2018 年 1 月Let’s Encrypt CA 宣布免费提供通配符证书(Wildcard certificate)。通配符证书是一种可被多个子域使用的公钥证书。这意味着,单个证书可用于提供多台服务器或一台服务器托管的多个子域名的网页加密,显著降低了个人和小型企业采用 HTTPS 的门槛。

acme.sh 实现了 acme 协议, 可以从 letsencrypt 生成免费的证书。安装很简单, 一个命令:

curl https://get.acme.sh | sh

acme.sh 会自动安装到你的用户home目录:~/.acme.sh/并创建 一个 bash 的 alias, 方便使用: acme.sh=~/.acme.sh/acme.sh

附录:各大DNS API获取与签发SSL
泛域名解析请将-d www.example.com修改为-d *.example.com
1 CloudFlare DNS API

First you need to login to your CloudFlare account to get your API key.

export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export CF_Email="xxxx@sss.com"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_cf -d example.com -d www.example.com

The CF_Key and CF_Email will be saved in ~/.acme.sh/account.conf and will be reused when needed.

2 DNSPod DNS API

First you need to login to your DNSPod account to get your API Key and ID.

export DP_Id=""

export DP_Key="sADDsdasdgdsf"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_dp -d example.com -d www.example.com

The DP_Id and DP_Key will be saved in ~/.acme.sh/account.conf and will be reused when needed.

3 CloudXNS DNS API

First you need to login to your CloudXNS account to get your API Key and Secret.

export CX_Key=""

export CX_Secret="sADDsdasdgdsf"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_cx -d example.com -d www.example.com

The CX_Key and CX_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

4 阿里云Aliyun DNS API

First you need to login to your 阿里云 Aliyun account to get your API key. https://ak-console.aliyun.com/#/accesskey

export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_ali -d example.com -d www.example.com

The Ali_Key and Ali_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

5 GoDaddy DNS API

First you need to login to your GoDaddy account to get your API Key and Secret. https://developer.godaddy.com/keys/

Please create a Production key, instead of a Test key.

export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"

export GD_Secret="asdfsdafdsfdsfdsfdsfdsafd"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_gd -d example.com -d www.example.com

The GD_Key and GD_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.

6 PowerDNS DNS API

First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration. https://doc.powerdns.com/md/httpapi/README/

export PDNS_Url="http://ns.example.com:8081"

export PDNS_ServerId="localhost"

export PDNS_Token="0123456789ABCDEF"

export PDNS_Ttl=

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_pdns -d example.com -d www.example.com

The PDNS_Url, PDNS_ServerId, PDNS_Token and PDNS_Ttl will be saved in ~/.acme.sh/account.conf and will be reused when needed.

7 Amazon Route53 DNS API

方法见:https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API

export AWS_ACCESS_KEY_ID=XXXXXXXXXX

export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX

To issue a cert:

acme.sh --issue --dns dns_aws -d example.com -d www.example.com

The AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY will be saved in ~/.acme.sh/account.conf and will be reused when needed.

8 Linode DNS API

First you need to login to your Linode account to get your API Key. https://manager.linode.com/profile/api

Then add an API key with label ACME and copy the new key.

export LINODE_API_KEY="..."

Due to the reload time of any changes in the DNS records, we have to use the dnssleep option to wait at least 15 minutes for the changes to take effect.

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_linode --dnssleep  -d example.com -d www.example.com

The LINODE_API_KEY will be saved in ~/.acme.sh/account.conf and will be reused when needed.

9 DigitalOcean DNS API (native)

You need to obtain a read and write capable API key from your DigitalOcean account. See: https://www.digitalocean.com/help/api/

export DO_API_KEY="92ae126553ebd61ac3a3ae34834cc"

Ok, let’s issue a cert now:

acme.sh --issue --dns dns_dgon -d example.com -d www.example.com

10 Namesilo DNS API

You’ll need to generate an API key at https://www.namesilo.com/account_api.php Optionally you may restrict the access to an IP range there.

export Namesilo_Key="xxxxxxxxxxxxxxxxxxxxxxxx"

And now you can issue certs with:

acme.sh --issue --dns dns_namesilo --dnssleep  -d example.com -d www.example.com

11 使用自定义API

If your API is not supported yet, you can write your own DNS API.

Let’s assume you want to name it ‘myapi’:

Create a bash script named

~/.acme.sh/dns_myapi.sh

In the script you must have a function named dns_myapi_add() which will be called by acme.sh to add the DNS records.

