{"id":2094,"date":"2023-02-01T09:54:26","date_gmt":"2023-02-01T01:54:26","guid":{"rendered":"https:\/\/blog.kingsbestone.com\/?p=2094"},"modified":"2023-02-08T09:21:44","modified_gmt":"2023-02-08T01:21:44","slug":"centos7%e7%94%b3%e8%af%b7lets-encrypt%e8%af%81%e4%b9%a6","status":"publish","type":"post","link":"https:\/\/blog.kingsbestone.com\/?p=2094","title":{"rendered":"Centos7\u624b\u52a8\u7533\u8bf7Let&#8217;s Encrypt\u8bc1\u4e66"},"content":{"rendered":"<p><span style=\"font-family: 'comic sans ms', sans-serif;\">\u672c\u6559\u7a0b\u662f\u4f7f\u7528\u8bc1\u4e66\u673a\u5668\u4ebaCertbot\u4ee3\u5411CA\u673a\u6784Let&#8217;s Encrypt\u7533\u8bf7SSL\u8bc1\u4e66\u7684\u3002\u767b\u5f55centos7\u4e3b\u673a\u7684SSH\u7ec8\u7aef\uff0c\u5982\u679c\u6ca1\u6362\u6e90\u7684\u4f18\u5148\u6362\u6e90\uff0c\u7136\u540e\u5f00\u59cb\u4e0b\u9762\u64cd\u4f5c\u3002<\/span><\/p>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">\u6d41\u7a0b\uff1a<\/span><\/p>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">&lt;\u5148\u5b89\u88c5snap&gt; &#8212;&gt; &lt;\u5b89\u88c5Cerbot&gt; &#8212;&gt; &lt;\u59d4\u6258Cerbot\u4ee3\u5411Let&#8217;s Encrypt\u7533\u8bf7SSL\u8bc1\u4e66&gt; &#8212;&gt; &lt;\u7533\u8bf7\u597d\u7684SSL\u8bc1\u4e66\u586b\u5165\u76f8\u5173\u670d\u52a1&gt; &#8212;&gt; &lt;\u7eed\u8ba2\u8bc1\u4e66&gt;<\/span><\/p>\n<hr \/>\n<h1><span style=\"font-family: 'comic sans ms', sans-serif;\">1.\u5b89\u88c5snap<\/span><\/h1>\n<ul>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">\u53c2\u8003\u6587\u7ae0\uff1ahttps:\/\/snapcraft.io\/docs\/installing-snap-on-centos<\/span><\/li>\n<\/ul>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">sudo yum install -y snapd<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">1-2.\u5f00\u542fsnap\u7684systemd\u901a\u4fe1\u63a5\u53e3<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">sudo systemctl enable --now snapd.socket<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">1-3.\u8f6f\u8fde\u63a5snap\u547d\u4ee4<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">sudo ln -s \/var\/lib\/snapd\/snap \/snap<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">1-4.\u8bbe\u7f6esnap\u5f00\u673a\u81ea\u542f\u52a8<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">systemctl enable snapd.service<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">1-5.\u91cd\u542f\u7cfb\u7edf<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">reboot<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">1-6.\u5f00\u542f\u540e\u91cd\u65b0\u767b\u5f55SSH\u7ec8\u7aef<\/span><\/p>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">1-7.\u66f4\u65b0\u5e76\u5237\u65b0snap<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">sudo snap install core &amp;&amp; sudo snap refresh core<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">1-8.\u5220\u9664\u8001\u7248\u672c\u7684Certbot\u7a0b\u5e8f\u6216\u8005\u5df2\u5b89\u88c5\u7684Cerbot\u7a0b\u5e8f\uff0c\u9632\u6b62\u51b2\u7a81<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">sudo yum remove -y certbot<\/pre>\n<h1><span style=\"font-family: 'comic sans ms', sans-serif;\">2.\u5b89\u88c5certbot<\/span><\/h1>\n<ul>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">\u53c2\u8003\u6587\u7ae0\uff1ahttps:\/\/certbot.eff.org\/instructions?ws=other&amp;os=centosrhel7<\/span><\/li>\n<\/ul>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">sudo snap install --classic certbot<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">2-1.