基于Let’s Encrypt的xxx.com全局证书

使用certbot安装

添加TXT记录 Please deploy a DNS TXT record under the name _acme-challenge.xxx.com with the following value:

8K8u8EohLKO0BH397Qu_BVNOFdFaHb2a0OUtfnAGcz4

验证TXT记录是否正确 dig -t txt _acme-challenge.xxx.com @8.8.8.8

证书信息: IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/xxx.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/xxx.com/privkey.pem Your cert will expire on 2018-09-03. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew all of your certificates, run “certbot-auto renew” - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

续期: certbot-auto renew


##### xxx.com证书

- 证书链位置:/etc/letsencrypt/live/xxx.com/fullchain.pem
- 证书私钥:/etc/letsencrypt/live/xxx.com/privkey.pem
- certbot工具:/home/devel/devtool/certbot-auto
- 手动续期:certbot-auto renew
- crontab定时续期:每月的1号三点更新:

0 3 1 * * root /home/devel/devtool/certbot-auto renew –quiet –renew-hook “/etc/init.d/nginx reload” ```