ...

  9. JavaScript — event介绍以及兼容处理

    JavaScript - event介绍以及兼容处理 1.事件流 浏览器发展到第四代时(IE4及 Netscape Communicator 4),浏览器开发团队遇到一个问题:页面的哪个部分会拥有某个 ...

  10. 将循环结果通过管道 传递给其他命令处理(done |)