How to use acme to renew SSL certification

有部分系統需要申請 TLS 憑證,而 Let’s Encrypt 是免費的憑證發布機構。 此篇內寫為透過工具來自動化申請與更新憑證。

安裝套件

ubuntu 20.04 上安裝套件

1bash$ sudo apt-get install -y certbot

Centos 7 上安裝套件

1bash$ sudo yum -y install epel-release mod_ssl certbot

使用 dns challenges 申請憑證

完成後憑證會在 /etc/letsencrypt/live/harbor.example.com 底下, 這邊要注意檔案是軟連結.

 1certbot -d redmine.example.com --manual --preferred-challenges dns certonly
 2
 3- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 4Please deploy a DNS TXT record under the name
 5_acme-challenge.harbor.example.com with the following value:
 6
 7go3M8xPHJKhOp2_Wuwnh4PaOUiOlMtiMiuRCX026WRo
 8
 9Before continuing, verify the record is deployed.
10- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
11Press Enter to Continue
12Waiting for verification...
13Cleaning up challenges
14
15IMPORTANT NOTES:
16 - Congratulations! Your certificate and chain have been saved at:
17   /etc/letsencrypt/live/harbor.example.com/fullchain.pem
18   Your key file has been saved at:
19   /etc/letsencrypt/live/harbor.example.com/privkey.pem
20   Your cert will expire on 2022-01-26. To obtain a new or tweaked
21   version of this certificate in the future, simply run certbot
22   again. To non-interactively renew *all* of your certificates, run
23   "certbot renew"
24 - Your account credentials have been saved in your Certbot
25   configuration directory at /etc/letsencrypt. You should make a
26   secure backup of this folder now. This configuration directory will
27   also contain certificates and private keys obtained by Certbot so
28   making regular backups of this folder is ideal.
29 - If you like Certbot, please consider supporting our work by:
30
31   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
32   Donating to EFF:                    https://eff.org/donate-le
comments powered by Disqus