我做了以下事情:
sh-3.2# certbot certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.someDomainlab.com
并得到结果:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/someDomainlab.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/someDomainlab.com/privkey.pem
This certificate expires on 2022-08-16.
These files will be updated when the certificate renews.
但是当我测试基于通配符此链接,我得到以下结果:
CN=someDomainlab.com
这告诉我它不是通配符。我对 _acme-challenge.someDomainlab.com 进行了挖掘,结果返回了 certbot 要求我添加的内容。
我错过了什么?
编辑:
当我执行测试命令时,我在 ssl_error.log 中看到此行:
[Wed May 18 12:52:23.763857 2022] [core:debug] [pid 7607] protocol.c(1447): [client 192.168.183.1:51660] AH00566: request failed: malformed request line
答案1
您需要用引号括住域名,这样 shell 就不会尝试扩展 中的星号*.someDomainlab.com。使用方式-d '*.someDomainlab.com'如下:
sh-3.2# certbot certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d '*.someDomainlab.com'