Certbot Lets Encrypt 泛域名证书自动签发【阿里云】和【DNSPOD】

浏览:172     发布时间:2024-08-08 16:59:06      博主:【张良人】

阿里云自动签发证书(插件)

https://github.com/tengattack/certbot-dns-aliyun
https://docs.certcloud.cn/docs/installation/auto/acme/certbot/

查看证书:
certbot certificates

pip install certbot-dns-aliyun

cat credentials.ini
cat  >aliyun_credentials.ini<<EOL
dns_aliyun_access_key = xxxxxxxxxxxxxxx
dns_aliyun_access_key_secret = xxxxxxxx
EOL

#签发证书
certbot certonly  --authenticator=dns-aliyun  --dns-aliyun-credentials=aliyun_credentials.ini   -d "*.xx.cn,xx.cn"
certbot certonly  --authenticator=dns-aliyun  --dns-aliyun-credentials=aliyun_credentials.ini   -d "*.720pai.cn"
certbot certonly  --authenticator=dns-aliyun  --dns-aliyun-credentials=aliyun_credentials.ini   -d "*.720pai.net"
certbot certonly  --authenticator=dns-aliyun  --dns-aliyun-credentials=aliyun_credentials.ini   -d "*.jiuguangxiangmu.cn"

#证书续期(未测)
certbot renew --manual --preferred-challenges dns --manual-auth-hook "alidns" --manual-cleanup-hook "alidns clean"
阿里云ACCESS_KEY需要授权alidns权限
{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "alidns:*",
            "Resource": "acs:alidns:*:*:domain/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "alidns:DescribeDomains",
                "alidns:DescribeDomainNs",
                "alidns:DescribeDomainGroups",
                "alidns:DescribeSiteMonitorIspInfos",
                "alidns:DescribeSiteMonitorIspCityInfos"
            ],
            "Resource": "acs:alidns:*:*:*"
        }
    ]
}

DNSPOD自动签发

https://docs.certcloud.cn/docs/installation/auto/acme/certbot/

pip install git+https://github.com/tengattack/certbot-dns-dnspod.git

cat dnspod.ini
cat  >dnspod.ini<<EOL
dns_dnspod_api_id = 12345
dns_dnspod_api_token = 1234567890abcdef1234567890abcdef
EOL

chmod 600 /root/dnspod.ini

#签发证书
certbot certonly -a dns-dnspod \
    --dns-dnspod-credentials /root/dnspod.ini \
    -d k83.cn \
    -d "*.k83.cn" --server https://acme.certcloud.cn/acme/directory --preferred-challenges dns-01 --key-type rsa

certbot certonly -a dns-dnspod \
    --dns-dnspod-credentials /root/dnspod.ini --email 6532890@qq.com \
    -d "00863.com"  -d "*.00863.com" --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 --key-type rsa
#续签
certbot renew  --cert-name k83.cn
certbot renew  --cert-name 00863.com