在macOS平台下制作SSL证书,免费域名通配符证
1、安装homebrew
2、安装certbot
brew install certbot
3、执行命令,比如域名是 *.example.com
sudo certbot certonly -d "*.example.com" --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
4、剩下的基本默认都是选择y,直到出现下面内容的时候,则需要在域名解析控制台增加一个TXT解析,添加后继续回车下一步
Please deploy a DNS TXT record under the name:
_acme-challenge.example.com.
with the following value:
D1kOMANSfZG0HVM6-swGIqHrD87p7LGrnDLmoOclSuw
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.wangboweb.site.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
5、成功后就会有如下提示
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem
This certificate expires on 2022-12-23.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
6、默认生成的证书在 /etc/letsencrypt/achive/example.com/ 目录下,但是这个目录默认是没有权限访问的,需要复制出来的话,只需要在该文件夹右键-显示简介,加个权限就好,然后将fullchain.pem和privkey.pem两个文件复制出来
7、在群晖-控制面板-安全性-证书中上传对应的证书文件即可
评论区