\u8f6f\u8fde\u63a5certbot\u547d\u4ee4<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">sudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">2-2.\u5f00\u59cb\u6d4b\u8bd5\u7533\u8bf7\u8bc1\u4e66\u6d41\u7a0b\u662f\u5426\u6b63\u5e38\uff0c\u672c\u6b21\u4f7f\u7528DNS\u9a8c\u8bc1\u65b9\u5f0f\u7533\u8bf7<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">[root@iZ6webwxn14lqwuh9kxokwZ ~]# sudo certbot certonly --manual --preferred-challenges dns -d one.test.kingsbestone.com --dry-run\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nEnter email address (used for urgent renewal and security notices)\r\n (Enter 'c' to cancel): admin@example.com\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPlease read the Terms of Service at\r\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.3-September-21-2022.pdf. You must\r\nagree in order to register with the ACME server. Do you agree?\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es\/(N)o: y\r\nAccount registered.\r\nSimulating a certificate request for one.test.kingsbestone.com\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPlease deploy a DNS TXT record under the name:\r\n\r\n_acme-challenge.one.test.kingsbestone.com.\r\n\r\nwith the following value:\r\n\r\nQvTbpbiUkaE57DEEpvd0qiDPsHaRsA6yT9z8vbusaiI\r\n\r\nBefore continuing, verify the TXT record has been deployed. Depending on the DNS\r\nprovider, this may take some time, from a few seconds to multiple minutes. You can\r\ncheck if it has finished deploying with aid of online tools, such as the Google\r\nAdmin Toolbox: https:\/\/toolbox.googleapps.com\/apps\/dig\/#TXT\/_acme-challenge.one.test.kingsbestone.com.\r\nLook for one or more bolded line(s) below the line ';ANSWER'. It should show the\r\nvalue(s) you've just added.\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPress Enter to Continue\r\nThe dry run was successful.\r\n[root@iZ6webwxn14lqwuh9kxokwZ ~]#<\/pre>\n<ul>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">\u63d0\u793a The dry run was successful. \u8868\u793a\u6d4b\u8bd5\u6210\u529f\u3002<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">2-3.\u5f00\u59cb\u6b63\u5f0f\u7533\u8bf7\u8bc1\u4e66\uff0c\u672c\u6b21\u4f7f\u7528DNS\u9a8c\u8bc1\u65b9\u5f0f<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">[root@iZ6webwxn14lqwuh9kxokwZ ~]# sudo certbot certonly --manual --preferred-challenges dns -d one.test.kingsbestone.com\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nEnter email address (used for urgent renewal and security notices)\r\n (Enter 'c' to cancel): admin@example.com\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPlease read the Terms of Service at\r\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.3-September-21-2022.pdf. You must\r\nagree in order to register with the ACME server. Do you agree?\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es\/(N)o: y\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nWould you be willing, once your first certificate is successfully issued, to\r\nshare your email address with the Electronic Frontier Foundation, a founding\r\npartner of the Let's Encrypt project and the non-profit organization that\r\ndevelops Certbot? We'd like to send you email about our work encrypting the web,\r\nEFF news, campaigns, and ways to support digital freedom.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es\/(N)o: n\r\nAccount registered.\r\nRequesting a certificate for one.test.kingsbestone.com\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPlease deploy a DNS TXT record under the name:\r\n\r\n_acme-challenge.one.test.kingsbestone.com.