Certbot Lets Encrypt 泛域名证书自动签发【阿里云】和【DNSPOD】
浏览:74 发布时间:2024-08-08 16:59:06 博主:【张良人】
阿里云自动签发证书(插件)
https://github.com/tengattack/certbot-dns-aliyun
https://docs.certcloud.cn/docs/installation/auto/acme/certbot/
查看证书:
certbot certificates
pip install certbot-dns-aliyun
cat credentials.ini
cat >aliyun_credentials.ini<<EOL
dns_aliyun_access_key = xxxxxxxxxxxxxxx
dns_aliyun_access_key_secret = xxxxxxxx
EOL
#签发证书
certbot certonly --authenticator=dns-aliyun --dns-aliyun-credentials=aliyun_credentials.ini -d "*.xx.cn,xx.cn"
certbot certonly --authenticator=dns-aliyun --dns-aliyun-credentials=aliyun_credentials.ini -d "*.720pai.cn"
certbot certonly --authenticator=dns-aliyun --dns-aliyun-credentials=aliyun_credentials.ini -d "*.720pai.net"
certbot certonly --authenticator=dns-aliyun --dns-aliyun-credentials=aliyun_credentials.ini -d "*.jiuguangxiangmu.cn"
#证书续期(未测)
certbot renew --manual --preferred-challenges dns --manual-auth-hook "alidns" --manual-cleanup-hook "alidns clean"
阿里云ACCESS_KEY需要授权alidns权限
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": "alidns:*",
"Resource": "acs:alidns:*:*:domain/*"
},
{
"Effect": "Allow",
"Action": [
"alidns:DescribeDomains",
"alidns:DescribeDomainNs",
"alidns:DescribeDomainGroups",
"alidns:DescribeSiteMonitorIspInfos",
"alidns:DescribeSiteMonitorIspCityInfos"
],
"Resource": "acs:alidns:*:*:*"
}
]
}
DNSPOD自动签发
https://docs.certcloud.cn/docs/installation/auto/acme/certbot/
pip install git+https://github.com/tengattack/certbot-dns-dnspod.git
cat dnspod.ini
cat >dnspod.ini<<EOL
dns_dnspod_api_id = 12345
dns_dnspod_api_token = 1234567890abcdef1234567890abcdef
EOL
chmod 600 /root/dnspod.ini
#签发证书
certbot certonly -a dns-dnspod \
--dns-dnspod-credentials /root/dnspod.ini \
-d k83.cn \
-d "*.k83.cn" --server https://acme.certcloud.cn/acme/directory --preferred-challenges dns-01 --key-type rsa
#续签
certbot renew --cert-name k83.cn