{"id":584,"date":"2022-09-15T11:31:42","date_gmt":"2022-09-15T03:31:42","guid":{"rendered":"https:\/\/blogs.woria.cn\/?p=584"},"modified":"2022-09-15T11:33:30","modified_gmt":"2022-09-15T03:33:30","slug":"%e4%bd%bf%e7%94%a8certbot%e6%9d%a5%e8%87%aa%e5%8a%a8%e7%bb%ad%e6%9c%9fhttps%e8%af%81%e4%b9%a6%ef%bc%88%e4%bb%85%e5%81%9a%e7%95%99%e5%a4%87%ef%bc%89","status":"publish","type":"post","link":"https:\/\/blogs.woria.cn\/?p=584","title":{"rendered":"\u4f7f\u7528certbot\u6765\u81ea\u52a8\u7eed\u671fhttps\u8bc1\u4e66\uff08\u4ec5\u505a\u7559\u5907\uff09"},"content":{"rendered":"\n

\u9996\u5148\u662f\u901a\u8fc7webroot\u65b9\u5f0f\uff0c\u8fdb\u884c\u6cdb\u89e3\u6790\u8bc1\u4e66\u7eed\u671f\u662f\u4e0d\u5141\u8bb8\u7684\u3002<\/p>\n\n\n\n

\u56e0\u4e3a\u6cdb\u89e3\u6790\u8bc1\u4e66\u5fc5\u987b\u4f7f\u7528dns\u6216\u8005webserver\u6a21\u5f0f\u3002<\/p>\n\n\n\n

\u5b89\u88c5nginx\u6216\u8005apache\u63d2\u4ef6\uff0c\u53c8\u8981\u91cd\u542f\u3001\u53c8\u8981\u81ea\u52a8\u66f4\u65b0\u865a\u62df\u4e3b\u673a\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u786e\u5b9e\u5f88\u9ebb\u70e6\uff0c\u6682\u4e14\u5f03\u7528\u3002<\/p>\n\n\n\n

certbot\u53ef\u4ee5\u4f7f\u7528dns\u63d2\u4ef6\u6765\u8fdb\u884cdns\u6a21\u5f0f\u7684\u8bc1\u4e66\u914d\u7f6e\u3002<\/p>\n\n\n\n

\u6211\u81ea\u5df1\u4f7f\u7528\u7684\u662fdnspod\u7684\u57df\u540d\u89e3\u6790\u3002dnspod\u652f\u6301token\u4ee4\u724c\u8bbf\u95ee\u5b83\u7684api\u8fdb\u884cdns\u8bb0\u5f55\u589e\u5220\u3002<\/p>\n\n\n\n

\u4f46\u662fcertbot\u5b98\u65b9\u6ca1\u6709\u8ba4\u8bc1\u7684dns\u63d2\u4ef6\u652f\u6301dnspod\uff0c\u6211\u4eec\u4f7f\u7528\u4e00\u4e2apython\u5199\u7684\u63d2\u4ef6\u3002<\/p>\n\n\n\n

\u9996\u5148\u6765\u5b89\u88c5\u8fd9\u4e2a\u63d2\u4ef6\uff0c\u9700\u8981\u7528\u5230pip\u8fdb\u884c\u5b89\u88c5\u3002<\/p>\n\n\n\n

