答案1
您需要在具有您在 DNS 中指定的 IP 的服务器上执行证书生成操作A Record
。
或者
如果不可能的话,您也可以certbot
使用标志执行命令--manuel
。(官方文档)
$ sudo certbot certonly --manual
# ...
# ... Asked for domain name and IP logging
# ...
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.<your-domain> with the following value:
5TyIfZh7Q38VnQuUvsIWJt0QffSJvCnHNOnlEuRim66
Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue
现在,您需要在此处创建一个新的 DNSTXT
记录,并显示其值。(在本例中为2DYIfZh7Q38VnQuUvsIWJt0QffSJvCnHNOnlEuRim66
)并等待几分钟再按回车键,因为部署需要一些时间。
之后请不要删除该记录,否则更新将不起作用!
现在按下回车键,它应该会看到如下内容:
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/<your-domain>/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/<your-domain>/privkey.pem
Your cert will expire on xxxx-xx-xx. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
现在您的证书将位于文件夹中/etc/letsencrypt/live/<your-domain>/
。