2018 年 1 月Let’s Encrypt CA 宣布免费提供通配符证书(Wildcard certificate)。通配符证书是一种可被多个子域使用的公钥证书。这意味着,单个证书可用于提供多台服务器或一台服务器托管的多个子域名的网页加密,显著降低了个人和小型企业采用 HTTPS 的门槛。

acme.sh 实现了 acme 协议, 可以从 letsencrypt 生成免费的证书。安装很简单, 一个命令:

curl https://get.acme.sh | sh

acme.sh 会自动安装到你的用户home目录:~/.acme.sh/并创建 一个 bash 的 alias, 方便使用: acme.sh=~/.acme.sh/acme.sh

附录:各大DNS API获取与签发SSL
泛域名解析请将-d www.example.com修改为-d *.example.com
1 CloudFlare DNS API

First you need to login to your CloudFlare account to get your API key.

export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export CF_Email="xxxx@sss.com"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_cf -d example.com -d www.example.com

The CF_Key and CF_Email will be saved in ~/.acme.sh/account.conf and will be reused when needed.

2 DNSPod DNS API

First you need to login to your DNSPod account to get your API Key and ID.

export DP_Id=""

export DP_Key="sADDsdasdgdsf"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_dp -d example.com -d www.example.com

The DP_Id and DP_Key will be saved in ~/.acme.sh/account.conf and will be reused when needed.

3 CloudXNS DNS API

First you need to login to your CloudXNS account to get your API Key and Secret.

export CX_Key=""

export CX_Secret="sADDsdasdgdsf"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_cx -d example.com -d www.example.com

The CX_Key and CX_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4 阿里云Aliyun DNS API

First you need to login to your 阿里云 Aliyun account to get your API key. https://ak-console.aliyun.com/#/accesskey

export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_ali -d example.com -d www.example.com

The Ali_Key and Ali_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

5 GoDaddy DNS API

First you need to login to your GoDaddy account to get your API Key and Secret. https://developer.godaddy.com/keys/

Please create a Production key, instead of a Test key.

export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_gd -d example.com -d www.example.com

The GD_Key and GD_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

6 PowerDNS DNS API

First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration. https://doc.powerdns.com/md/httpapi/README/

export PDNS_Url="http://ns.example.com:8081"

export PDNS_ServerId="localhost"

export PDNS_Token="0123456789ABCDEF"

export PDNS_Ttl=

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_pdns -d example.com -d www.example.com

The PDNS_Url, PDNS_ServerId, PDNS_Token and PDNS_Ttl will be saved in ~/.acme.sh/account.conf and will be reused when needed.

7 Amazon Route53 DNS API

方法见:https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API

export AWS_ACCESS_KEY_ID=XXXXXXXXXX

export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX

To issue a cert:

acme.sh --issue --dns dns_aws -d example.com -d www.example.com

The AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY will be saved in ~/.acme.sh/account.conf and will be reused when needed.

8 Linode DNS API

First you need to login to your Linode account to get your API Key. https://manager.linode.com/profile/api

Then add an API key with label ACME and copy the new key.

export LINODE_API_KEY="..."

Due to the reload time of any changes in the DNS records, we have to use the dnssleep option to wait at least 15 minutes for the changes to take effect.

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_linode --dnssleep  -d example.com -d www.example.com

The LINODE_API_KEY will be saved in ~/.acme.sh/account.conf and will be reused when needed.

9 DigitalOcean DNS API (native)

You need to obtain a read and write capable API key from your DigitalOcean account. See: https://www.digitalocean.com/help/api/

export DO_API_KEY="92ae126553ebd61ac3a3ae34834cc"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_dgon -d example.com -d www.example.com

10 Namesilo DNS API

You’ll need to generate an API key at https://www.namesilo.com/account_api.php Optionally you may restrict the access to an IP range there.

export Namesilo_Key="xxxxxxxxxxxxxxxxxxxxxxxx"

And now you can issue certs with:

acme.sh --issue --dns dns_namesilo --dnssleep  -d example.com -d www.example.com

11 使用自定义API

If your API is not supported yet, you can write your own DNS API.

Let’s assume you want to name it ‘myapi’:

Create a bash script named

~/.acme.sh/dns_myapi.sh

In the script you must have a function named dns_myapi_add() which will be called by acme.sh to add the DNS records.

Then you can use your API to issue cert like this:

acme.sh --issue --dns dns_myapi -d example.com -d www.example.com

Let’s Encrypt Wildcard 免费泛域名SSL证书获取安装的更多相关文章

  1. Let'sEncrypt 免费通配符/泛域名SSL证书添加使用教程

    Let'sEncrypt 免费通配符/泛域名SSL证书添加使用教程 通配符证书一般还是比较贵的一般最便宜的通配符证书5.60美元一年,只不过Let'sEncrypt的有效期是3个月,对于一般用户来说基 ...

