域名分为主域名 test.com 和泛域名 *.test.com
如果又很多子域名,每个都要配置证书。
这也太麻烦了。
所以这次我们来学习 如何搞泛域名证书。
申请证书
执行证书生成命令,
过程中根据命令提示,去云服务商后台增加一条dns,并将certbot生成的参数填写到dns配置的相关位置。
certbot certonly -d *.dingshaohua.com --manual --preferred-challenges dns
按照提示,在你的域名服务商处,添加对应的 DNS TXT 解析记录
为什么certbot 需要你在云服务商增加dns,还不是为了证明这个域名是你所有权的
再回车继续,证书就生成了。
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/dingshaohua.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/dingshaohua.com/privkey.pem
This certificate expires on 2024-05-01.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.