Then you can use your API to issue cert like this:

acme.sh --issue --dns dns_myapi -d example.com -d www.example.com

Let’s Encrypt Wildcard 免费泛域名SSL证书获取安装的更多相关文章

  1. Let'sEncrypt 免费通配符/泛域名SSL证书添加使用教程

    Let'sEncrypt 免费通配符/泛域名SSL证书添加使用教程 通配符证书一般还是比较贵的一般最便宜的通配符证书5.60美元一年,只不过Let'sEncrypt的有效期是3个月,对于一般用户来说基 ...

  2. CentOS 7配置Let’s Encrypt支持免费泛域名证书

    Let’s Encrypt从2018年开始支持泛域名证书,有效期3个月,目前仅支持acme方式申请,暂不支持certbot. 1.安装acme.sh curl https://get.acme.sh ...

  3. let's encrypt部署免费泛域名证书

    环境说明 [root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) [root@localhos ...

  4. Let's Encrypt泛域名SSL证书申请

    操作系统:CentOS 7 github:https://github.com/Neilpang/acme.sh 有中文说明: https://github.com/Neilpang/acme.sh ...

  5. [细节版]Let'sEncrypt 免费通配符/泛域名SSL证书添加使用教程

    参考网址:https://lnmp.org/faq/letsencrypt-wildcard-ssl.html 使用的dns服务商:阿里云 , 更多服务商地址可见参考网址. 遇见的问题一. [Sat ...

  6. Let's Encrypt免费泛域名证书申请

    一. 下载acme.sh,以下四条命令任选一条即可 curl https://get.acme.sh | shwget -O - https://get.acme.sh | sh curl https ...

  7. Let’s encrypt 计划为网站提供免费的基本 SSL 证书,以加速互联网从 HTTP 向 HTTPS 过渡。

    Let’s encrypt 计划为网站提供免费的基本 SSL 证书,以加速互联网从 HTTP 向 HTTPS 过渡. 该项目由Mozilla.Cisco.Akamai.IdenTrust.EFF 和密 ...

  8. CA机构介绍(Certificate Authority 域名SSL证书颁发机构)

    SSL证书机构即CA机构的全称为Certificate Authority证书认证中心,只有通过WebTrust国际安全审计认证,根证书才能预装到主流浏览器,成为全球可信的ssl证书颁发机构. HTT ...

  9. 使用 certbot 申请泛域名https证书

    使用 certbot 申请泛域名https证书 Intro Certbot 是一个基于 Let's Encrypt 的自动化申请证书的工具,支持的系统和web server也很多,详见 Certbot ...

随机推荐

  1. 热经-北京中地时空数码科技有限公司-研发工程师(WEBGIS方向)

    一面: 登记,填写个人信息 笔试 选择题: HTML,CSS,JS 的选择题,都是基础题.其中有一道问哪个不是 document 的属性或方法,我在 bgColor 和 focus() 上面纠结了一下 ...

  2. Chrome-逆向分析JS-1分析google网站翻译器原文存放位置

    剧透:就是使用了一下 Chrome DevTools 的 Memory 功能,通过已知的 JS 变量的值查找 JS 内存中变量的引用 # 一:不分析一下现有的网页翻译方法么? 总所周知,(As is ...

  3. 2015年6月发布了ECMAScript6版本

    2015年6月 node.js.npm | cnpm.cli angular2.x.react.js.Vue.js

  4. USACO 5.4 章节

    Canada Tour 题目大意 双向连通图,点从左向右排列, 你需要先从最左的点到最右的点,(过程中只能从左向右走) 然后再从最右的点返回最左的点,(过程中只能从右向左走) 过程中除了最左的点,其它 ...

  5. js中浅谈this对象(未补充完整)

    什么是this? 1.javascript语言中,一切皆为对象(除了 undefined 和 null 之外),运行环境也是对象,所以函数都是在某个对象之中运行,this就是这个对象(环境). 2.t ...

  6. Java并发Condition接口

    java.util.concurrent.locks.Condition接口提供一个线程挂起执行的能力,直到给定的条件为真. Condition对象必须绑定到Lock,并使用newCondition( ...

  7. fiddler如何抓取https接口

    1.Fiddler工作原理:    Fiddler 是以代理 web 服务器的形式工作的,它使用代理地址:127.0.0.1端口:8888. 当 Fiddler 退出的时候它会自动注销,这样就不会影响 ...

  8. 一个spark SQL和DataFrames的故事

    package com.lin.spark import org.apache.spark.sql.{Row, SparkSession} import org.apache.spark.sql.ty ...

  9. 对php引用的理解

    /** * 引用是符号表别名 */ // $a与$b指向同一个变量 $a = &$b; // 定义函数foo,参数为引用类型:&$var,无函数体 function foo(& ...

  10. LeetCode Array Easy 219. Contains Duplicate II

    ---恢复内容开始--- Description Given an array of integers and an integer k, find out whether there are two ...