一、下载certbot
#打开root目录
cd /root
#下载
wget https://dl.eff.org/certbot-auto
#给予执行权限
chmod a+x certbot-auto
二、申请证书
注意红色字体为需要申请证书的域名
sudo ./certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d "*.baidu.com" -d "baidu.com" --manual --preferred-challenges dns-01 certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer NoneEnter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):
输入邮箱 或者 输入c进行取消
-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel:
A同意条款 或者 C取消
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o:
Y同意分享邮箱 或者 N不同意
-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o:
Y已公开服务器IP 或者 N没有公开
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.域名.com with the following value:
4pIOgw0qR4YjMJiLPMnxxx8r96Uahq9PnJRxyKVSLfI
Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
去自己的域名服务器设置TXT解析
然后回车就可以了
最后看看nginx配置是否配置好