使用Certbot申请证书

使用certbot申请*通配符证书，使用letsencrypt证书服务，使用DNS方式手动验证
certbot certonly --preferred-challenges dns --manual -d *.test.cn --server https://acme-v02.api.letsencrypt.org/directory
申请过程：
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.test.cn

---

Please deploy a DNS TXT record under the name:

_acme-challenge.test.cn.

with the following value:

Zrs3unTYtP3NfuZ9Z43O5ozijIbeh9Rz2ecq5NE1QrA

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.test.cn.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

---

Press Enter to Continue

创建计划任务自动复制证书文件到指定目录：
0 0 * * * /bin/cp /etc/letsencrypt/live/test.cn/* /opt/ssl/test.cn

手动复制证书文件到指定目录：
cp -f /etc/letsencrypt/live/test.cn/* /opt/ssl/test.cn

转换为PFX格式证书，用于IIS：
openssl pkcs12 -export -out test.com.pfx -in fullchain.pem -inkey privkey.pem

查看所申请的证书信息：
certbot certificates

源文档 https://eff-certbot.readthedocs.io/en/stable/using.html#dns-plugins