  2. CentOS 7配置Let’s Encrypt支持免费泛域名证书

    Let’s Encrypt从2018年开始支持泛域名证书,有效期3个月,目前仅支持acme方式申请,暂不支持certbot. 1.安装acme.sh curl https://get.acme.sh ...

  3. let's encrypt部署免费泛域名证书

    环境说明 [root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) [root@localhos ...

  4. Let's Encrypt泛域名SSL证书申请

    操作系统:CentOS 7 github:https://github.com/Neilpang/acme.sh 有中文说明: https://github.com/Neilpang/acme.sh ...

  5. [细节版]Let'sEncrypt 免费通配符/泛域名SSL证书添加使用教程

    参考网址:https://lnmp.org/faq/letsencrypt-wildcard-ssl.html 使用的dns服务商:阿里云 , 更多服务商地址可见参考网址. 遇见的问题一. [Sat ...

  6. Let's Encrypt免费泛域名证书申请

    一. 下载acme.sh,以下四条命令任选一条即可 curl https://get.acme.sh | shwget -O - https://get.acme.sh | sh curl https ...

  7. Let’s encrypt 计划为网站提供免费的基本 SSL 证书,以加速互联网从 HTTP 向 HTTPS 过渡。

    Let’s encrypt 计划为网站提供免费的基本 SSL 证书,以加速互联网从 HTTP 向 HTTPS 过渡. 该项目由Mozilla.Cisco.Akamai.IdenTrust.EFF 和密 ...

  8. CA机构介绍(Certificate Authority 域名SSL证书颁发机构)

    SSL证书机构即CA机构的全称为Certificate Authority证书认证中心,只有通过WebTrust国际安全审计认证,根证书才能预装到主流浏览器,成为全球可信的ssl证书颁发机构. HTT ...

  9. 使用 certbot 申请泛域名https证书

    使用 certbot 申请泛域名https证书 Intro Certbot 是一个基于 Let's Encrypt 的自动化申请证书的工具,支持的系统和web server也很多,详见 Certbot ...

随机推荐

  1. 杂项:电子表格程序-u

    ylbtech-杂项:电子表格程序-u 1.返回顶部 1.1 https://www.gemboxsoftware.com/spreadsheet 1.1 https://www.spreadshee ...

  2. HDU 1205 吃糖果 (鸽巢原理)

    题目链接:HDU 1205 Problem Description HOHO,终于从Speakless手上赢走了所有的糖果,是Gardon吃糖果时有个特殊的癖好,就是不喜欢将一样的糖果放在一起吃,喜欢 ...

  3. Cocos2d 之FlyBird开发---GameScore类

    |   版权声明:本文为博主原创文章,未经博主允许不得转载. 这个类主要实现的是,显示历次成绩中的最好成绩.当然我写的这个很简洁,还可以写的更加的丰富.下面贴上代码: GameScore.h #ifn ...

  4. python-django之cookie及session

    Cookie Cookie的由来 Http协议是无状态的 无状态的意思是每次都是独立的请求存在,它的执行情况和结果与前面的请求和后面的请求都无直接关系,它不会受到前面的请求响应情况直接影响,也不会直接 ...

  5. python面试题之请谈谈.pyc文件和.py文件的不同之处

    虽然这两种文件均保存字节代码,但.pyc文件是Python文件的编译版本,它有平台无关的字节代码,因此我们可以在任何支持.pyc格式文件的平台上执行它.Python会自动生成它以优化性能(加载时间,而 ...

  6. How To Release and/or Renew IP Addresses on Windows XP | 2000 | NT

    Type 'ipconfig' (without the quotes) to view the status of the computer's IP address(es). If the com ...

  7. POJ 2412 /// 空间几何 经纬度转三维坐标 角度转弧度 法向量

    题目大意: 给定半径6378km的球上的 多个地点 及其  经纬度 多个询问 给定三个地点 A B C A与B的等距点在球上形成一个大圆 即球面上有一个到两点距离相等的大圆 且大圆所在平面垂直两点连线 ...

  8. L2Dwidget

    只需要在[页首html代码]中引入L2Dwidget.js即可.<!-- 右下角live2d效果 --> <script src="https://eqcn.ajz.mie ...

  9. border-radius使用的一些问题(不起作用?)

    出现这种问题,border-radius没有达到自己想要的效果(小程序中) 原因:border-radius定义了border的圆角,未定义span元素的圆角范围 解决:不设置border,则bord ...

  10. SQL数据库—<6-001> 常用系统存储过程大全 --摘录网

    -- 来源于网络 -- 更详细的介结参考联机帮助文档 xp_cmdshell --*执行DOS各种命令,结果以文本行返回. xp_fixeddrives --*查询各磁盘/分区可用空间 xp_logi ...