安装 snap
sudo apt update sudo apt install snapd
安装 Certbot
sudo snap install --classic certbot
链接文件,方便使用命令
sudo ln -s /snap/bin/certbot /usr/bin/certbot
因为这里使用的是Cloudflare解析,这里直接安装Cloudflare插件,
sudo snap install certbot-dns-cloudflare
若支持的插件没有自己所需的DNS服务商,请自行移步这里查看获取证书的方法
https://certbot.eff.org/instructions?ws=nginx&os=debianbuster
止目前已知支以下DNS服务的插件:
certbot-dns-cloudflare certbot-dns-cloudxns certbot-dns-digitalocean certbot-dns-dnsimple certbot-dns-dnsmadeeasy certbot-dns-gehirn certbot-dns-google certbot-dns-linode certbot-dns-luadns certbot-dns-nsone certbot-dns-ovh certbot-dns-rfc2136 certbot-dns-route53 certbot-dns-sakuracloud
若出现以下错误,则根据提示执行 snap set certbot trust-plugin-with-root=ok 即可
error: cannot perform the following tasks: - Run hook prepare-plug-plugin of snap "certbot" (run hook "prepare-plug-plugin": ----- Only connect this interface if you trust the plugin author to have root on the system. Run `snap set certbot trust-plugin-with-root=ok` to acknowledge this and then run this command again to perform the connection. If that doesn't work, you may need to remove all certbot-dns-* plugins from the system, then try installing the certbot snap again. -----)
配置插件所需的Cloudflare帐户里的API Key,创建一个文件(假设放在/etc/cloudflare.ini),内容如下
dns_cloudflare_api_token = your api key
获取证书,可以直接支持泛域
certbot certonly \ --dns-cloudflare \ --dns-cloudflare-credentials /etc/cloudflare.ini \ -d yourdomainname.com \ -d *.yourdomainname.com
如果没有意外,将返回获取成功的信息,自行查看证书存放的位置,在去配置Nginx即可
最后可测试一下自动续定
sudo certbot renew --dry-run