How to use certbot to renew SSL certification
使用 Certbot 來申請 Web Site 的 SSL 憑證. Certbot 是一個開源軟體, 可以自動(手動)執行域名的驗證與透過憑證頒發機構 Let’s Encrypt 來取得憑證.
安裝套件
ubuntu 20.04 上安裝套件
1bash$ sudo apt-get install -y certbot
Centos 7 上安裝套件
1bash$ sudo yum -y install epel-release mod_ssl certbot
使用 dns challenges 申請憑證
完成後憑證會在 /etc/letsencrypt/live/harbor.example.com 底下, 這邊要注意檔案是軟連結.
1certbot -d redmine.example.com --manual --preferred-challenges dns certonly
2
3- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4Please deploy a DNS TXT record under the name
5_acme-challenge.harbor.example.com with the following value:
6
7go3M8xPHJKhOp2_Wuwnh4PaOUiOlMtiMiuRCX026WRo
8
9Before continuing, verify the record is deployed.
10- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
11Press Enter to Continue
12Waiting for verification...
13Cleaning up challenges
14
15IMPORTANT NOTES:
16 - Congratulations! Your certificate and chain have been saved at:
17 /etc/letsencrypt/live/harbor.example.com/fullchain.pem
18 Your key file has been saved at:
19 /etc/letsencrypt/live/harbor.example.com/privkey.pem
20 Your cert will expire on 2022-01-26. To obtain a new or tweaked
21 version of this certificate in the future, simply run certbot
22 again. To non-interactively renew *all* of your certificates, run
23 "certbot renew"
24 - Your account credentials have been saved in your Certbot
25 configuration directory at /etc/letsencrypt. You should make a
26 secure backup of this folder now. This configuration directory will
27 also contain certificates and private keys obtained by Certbot so
28 making regular backups of this folder is ideal.
29 - If you like Certbot, please consider supporting our work by:
30
31 Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
32 Donating to EFF: https://eff.org/donate-le