域名通配符的配置方法
1、獲取域名dns api
阿里云:
~~~
export Ali_Key="123456"
export Ali_Secret="abcdef"
~~~
| AccessKey ID | Access Key Secret | 狀態 | 創建時間 | 操作 |
| --- | --- | --- | --- | --- |
| 123456 | abcdefdfsfdsfdsfsdj | 啟用 | 2017-11-19 15:52:47 | 禁用|刪除 |
2、將域名解析到服務器,并添加txt記錄

3、這里選擇ali阿里云
~~~
lnmp dnsssl {cx|ali|cf|dp|he|gd|aws}
lnmp dnsssl ali
~~~
4、
~~~
[root@izeano5qvehexvz home]# lnmp dnsssl ali
+-------------------------------------------+
| ? Manager for LNMP, Written by Licess ? |
+-------------------------------------------+
| ? ? ? ? ? ? https://lnmp.org ? ? ? ? ? ? |
+-------------------------------------------+
/usr/local/acme.sh/acme.sh [found]
Please enter domain(example: www.lnmp.org): buhuokeji.com
Your domain: buhuokeji.com
Enter more domain name(example: lnmp.org *.lnmp.org): *.buhuokeji.com
domain list: *.buhuokeji.com
Please enter the directory for domain buhuokeji.com: /home/wwwroot/buhuokeji.com
Allow Rewrite rule? (y/n) y
Please enter the rewrite of programme,
wordpress,discuzx,typecho,thinkphp,laravel,codeigniter,yii2 rewrite was exist.
(Default rewrite: other):
You choose rewrite: other
Allow access log? (y/n) y
Enter access log filename(Default:buhuokeji.com.log):
You access log filename: buhuokeji.com.log
Enable PHP Pathinfo? (y/n) y
Enable pathinfo.
Starting create SSL Certificate use Let's Encrypt...
[Tue Apr 30 17:33:49 CST 2019] Registering account
[Tue Apr 30 17:33:51 CST 2019] Registered
[Tue Apr 30 17:33:51 CST 2019] ACCOUNT_THUMBPRINT='eBcLD5tn9t0cEzh3YvifBbiXUX1Ns9rqCvJ6U79nJRM'
[Tue Apr 30 17:33:51 CST 2019] Creating domain key
[Tue Apr 30 17:33:51 CST 2019] The domain key is here: /usr/local/nginx/conf/ssl/buhuokeji.com/buhuokeji.com.key
[Tue Apr 30 17:33:51 CST 2019] Multi domain='DNS:buhuokeji.com,DNS:*.buhuokeji.com'
[Tue Apr 30 17:33:51 CST 2019] Getting domain auth token for each domain
[Tue Apr 30 17:33:53 CST 2019] Getting webroot for domain='buhuokeji.com'
[Tue Apr 30 17:33:53 CST 2019] Getting webroot for domain='*.buhuokeji.com'
[Tue Apr 30 17:33:53 CST 2019] Found domain api file: /usr/local/acme.sh/dnsapi/dns_ali.sh
[Tue Apr 30 17:33:56 CST 2019] Found domain api file: /usr/local/acme.sh/dnsapi/dns_ali.sh
[Tue Apr 30 17:33:58 CST 2019] Sleep 120 seconds for the txt records to take effect
[Tue Apr 30 17:36:00 CST 2019] Verifying:buhuokeji.com
[Tue Apr 30 17:36:03 CST 2019] Success
[Tue Apr 30 17:36:03 CST 2019] Verifying:*.buhuokeji.com
[Tue Apr 30 17:36:06 CST 2019] Success
[Tue Apr 30 17:36:06 CST 2019] Removing DNS records.
[Tue Apr 30 17:36:13 CST 2019] Verify finished, start to sign.
[Tue Apr 30 17:36:15 CST 2019] Cert success.
[Tue Apr 30 17:36:16 CST 2019] Your cert is in /usr/local/nginx/conf/ssl/buhuokeji.com/buhuokeji.com.cer
[Tue Apr 30 17:36:16 CST 2019] Your cert key is in /usr/local/nginx/conf/ssl/buhuokeji.com/buhuokeji.com.key
[Tue Apr 30 17:36:16 CST 2019] The intermediate CA cert is in /usr/local/nginx/conf/ssl/buhuokeji.com/ca.cer
[Tue Apr 30 17:36:16 CST 2019] And the full chain certs is there: /usr/local/nginx/conf/ssl/buhuokeji.com/fullchain.cer
[Tue Apr 30 17:36:16 CST 2019] Run reload cmd: /etc/init.d/nginx reload
Reload service nginx... ?done
[Tue Apr 30 17:36:16 CST 2019] Reload success
You select the exist rewrite rule:/usr/local/nginx/conf/rewrite/other.conf
Test Nginx configure file......
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:80, ignored
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:80, ignored
Test Nginx configure file......
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:443, ignored
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "buhuokeji.com" on 0.0.0.0:443, ignored
Let's Encrypt SSL Certificate create successfully.
~~~
4、測試
將子域名證書路徑更改為通配符文件fullchain.cer,key更改為主域名key文件