\r\n\r\nwith the following value:\r\n\r\nr_EdwmRT01siVrDX2pbDGSnnylxcNdiBejYntHPNFYA\r\n\r\nBefore continuing, verify the TXT record has been deployed. Depending on the DNS\r\nprovider, this may take some time, from a few seconds to multiple minutes. You can\r\ncheck if it has finished deploying with aid of online tools, such as the Google\r\nAdmin Toolbox: https:\/\/toolbox.googleapps.com\/apps\/dig\/#TXT\/_acme-challenge.one.test.kingsbestone.com.\r\nLook for one or more bolded line(s) below the line ';ANSWER'. It should show the\r\nvalue(s) you've just added.\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nPress Enter to Continue\r\n\r\nSuccessfully received certificate.\r\nCertificate is saved at: \/etc\/letsencrypt\/live\/one.test.kingsbestone.com\/fullchain.pem\r\nKey is saved at:         \/etc\/letsencrypt\/live\/one.test.kingsbestone.com\/privkey.pem\r\nThis certificate expires on 2023-05-08.\r\nThese files will be updated when the certificate renews.\r\n\r\nNEXT STEPS:\r\n- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nIf you like Certbot, please consider supporting our work by:\r\n * Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\r\n * Donating to EFF:                    https:\/\/eff.org\/donate-le\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n[root@iZ6webwxn14lqwuh9kxokwZ ~]#<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">2-4.\u628a\u7533\u8bf7\u7684\u8bc1\u4e66\u586b\u5165\u76f8\u5173\u670d\u52a1\uff0c\u8bc1\u4e66\u76ee\u5f55\u5982\u4e0b\uff1a<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">Certificate is saved at: \/etc\/letsencrypt\/live\/one.test.kingsbestone.com\/fullchain.pem\r\nKey is saved at:         \/etc\/letsencrypt\/live\/one.test.kingsbestone.com\/privkey.pem<\/pre>\n<ul>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">NGINX\u6216APACHE\uff08\u8bc1\u4e66\u586b\u5165\u5373\u53ef\uff09<\/span><\/li>\n<\/ul>\n<h1><span style=\"font-family: 'comic sans ms', sans-serif;\">3.Certbot\u624b\u52a8\u7eed\u7b7e\u8bc1\u4e66<\/span><\/h1>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">3-1.\u67e5\u770b\u6240\u6709\u8bc1\u4e66<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">certbot certificates<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">3-2.\u6d4b\u8bd5\u7eed\u7b7e\u6240\u6709\u8bc1\u4e66\u662f\u5426\u53ef\u4ee5\u6b63\u5e38\u5de5\u4f5c<\/span><\/p>\n<ul>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">\u6211\u9ed8\u8ba4\u4f7f\u7528\u7684\u7b7e\u53d1\u57df\u540d\u4e3a\uff1aone.test.kingsbestone.com<\/span><\/li>\n<\/ul>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">[root@iZ6webwxn14lqwuh9kxokwZ ~]# sudo certbot renew --dry-run\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nProcessing \/etc\/letsencrypt\/renewal\/one.test.kingsbestone.com.conf\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nAccount registered.\r\nSimulating renewal of an existing certificate for one.test.kingsbestone.com\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nCongratulations, all simulated renewals succeeded: \r\n  \/etc\/letsencrypt\/live\/one.test.kingsbestone.com\/fullchain.pem (success)\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n[root@iZ6webwxn14lqwuh9kxokwZ ~]#<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">3-3.\u6b63\u5f0f\u7eed\u7b7e\u6240\u6709\u8bc1\u4e66<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">sudo certbot renew<\/pre>\n<h1><span style=\"font-family: 'comic sans ms', sans-serif;\">4.