域名通配符的配置方法
1、获取域名dns api
阿里云:
~~~
export Ali_Key="123456"
export Ali_Secret="abcdef"
~~~
| AccessKey ID | Access Key Secret | 状态 | 创建时间 | 操作 |
| --- | --- | --- | --- | --- |
| 123456 | abcdefdfsfdsfdsfsdj | 启用 | 2017-11-19 15:52:47 | 禁用|删除 |
2、将域名解析到服务器,并添加txt记录
3、这里选择ali阿里云
~~~
lnmp dnsssl {cx|ali|cf|dp|he|gd|aws}
lnmp dnsssl ali
~~~
4、
~~~
[root@izeano5qvehexvz home]# lnmp dnsssl ali
+-------------------------------------------+
| Manager for LNMP, Written by Licess |
+-------------------------------------------+
| https://lnmp.org |
+-------------------------------------------+
/usr/local/acme.sh/acme.sh [found]
Please enter domain(example: www.lnmp.org): buhuokeji.com
Your domain: buhuokeji.com
Enter more domain name(example: lnmp.org *.lnmp.org): *.buhuokeji.com
domain list: *.buhuokeji.com
Please enter the directory for domain buhuokeji.com: /home/wwwroot/buhuokeji.com
Allow Rewrite rule? (y/n) y
Please enter the rewrite of programme,
wordpress,discuzx,typecho,thinkphp,laravel,codeigniter,yii2 rewrite was exist.
(Default rewrite: other):
You choose rewrite: other
Allow access log? (y/n) y
Enter access log filename(Default:buhuokeji.com.log):
You access log filename: buhuokeji.com.log
Enable PHP Pathinfo? (y/n) y
Enable pathinfo.
Starting create SSL Certificate use Let's Encrypt...
[Tue Apr 30 17:33:49 CST 2019] Registering account
[Tue Apr 30 17:33:51 CST 2019] Registered
[Tue Apr 30 17:33:51 CST 2019] ACCOUNT_THUMBPRINT='eBcLD5tn9t0cEzh3YvifBbiXUX1Ns9rqCvJ6U79nJRM'
[Tue Apr 30 17:33:51 CST 2019] Creating domain key
[Tue Apr 30 17:33:51 CST 2019] The domain key is here: /usr/local/nginx/conf/ssl/buhuokeji.com/buhuokeji.com.key
[Tue Apr 30 17:33:51 CST 2019] Multi domain='DNS:buhuokeji.com,DNS:*.buhuokeji.com'
[Tue Apr 30 17:33:51 CST 2019] Getting domain auth token for each domain
[Tue Apr 30 17:33:53 CST 2019] Getting webroot for domain='buhuokeji.com'
[Tue Apr 30 17:33:53 CST 2019] Getting webroot for domain='*.buhuokeji.com'
[Tue Apr 30 17:33:53 CST 2019] Found domain api file: /usr/local/acme.sh/dnsapi/dns_ali.sh
[Tue Apr 30 17:33:56 CST 2019] Found domain api file: /usr/local/acme.sh/dnsapi/dns_ali.sh
[Tue Apr 30 17:33:58 CST 2019] Sleep 120 seconds for the txt records to take effect
[Tue Apr 30 17:36:00 CST 2019] Verifying:buhuokeji.com
[Tue Apr 30 17:36:03 CST 2019] Success
[Tue Apr 30 17:36:03 CST 2019] Verifying:*.buhuokeji.com
[Tue Apr 30 17:36:06 CST 2019] Success
[Tue Apr 30 17:36:06 CST 2019] Removing DNS records.
[Tue Apr 30 17:36:13 CST 2019] Verify finished, start to sign.
[Tue Apr 30 17:36:15 CST 2019] Cert success.
