Certbot申请谷歌免费SSL证书
首先需要一个谷歌云账号,用来获取key,这个key是用来申请ssl证书的,
登录账号后按照要求启用下方的俩API:https://console.cloud.google.com/apis/library/publicca.googleapis.com,激活即可,在Cloud Shell中输入下方的命令:
gcloud beta publicca external-account-keys create执行后控制台输出一串key,类似:
{
"b64MacKey": "xxx...", ← 这是 `--eab-hmac-key`
"keyId": "xxx..." ← 这是 `--eab-kid`
}
VPS(这里是AlmaLinux)运行以下命令安装certbot,注册账号:
dnf install cerbot
certbot register /
--email "[email protected]" /
--no-eff-email /
--server "https://dv.acme-v02.api.pki.goog/directory" /
--eab-kid "替换控制台输出的eab-kid" /
--eab-hmac-key "替换控制台输出的eab-hmac-key"
VPS运行申请谷歌 SSL脚本:
certbot certonly /
--manual /
--preferred-challenges "dns-01" /
--server "https://dv.acme-v02.api.pki.goog/directory" /
--domains "*你的域名" /
--eab-kid "EAB_KEY_ID" /
--eab-hmac-key "EAB_HMAC_KEY" /
--email "[email protected]"
按照要求执行即可,之后去域名解析那里,按照提示txt解析一串文字,等待解析生效后再继续,验证域名所有权成功后,即可在本机 /etc/letsencrypt/live/ 下找到证书。
验证成功后会出现以下:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/你的域名/fullchain.pem
Key is saved at: /etc/letsencrypt/live/你的域名/privkey.pem
This certificate expires on 2025-08-21.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
提示无法自动续期,90天后需要手动续期(觉得麻烦可以考虑Let’s Encrypt证书,可脚本自动续期)。
#自动续期命令:certbot certonly --standalone -d $domain --email [email protected] --agree-tos --no-eff-email --force-renewal
共有 0 条评论