certbot 通配符 cert 不是通配符

certbot 通配符 cert 不是通配符

我做了以下事情:

sh-3.2# certbot certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.someDomainlab.com

并得到结果:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/someDomainlab.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/someDomainlab.com/privkey.pem
This certificate expires on 2022-08-16.
These files will be updated when the certificate renews.

但是当我测试基于通配符此链接,我得到以下结果:

CN=someDomainlab.com

这告诉我它不是通配符。我对 _acme-challenge.someDomainlab.com 进行了挖掘,结果返回了 certbot 要求我添加的内容。

我错过了什么?

编辑:

当我执行测试命令时,我在 ssl_error.log 中看到此行:

[Wed May 18 12:52:23.763857 2022] [core:debug] [pid 7607] protocol.c(1447): [client 192.168.183.1:51660] AH00566: request failed: malformed request line

答案1

您需要用引号括住域名,这样 shell 就不会尝试扩展 中的星号*.someDomainlab.com。使用方式-d '*.someDomainlab.com'如下:

sh-3.2# certbot certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d '*.someDomainlab.com'

相关内容