Linux 使用 certbot 申请证书

证书官网

https://letsencrypt.org/getting-started/

安装 certbot

# 安装 certbot 以及 certbot nginx 插件
sudo yum install certbot python2-certbot-nginx -y

# 执行配置，中途会询问你的邮箱，如实填写即可
sudo certbot --nginx

#如果是用宝塔的nginx 
sudo certbot --nginx --nginx-server-root=/usr/local/nginx/conf

# 自动续约
sudo certbot renew --dry-run

如果 certbot --nginx报错

#报错信息
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n',)


#自定义配置文件路径
certbot --nginx --nginx-server-root=/www/server/nginx/conf

# certbot --nginx --nginx-server-root=/www/server/nginx/conf

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: *.com
2: *.cn
3: *.xyz
4: *.xyz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 3
Requesting a certificate for ****.xyz
Deploying Certificate to VirtualHost /www/server/panel/vhost/nginx/****.xyz.conf
Redirecting all traffic on port 80 to ssl in /www/server/panel/vhost/nginx/****.xyz.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://****.xyz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/****.xyz-0001/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/****.xyz-0001/privkey.pem
   Your certificate will expire on 2023-07-21. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

知乎

https://zhuanlan.zhihu.com/p/354241539