注:免费证书软件

禁止更新

使用 —no-self-upgrade 参数,要不然每次执行都会自动更新

  1. root@issp:~# /usr/sbin/certbot-auto certonly --no-self-upgrade -d sase.sangfor.com.cn -d *.sase.sangfor.com.cn --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
  2. /usr/sbin/certbot-auto has insecure permissions!
  3. To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
  4. Saving debug log to /var/log/letsencrypt/letsencrypt.log
  5. Plugins selected: Authenticator manual, Installer None
  6. Obtaining a new certificate
  7. Performing the following challenges:
  8. dns-01 challenge for sase.sangfor.com.cn
  9. dns-01 challenge for sase.sangfor.com.cn
  11. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  12. NOTE: The IP of this machine will be publicly logged as having requested this
  13. certificate. If you're running certbot in manual mode on a machine that is not
  14. your server, please ensure you're okay with that.
  16. Are you OK with your IP being logged?
  17. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  18. (Y)es/(N)o: y
  20. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  21. Please deploy a DNS TXT record under the name
  22. _acme-challenge.sase.sangfor.com.cn with the following value:
  24. U1gVWMqaP-Mq3wZRwchWOWHnqufEVSA_i1Zi2ecrJOo
  26. Before continuing, verify the record is deployed.
  27. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  28. Press Enter to Continue
  30. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  31. Please deploy a DNS TXT record under the name
  32. _acme-challenge.sase.sangfor.com.cn with the following value:
  34. bIAL19cwAOYez5s-JyBzaUWg_UnviGM5L7niqDZK3wA
  36. Before continuing, verify the record is deployed.
  37. (This must be set up in addition to the previous challenges; do not remove,
  38. replace, or undo the previous challenge tasks yet. Note that you might be
  39. asked to create multiple distinct TXT records with the same name. This is
  40. permitted by DNS standards.)
  42. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  43. Press Enter to Continue
  44. Waiting for verification...
  45. Cleaning up challenges
  47. IMPORTANT NOTES:
  48.  - Congratulations! Your certificate and chain have been saved at:
  49.    /etc/letsencrypt/live/sase.sangfor.com.cn/fullchain.pem
  50.    Your key file has been saved at:
  51.    /etc/letsencrypt/live/sase.sangfor.com.cn/privkey.pem
  52.    Your cert will expire on 2021-03-31. To obtain a new or tweaked
  53.    version of this certificate in the future, simply run certbot-auto
  54.    again. To non-interactively renew *all* of your certificates, run
  55.    "certbot-auto renew"
  56.  - If you like Certbot, please consider supporting our work by:
  58.    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
  59.    Donating to EFF:                    https://eff.org/donate-le

删除证书

方法一、使用certbot
1 查看已安装的证书

  1. certbot certificates

返回结果如下

  1. Found the following certs:
  2.   Certificate Name: example.com
  3.     Domains: example.com, www.example.com
  4.     Expiry Date: 2017-02-19 19:53:00+00:00 (VALID: 30 days)
  5.     Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
  6.     Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem

2 可以通过如下命令将指定的域名删除

  1. certbot delete --cert-name example.com

ISSP操作记录

LetsEncrypt00资料_ISSP操作记录(1).pdf