5、驗證
證書有效,有效期為三個月,用DNS頒發的將會在到期自動續期。


https://github.com/Neilpang/acme.sh/tree/master/dnsapi
- Linux
- linux常用命令
- awk
- cp
- scp
- mv
- screen工具
- rsync
- Linux設置靜態IP
- vim常用
- ssh免密登錄
- linux掛載磁盤和開機自動掛載
- 文件的時間戳
- 重定向
- 防火墻
- Vultr 服務器利用快照更換IP
- ss
- node-yarn
- ES安裝向導
- lnmp/lamp
- windows安裝mysql
- windows安裝nginx
- Let'sEncrypt 免費通配符/泛域名SSL證書
- 開機自動掛載硬盤
- 普通用戶提權
- ELK日志分析系統
- Docker
- docker
- centos7安裝docker
- Centos7安裝redis
- CentOS 7 使用Docker搭建Nginx
- CentOS 7 使用Docker搭建Jenkins
- CentOS 7 使用Docker搭建Zookeeper
- CentOS 7 使用Docker搭建Tomcat
- CentOS 7 使用Docker搭建Mysql
- CentOS 7 使用Docker搭建PHP環境
- 使用docker搭建Swagger
- docker阿里云私有倉庫
- docker zookeeper集群
- docker部署ES
- docker之java容器運行外置springboot-jar
- docker部署owncloud云盤
- ETCD
- centos7部署etcd節點
- Dockerfile
- Docker-compose
- gitlab.yml
- db.yml
- 安裝docker-compose
- gitlab-docker-compose.yml
- nginx-docker-compose.yml
- Mysql
- mysql開啟遠程訪問及相關權限控制
- mysql授權
- mysql快速導出導入大數據
- mysql單機備份
- binlog日志
- shell
- 經典案例
- 俄羅斯方塊游戲
- 系統初始化
- 服務器監控
- go基礎環境
- shell.監控日志.elk
- shell.檢查各服務腳本
- shell.刪除文件腳本
- shell.守護進程
- shell.數據庫
- shell.Ansible
- shell.dev
- shell.ftp環境
- shell.docker環境
- shell.k8s環境
- k8s.二進制安裝
- K8s.一主多從
- k8s.三主兩從高可用
- k8s.檢查服務與配置
- k8s.jenkins
- k8s.gitlab
- go-install.sh
- jenkins-install.sh
- node-install.sh
- redis-install.sh
- zabbix-install.sh
- zabbix-dockerfile.sh
- nginx-install.sh
- shell變量
- 用戶自定義變量
- 環境變量
- shell特殊變量
- shell條件判斷
- 流程控制
- shell運算符
- Shell _printf
- shell_test
- shell函數
- 輸出重定向
- 網絡相關
- 安全相關
- 堡壘機部署
- 區塊鏈威脅情報共享平臺
- 簽名與驗簽
- 淺談區塊鏈
- 智能合約
- 黃金幣GTF智能合約
- 節點
- 以太坊公鏈私鏈geth同步
- 比特節點同步
- BTC節點錯誤解決方法
- eth硬分叉
- omni錢包節點搭建
- 架構
- K8s
- 搭建k8s集群完整篇
- 二進制部署k8s
- Devops
- git
- Jenkins
- svn
- 禪道
- CI/CD
- docker+jenkins+golang持續集成持續交付(CI/CD)
- 項目部署
- config.env
- docker-compose.yml
- Dockerfile模板
- .dockerignore
- run.sh
- nginx.conf模板
- 跨域
- jenkins配置
- 測試
- Python