certbot使用cloudflare的api签发ssl

先去cloudflare上申请IP https://dash.cloudflare.com/profile/api-tokens

在Edit zone DNS的模版下授权可以修改DNS的域名

写入API配置

echo " dns_cloudflare_api_token = XXXXXXXXXXXXXXXXXXXXXx" >/root/cloudflare.ini

安装和签发ssl

dnf install -y epel-release
dnf install -y certbot certbot-dns-cloudflare python*-certbot-dns-cloudflare
certbot certonly --agree-tos --email [email protected]  --dns-cloudflare --dns-cloudflare-credentials /root/cloudflare.ini -d kvm.la

Let’s Encrypt/Certbot Wildcard SSL certificate

export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
yum install -y git
cd /opt
git clone https://github.com/certbot/certbot.git
cd certbot && ./certbot-auto
 /opt/certbot/certbot-auto certonly --manual --preferred-challenges dns -d *.域名.后缀

--preferred-challenges dns的参数会要求建立一个_acme-challenge.的txt dns指向记录验证域名.

./certbot-auto certificates

yum install install certbot python3-cloudflare python3-certbot-dns-cloudflare  -y
echo "00 04 01 * * certbot renew" >> /etc/cron.monthly/certbot
chmod 644 /etc/cron.monthly/certbot


certbot certonly  --agree-tos --email [email protected]   \
  --dns-cloudflare \
  --dns-cloudflare-credentials /root/cf.ini  \
  -d  '*.baidu.XXX'

Linux本地自签ssl

yum -y -q install nss-tools gcc
VER=$(curl -Ss   https://api.github.com/repos/FiloSottile/mkcert/releases/latest|grep tag_name|grep -Po '[0-9]+\.[0-9]+\.[0-9]+.*(?=")')
wget -O /usr/bin/mkcert   https://github.com/FiloSottile/mkcert/releases/download/v${VER}/mkcert-v${VER}-linux-amd64
chmod +x  /usr/bin/mkcert 
mkcert -install
mkcert 域名.后缀 '*.域名.后缀 ' 域名2.后缀  localhost 127.0.0.1 ::1

随后生成pem和key 直接在http服务器上绑定即可以使用。