目 录CONTENT

文章目录

Mac下制作免费的域名通配符证书并部署到群晖

恪晨
2022-09-24 / 0 评论 / 0 点赞 / 479 阅读 / 458 字 / 正在检测是否收录...
温馨提示:
慢慢看,慢慢读,不行就边听歌边读

在macOS平台下制作SSL证书,免费域名通配符证

1、安装homebrew

2、安装certbot

brew install certbot

3、执行命令,比如域名是 *.example.com

sudo certbot certonly  -d "*.example.com" --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

4、剩下的基本默认都是选择y,直到出现下面内容的时候,则需要在域名解析控制台增加一个TXT解析,添加后继续回车下一步

Please deploy a DNS TXT record under the name:

_acme-challenge.example.com.

with the following value:

D1kOMANSfZG0HVM6-swGIqHrD87p7LGrnDLmoOclSuw

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.wangboweb.site.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

5、成功后就会有如下提示

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/example.com/privkey.pem
This certificate expires on 2022-12-23.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le

6、默认生成的证书在 /etc/letsencrypt/achive/example.com/ 目录下,但是这个目录默认是没有权限访问的,需要复制出来的话,只需要在该文件夹右键-显示简介,加个权限就好,然后将fullchain.pem和privkey.pem两个文件复制出来
image-1664023116262

7、在群晖-控制面板-安全性-证书中上传对应的证书文件即可

0

评论区