通过 certbot 免费获取SSL证书

在Linux里执行： sudo certbot certonly --manual --preferred-challenges dns -d xxx.yyy.com 命令中需要修改的内容为，-d 之后的具体参数， 修改为你需要的域名。 其中一步需要你配合certbot验证域名，需要在你的域名供应商处创建一个指定的子域名，并将其设置为TXT型，在TXT中指定certbot要求的形式，例如： Please deploy a DNS TXT record under the name:

• 以下为certbot要求追加的子域名： _acme-challenge.xxx.yyy.com.
• 以下为certbot要求返回的内容： with the following value:

_E1SWxcIvt0kB892ePWK3TMSwki4N2ch4xDbXdXh3Nk

• 获得的证书位置：

1. Certificate is saved at: /etc/letsencrypt/live/xxx.yyy.com/fullchain.pem
2. Key is saved at: /etc/letsencrypt/live/xxx.yyy.com/privkey.pem

• 以下为一个完整的例子：

 

qinxizhou\>sudo certbot certonly --manual --preferred-challenges dns -d xxx.yyy.com
[sudo] password for qinxizhou: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for xxx.yyy.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.xxx.yyy.com.

with the following value:

_E1SWxcIvt0kB892ePWK3TMSwki4N2ch4xDbXdXh3Nk

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.xxx.yyy.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/xxx.yyy.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/xxx.yyy.com/privkey.pem
This certificate expires on 2025-05-21.
These files will be updated when the cert
ificate renews.