\u5b9a\u65f6\u4efb\u52a1\u81ea\u52a8\u7eed\u7b7e\u8bc1\u4e66<\/span><\/h1>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">4-1.\u8bbe\u7f6e\u6bcf\u6708\u6267\u884c\u4e00\u6b21\u7684\u7eed\u7b7e\u5b9a\u65f6\u4efb\u52a1<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">vi \/etc\/crontab\r\n\r\n* * * 1 * sudo certbot renew --post-hook \"systemctl restart nginx.service\"<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">4-2.\u8bc1\u4e66\u7b7e\u53d1\u5b8c\u6210<\/span><\/p>\n<h1><span style=\"font-family: 'comic sans ms', sans-serif;\">5.\u67e5\u770b\u6240\u6709\u8bc1\u4e66<\/span><\/h1>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">[root@iZ6webwxn14lqwuh9kxokwZ ~]# certbot certificates\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nFound the following certs:\r\n  Certificate Name: one.test.kingsbestone.com\r\n    Serial Number: 3acb552e4ff3466b6d9b2d2cdca6a56bc9c\r\n    Key Type: RSA\r\n    Domains: one.test.kingsbestone.com\r\n    Expiry Date: 2023-05-08 06:14:05+00:00 (VALID: 89 days)\r\n    Certificate Path: \/etc\/letsencrypt\/live\/one.test.kingsbestone.com\/fullchain.pem\r\n    Private Key Path: \/etc\/letsencrypt\/live\/one.test.kingsbestone.com\/privkey.pem\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n[root@iZ6webwxn14lqwuh9kxokwZ ~]#<\/pre>\n<h1><span style=\"font-family: 'comic sans ms', sans-serif;\">6.Certbot\u540a\u9500\u8bc1\u4e66<\/span><\/h1>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">[root@iZ6webwxn14lqwuh9kxokwZ ~]# sudo certbot revoke --reason keycompromise --cert-path \/etc\/letsencrypt\/live\/one.test.kingsbestone.com\/fullchain.pem\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nWould you like to delete the certificate(s) you just revoked, along with all\r\nearlier and later versions of the certificate?\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es (recommended)\/(N)o: y\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nThe following certificate(s) are selected for deletion:\r\n\r\n  * one.test.kingsbestone.com\r\n\r\nWARNING: Before continuing, ensure that the listed certificates are not being\r\nused by any installed server software (e.g. Apache, nginx, mail servers).\r\nDeleting a certificate that is still being used will cause the server software\r\nto stop working. See https:\/\/certbot.org\/deleting-certs for information on\r\ndeleting certificates safely.\r\n\r\nAre you sure you want to delete the above certificate(s)?\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n(Y)es\/(N)o: y\r\nDeleted all files relating to certificate one.test.kingsbestone.com.\r\nCongratulations! You have successfully revoked the certificate that was located at \/etc\/letsencrypt\/live\/one.test.kingsbestone.com\/fullchain.pem.\r\n[root@iZ6webwxn14lqwuh9kxokwZ ~]# certbot certificates\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nNo certificates found.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n[root@iZ6webwxn14lqwuh9kxokwZ ~]#<\/pre>\n<ul>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">&#8211;cert-path\u00a0 \u00a0 \u6307\u5b9a\u8bc1\u4e66\u5177\u4f53\u76ee\u5f55\u4f4d\u7f6e\uff0c\u5e76\u975e\u8bc1\u4e66\u540d<\/span><\/li>\n<li><span style=\"font-family: 'comic sans ms', sans-serif;\">&#8211;reason\u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u540a\u9500\u8bc1\u4e66\u7684\u539f\u56e0\uff08\u4f8b\u5982\uff1a\u5bc6\u94a5\u6cc4\u9732\uff09<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">6-2.