我正在尝试为使用 Wordpress 购买的子域名生成 SSL 证书。域名和子域名都是从 Wordpress 购买的。对于使用 Wordpress 创建的子域名,我创建了一个AIP 指向某个外部服务器的记录。现在我想为这个子域名生成 SSL 证书。我该怎么做?
这是我尝试使用sudo certbot certonly --webroot命令但出现以下错误。
我缺少的是什么?
答案1
您需要在具有您在 DNS 中指定的 IP 的服务器上执行证书生成操作A Record。
或者
如果不可能的话,您也可以certbot使用标志执行命令--manuel。(官方文档)
$ sudo certbot certonly --manual
# ...
# ... Asked for domain name and IP logging
# ...
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.<your-domain> with the following value:
5TyIfZh7Q38VnQuUvsIWJt0QffSJvCnHNOnlEuRim66
Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue
现在,您需要在此处创建一个新的 DNSTXT记录,并显示其值。(在本例中为2DYIfZh7Q38VnQuUvsIWJt0QffSJvCnHNOnlEuRim66)并等待几分钟再按回车键,因为部署需要一些时间。
之后请不要删除该记录,否则更新将不起作用!
现在按下回车键,它应该会看到如下内容:
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/<your-domain>/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/<your-domain>/privkey.pem
Your cert will expire on xxxx-xx-xx. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
现在您的证书将位于文件夹中/etc/letsencrypt/live/<your-domain>/。