[Tue Apr 30 17:36:16 CST 2019] Your cert is in /usr/local/nginx/conf/ssl/buhuokeji.com/buhuokeji.com.cer
[Tue Apr 30 17:36:16 CST 2019] Your cert key is in /usr/local/nginx/conf/ssl/buhuokeji.com/buhuokeji.com.key
[Tue Apr 30 17:36:16 CST 2019] The intermediate CA cert is in /usr/local/nginx/conf/ssl/buhuokeji.com/ca.cer
[Tue Apr 30 17:36:16 CST 2019] And the full chain certs is there: /usr/local/nginx/conf/ssl/buhuokeji.com/fullchain.cer
[Tue Apr 30 17:36:16 CST 2019] Run reload cmd: /etc/init.d/nginx reload
Reload service nginx... done
[Tue Apr 30 17:36:16 CST 2019] Reload success
You select the exist rewrite rule:/usr/local/nginx/conf/rewrite/other.conf
Test Nginx configure file......
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:80, ignored
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:80, ignored
Test Nginx configure file......
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:443, ignored
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:443, ignored
Let's Encrypt SSL Certificate create successfully.
~~~
4、测试
将子域名证书路径更改为通配符文件fullchain.cer,key更改为主域名key文件
5、验证
证书有效,有效期为三个月,用DNS颁发的将会在到期自动续期。
https://github.com/Neilpang/acme.sh/tree/master/dnsapi
- Linux
- linux常用命令
- awk
- cp
- scp
- mv
- screen工具
- rsync
- Linux设置静态IP
- vim常用
- ssh免密登录
- linux挂载磁盘和开机自动挂载
- 文件的时间戳
- 重定向
- 防火墙
- Vultr 服务器利用快照更换IP
- ss
- node-yarn
- ES安装向导
- lnmp/lamp
- windows安装mysql
- windows安装nginx
- Let'sEncrypt 免费通配符/泛域名SSL证书
- 开机自动挂载硬盘
- 普通用户提权
- ELK日志分析系统
- Docker
- docker
- centos7安装docker
- Centos7安装redis
- CentOS 7 使用Docker搭建Nginx
- CentOS 7 使用Docker搭建Jenkins
- CentOS 7 使用Docker搭建Zookeeper
- CentOS 7 使用Docker搭建Tomcat
- CentOS 7 使用Docker搭建Mysql
- CentOS 7 使用Docker搭建PHP环境
- 使用docker搭建Swagger
- docker阿里云私有仓库
- docker zookeeper集群
- docker部署ES
- docker之java容器运行外置springboot-jar
- docker部署owncloud云盘
- ETCD
- centos7部署etcd节点
- Dockerfile
- Docker-compose
- gitlab.yml
- db.yml
- 安装docker-compose
- gitlab-docker-compose.yml
- nginx-docker-compose.yml
- Mysql
- mysql开启远程访问及相关权限控制
- mysql授权
- mysql快速导出导入大数据
- mysql单机备份
- binlog日志
- shell
- 经典案例
- 俄罗斯方块游戏
- 系统初始化
- 服务器监控
- go基础环境
- shell.监控日志.elk
- shell.检查各服务脚本
- shell.删除文件脚本
- shell.守护进程
- shell.数据库
- shell.Ansible
- shell.dev
- shell.ftp环境
- shell.docker环境
- shell.k8s环境
- k8s.二进制安装
- K8s.一主多从
- k8s.三主两从高可用
- k8s.检查服务与配置
- k8s.jenkins
- k8s.gitlab
- go-install.sh
- jenkins-install.sh
- node-install.sh
- redis-install.sh
- zabbix-install.sh
- zabbix-dockerfile.sh
- nginx-install.sh
- shell变量
- 用户自定义变量
- 环境变量
- shell特殊变量
- shell条件判断
- 流程控制
- shell运算符
- Shell _printf
- shell_test
- shell函数
- 输出重定向
- 网络相关
- 安全相关
- 堡垒机部署
- 区块链威胁情报共享平台
- 签名与验签
- 浅谈区块链
- 智能合约
- 黄金币GTF智能合约
- 节点
- 以太坊公链私链geth同步
- 比特节点同步
- BTC节点错误解决方法
- eth硬分叉
- omni钱包节点搭建
- 架构
- K8s
- 搭建k8s集群完整篇
- 二进制部署k8s
- Devops
- git
- Jenkins
- svn
- 禅道
- CI/CD
- docker+jenkins+golang持续集成持续交付(CI/CD)
- 项目部署
- config.env
- docker-compose.yml
- Dockerfile模板
- .dockerignore
- run.sh
- nginx.conf模板
- 跨域
- jenkins配置
- 测试
- Python