\u64cd\u4f5c\u6210\u529f\u540e\uff0c\u518d\u5220\u9664\u8bc1\u4e66\u76f8\u5173\u6587\u4ef6\uff0c\u5982\u679c\u8bc1\u4e66\u5df2\u88ab\u5220\u9664\u5219\u4f1a\u62a5\u9519\uff0c\u63d0\u793a\u8bc1\u4e66\u5df2\u88ab\u5220\u9664\uff0c\u5c31\u65e0\u9700\u91cd\u590d\u64cd\u4f5c\u3002<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">certbot delete --cert-name one.test.kingsbestone.com<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">6-3.\u518d\u6b21\u67e5\u770b\u6240\u6709\u8bc1\u4e66\uff0c\u5982\u679c\u6ca1\u6709\u4e86\uff0c\u5219\u64cd\u4f5c\u6210\u529f\u3002<\/span><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">[root@iZ6webwxn14lqwuh9kxokwZ ~]# certbot certificates\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nNo certificates found.\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n[root@iZ6webwxn14lqwuh9kxokwZ ~]#<\/pre>\n<p><span style=\"font-family: 'comic sans ms', sans-serif;\">\u5b8c\u6210\uff01<\/span><\/p>\n<hr \/>\n<h1><span style=\"font-family: 'comic sans ms', sans-serif;\">7.\u53c2\u6570\u4ecb\u7ecd\uff1a<\/span><\/h1>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">sudo certbot certonly --manual --preferred-challenges dns -d *.example.com -d example.com --dry-run\r\n\r\n#sudo                         \u4f7f\u7528root\u7528\u6237\u6743\u9650\u6267\u884c\u6b64\u547d\u4ee4\r\n#certbot                      \u83b7\u53d6\u6216\u7eed\u8ba2\u8bc1\u4e66\uff0c\u4f46\u4e0d\u5b89\u88c5\r\n#certonly                     \u9a8c\u8bc1\u6a21\u5f0f\uff08\u9a8c\u8bc1\u6a21\u5f0f\u6216\u5b89\u88c5\u6a21\u5f0f\uff09\r\n#--manual                     \u624b\u52a8\u4ea4\u4e92\u6a21\u5f0f\r\n#--preferred-challenges       \u91c7\u7528\u4f55\u79cd\u6821\u9a8c\u65b9\u5f0f\u9a8c\u8bc1\uff08dns\u6216http\uff09\r\n#-d                           \u586b\u5199\u6240\u9700\u8bc1\u4e66\u7684\u57df\u540d\r\n#--dry-run                    \u6d4b\u8bd5\u6a21\u5f0f\uff08certonly\u6216renwe\u53ef\u7528\uff09\uff0c\u9a8c\u8bc1\u547d\u4ee4\u662f\u5426\u6210\u529f\u7528\u3002<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u672c\u6559\u7a0b\u662f\u4f7f\u7528\u8bc1\u4e66\u673a\u5668\u4ebaCertbot\u4ee3\u5411CA\u673a\u6784Let&#8217;s Encrypt\u7533\u8bf7SSL\u8bc1\u4e66\u7684\u3002\u767b\u5f55centos7\u4e3b\u673a\u7684SSH\u7ec8\u7aef\uff0c\u5982\u679c\u6ca1\u6362\u6e90\u7684\u4f18\u5148\u6362\u6e90\uff0c\u7136\u540e\u5f00\u59cb\u4e0b\u9762\u64cd\u4f5c\u3002 \u6d41\u7a0b\uff1a &lt;\u5148\u5b89\u88c5snap&gt; &#8212;&gt; &lt;\u5b89\u88c5Cerbot&gt; &#8212;&gt; &lt;\u59d4\u6258Ce &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"Centos7\u624b\u52a8\u7533\u8bf7Let&#8217;s Encrypt\u8bc1\u4e66\" class=\"read-more button\" href=\"https:\/\/blog.kingsbestone.com\/?p=2094#more-2094\" aria-label=\"\u66f4\u591a Centos7\u624b\u52a8\u7533\u8bf7Let&#8217;s Encrypt\u8bc1\u4e66\">\u67e5\u770b\u66f4\u591a<\/a><\/p>\n","protected":false},"author":1,"featured_media":212,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[59,4],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/posts\/2094"}],"collection":[{"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2094"}],"version-history":[{"count":34,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/posts\/2094\/revisions"}],"predecessor-version":[{"id":2129,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/posts\/2094\/revisions\/2129"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=\/wp\/v2\/media\/212"}],"wp:attachment":[{"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.kingsbestone.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}