\u5b89\u88c5pip\u7684\u547d\u4ee4<\/p>\n\n\n\n

curl https:\/\/bootstrap.pypa.io\/pip\/2.7\/get-pip.py -o get-pip.py<\/code><\/pre>\n\n\n\n
\u5982\u679c\u7cfb\u7edf\u7684python\u662f2.7\u7248\u672c\u7684\u3002\u5c31\u9700\u8981\u901a\u8fc7\u4e0a\u8ff0\u547d\u4ee4\u5b89\u88c5\u5339\u914d\u7684pip\u3002<\/p>\n\n\n\n
\u5982\u679c\u662f\u5176\u4ed6\u7248\u672c\uff0c\u5728\u4e3b\u7ad9\u4e0a\u9009\u62e9\u5bf9\u5e94\u7248\u672c\u3002<\/p>\n\n\n\n
\u6267\u884c\u5b89\u88c5\uff1a<\/p>\n\n\n\n
python get-pip.py\n#\u67e5\u770b\u7248\u672c\npip -V\n#\u6267\u884c\u66f4\u65b0\npip install --upgrade pip\n#\u5b89\u88c5dnspod\u7684certbot\u63d2\u4ef6\npip install certbot-dns-dnspod<\/code><\/pre>\n\n\n\n
\u5b89\u88c5\u7ed3\u675f\u540e\uff0c\u9700\u8981\u5230dnspod\u7533\u8bf7\u4e00\u4e2atoken\u4ee4\u724c\u3002<\/p>\n\n\n\n
https:\/\/console.dnspod.cn\/account\/token\/token<\/a><\/p>\n\n\n\n
\u5230\u4e0a\u8ff0\u94fe\u63a5\u7533\u8bf7\u4f60\u81ea\u5df1\u7684token\u3002\u7136\u540e\u6211\u4eec\u5728certbot\u76ee\u5f55\u4e2d\u5199\u4e00\u4e2a\u914d\u7f6e\u6587\u4ef6<\/p>\n\n\n\n
vim \/etc\/letsencrypt\/dnspod.conf\n#\u914d\u7f6e\u81ea\u5df1\u7533\u8bf7\u7684\u8d26\u6237\u4fe1\u606f\ncertbot_dns_dnspod:dns_dnspod_email = \"\u4f60\u7684\u90ae\u7bb1\"\ncertbot_dns_dnspod:dns_dnspod_api_token = \"\u4f60\u7684id,\u4f60\u7684token\"<\/code><\/pre>\n\n\n\n
\u7136\u540e\u6211\u4eec\u5c31\u53ef\u4ee5\u4f7f\u7528dns\u63d2\u4ef6\u6a21\u5f0f\u6765\u7533\u8bf7\u6cdb\u89e3\u6790\u7684\u57df\u540d\u8bc1\u4e66\u4e86\u3002\u547d\u4ee4\u683c\u5f0f\u5982\u4e0b\uff1a<\/p>\n\n\n\n
certbot certonly -a certbot-dns-dnspod:dns-dnspod \n--certbot-dns-dnspod:dns-dnspod-credentials \/etc\/letsencrypt\/dnspod.conf \n-d *.woria.cn \n-d woria.cn\n--server https:\/\/acme-v02.api.letsencrypt.org\/directory<\/code><\/pre>\n\n\n\n
\u7b2c\u4e00\u884c\u8868\u793a\u4ec5\u7528\u6765\u7533\u8bf7\u8bc1\u4e66\u3002\u4f7f\u7528dns\u63d2\u4ef6\u6a21\u5f0f\uff0c\u63d2\u4ef6\u540d\u5b57\uff1adns-dnspod<\/p>\n\n\n\n
\u7b2c\u4e8c\u884c\u8868\u793a\u63d2\u4ef6\u7684\u914d\u7f6e\u6587\u4ef6\u662f\/etc\/letsencrypt\/dnspod.conf<\/p>\n\n\n\n
\u7b2c\u4e09\u884c\u548c\u7b2c\u56db\u884c-d \u8868\u793a\u6dfb\u52a0\u57df\u540d<\/p>\n\n\n\n
\u7b2c\u56db\u884c\u5219\u58f0\u660e\u4f7f\u7528letsencrypt\u6765\u4f5c\u4e3a\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u3002<\/p>\n\n\n\n
<\/p>\n\n\n\n
\u6574\u5b8c\u4e4b\u540e\uff0c\u5982\u679c\u60f3\u5bf9\u73b0\u5728\u7533\u8bf7\u7684\u8bc1\u4e66\u8fdb\u884c\u6e05\u7406\u3002\u53ef\u4ee5\u4f7f\u7528\u5982\u4e0b\u4e24\u4e2a\u547d\u4ee4\uff1a<\/p>\n\n\n\n
#\u67e5\u8be2\u672c\u5730\u7533\u8bf7\u7684\u8bc1\u4e66\u6e05\u5355\ncertbot certificates\n#\u5220\u9664\u672c\u5730\u7533\u8bf7\u7684\u8bc1\u4e66\u6e05\u5355\ncertbot delete --cert-name <\/code><\/pre>\n\n\n\n
\u6574\u5b8c\u4e4b\u540e\uff0c\u6211\u4eec\u5148\u6d4b\u8bd5\u4e00\u4e0b\u9700\u6c42\u547d\u4ee4\u662f\u5426\u5f02\u5e38<\/p>\n\n\n\n
\/usr\/bin\/certbot renew –force-renewal<\/p>\n\n\n\n
–force-renewal \u4e3a\u5f3a\u5236\u66f4\u65b0<\/p>\n\n\n\n
\u6ca1\u5565\u6bdb\u75c5\uff0c\u6211\u4eec\u6765\u6dfb\u52a0\u8ba1\u5212\u4efb\u52a1<\/p>\n\n\n\n
#\u81ea\u52a8\u66f4\u65b0https\u8bc1\u4e66\n13 3 * * 6 \/usr\/bin\/certbot renew --force-renewal >> \/var\/log\/certbot-renew.log\n#\u81ea\u52a8\u66f4\u65b0https\u8bc1\u4e66\u540e\uff0c\u91cd\u542fnginx\n23 3 * * 6 systemctl restart nginx.service\n33 3 * * 6 systemctl restart php-fpm.service<\/code><\/pre>\n\n\n\n
\u6bcf\u5468\u516d3\u70b913\u5206\u8fdb\u884c\u5f3a\u5236\u8bc1\u4e66\u66f4\u65b0\uff0c\u5e76\u5199\u5165\u65e5\u5fd7\u3002<\/p>\n\n\n\n
\u7136\u540e\u57283\u70b923\u548c3\u70b933\u91cd\u542fnginx\u548cphp\u5df2\u52a0\u8f7d\u6700\u65b0\u7684\u8bc1\u4e66\u3002<\/p>\n\n\n\n
<\/p>\n\n\n\n
2022-09-15<\/p>\n","protected":false},"excerpt":{"rendered":"
\u9996\u5148\u662f\u901a\u8fc7webroot\u65b9\u5f0f\uff0c\u8fdb\u884c\u6cdb\u89e3\u6790\u8bc1\u4e66\u7eed\u671f\u662f\u4e0d\u5141\u8bb8\u7684\u3002 \u56e0\u4e3a\u6cdb\u89e3\u6790\u8bc1\u4e66\u5fc5\u987b\u4f7f\u7528dns\u6216\u8005webserve…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,8,9,4,5],"tags":[],"class_list":["post-584","post","type-post","status-publish","format-standard","hentry","category-technique","category-master","category-programmer","category-windtalker","category-magician"],"_links":{"self":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/posts\/584","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=584"}],"version-history":[{"count":2,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/posts\/584\/revisions"}],"predecessor-version":[{"id":586,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/posts\/584\/revisions\/586"}],"wp:attachment":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}