最新版泛域名证书申请

最新版泛域名证书申请

前言

这几天证书过期了,重新申请了一下,修改了一下之前文档的问题。

泛域名

泛域名证书又名通配符证书是SSL证书中的其中一种形式,一般会以通配符的形式(如:*.domain.com)来指定证书所要保护的域名。

OV证书和DV证书都会有通配符的域名形式提供,而EV证书一般数据建模没有通配符的证书形数据建模工具有哪些式。

1.配置灵活方便

由于采用了通配符的形式对域名进行配置,那么对于拥有多个二级域名的网站是一件非常便网络安全专业利的事情。只要申请一张通配符证书,就能用于所有的二级网络安全密钥域名网站中。而且如果以后需要继续增加二级域名,也不需要再去申请购买证书,只需继续使用原有的证书就可以,对于网站管理者来说确实是非常的方便。

2.性价比高

一般而言,通配符证书是会比单域名证书会贵上不少,但是假如按每个二级域名nginx重启的证书价网络安全法格摊分下来,那其实证书单价是及其的低。当然这要看你的二级域名数量总数有多数据建模方法少而定。但如今互联网时代,很多公司企业他们都会用户多个二级域名。对于nginx是干嘛用的这些企业而言,通配符证书无疑是一种高性价比的SSL证书。

最新版泛域名证书申请

数据建模的实体属性装所需环境

root@cby:~#apt-getinstallsocat-y
root@cby:~#curlhttps://get.acme.sh|sh -s email=cby@chenby.cn
%Total%Received%XferdAverageSpeedTimeTimeTimeCurrent
DloadUploadTotalSpentLeftSpeed
00000000--:--:----:--:----:--:--0
1009370937007880--:--:--0:00:01--:--:--789
%Total%Received%XferdAverageSpeedTimeTimeTimeCurrent
DloadUploadTotalSpentLeftSpeed
100210k100210k00131k00:00:010:00:01--:--:--131k
[Fri15Apr202211:54:09AMCST]Installingfromonlinearchive.
[Fri15Apr202211:54:09AMCST]Downloadinghttps://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Fri15Apr202211:54:11AMCST]Extractingmaster.tar.gz
[Fri15Apr202211:54:11AMCST]Installingto/root/.acme.sh
[Fri15Apr202211:54:11AMCST]Installedto/root/.acme.sh/acme.sh
[Fri15Apr202211:54:11AMCST]Installingaliasto'/root/.bashrc'
[Fri15Apr202211:54:11AMCST]OK,Closeandreopenyourterminaltostartusingacme.sh
[Fri15Apr202211:54:11AMCST]Installingcronjob
490***"/root/.acme.sh"/acme.sh--cron--home"/root/.acme.sh">/dev/null
[Fri15Apr202211:54:11AMCST]Good,bashisfound,sochangetheshebangtousebashaspreferred.
[Fri15Apr202211:54:12AMCST]OK
[Fri15Apr202211:54:12AMCST]Installsuccess!
root@cby:~#

进入导入环境变量并提出申请

root@cby:~#cd.acme.sh/
root@cby:~/.acme.sh#exportDP_Id="abcd"
root@cby:~/.acme.sh#exportDP_Key="xxxxxxxxxx"
root@cby:~/.acme.sh#./acme.sh--issue--dnsdns_dp-d*.oiox.cn-doiox.cn
[Fri15Apr202212:05:13PMCST]UsingCA:https://acme.zerossl.com/v2/DV90
[Fri15Apr202212:05:13PMCST]Multidomain='DNS:*.oiox.cn,DNS:oiox.cn'
[Fri15Apr202212:05:13PMCST]Gettingdomainauthtokenforeachdomain
[Fri15Apr202212:05:38PMCST]Gettingwebrootfordomain='*.oiox.cn'
[Fri15Apr202212:05:38PMCST]Gettingwebrootfordomain='oiox.cn'
[Fri15Apr202212:05:39PMCST]Addingtxtvalue:DDuc5hd3b1RIoa5BefBkA53EpEtbAY0Fk8jOVVJcL6Efordomain:_acme-challenge.oiox.cn
[Fri15Apr202212:05:39PMCST]Addingrecord
[Fri15Apr202212:05:39PMCST]Thetxtrecordisadded:Success.
[Fri15Apr202212:05:40PMCST]Addingtxtvalue:43GHnhiHjyxCxsdHSDRDP_A4YqP8dDjc_9YgnkFNk5Ifordomain:_acme-challenge.oiox.cn
[Fri15Apr202212:05:40PMCST]Addingrecord
[Fri15Apr202212:05:40PMCST]Thetxtrecordisadded:Success.
[Fri15Apr202212:05:40PMCST]Let'scheckeachDNSrecordnow.Sleep20secondsfirst.
[Fri15Apr202212:06:01PMCST]Youcanuse'--dnssleep'todisablepublicdnschecks.
[Fri15Apr202212:06:01PMCST]See:https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Fri15Apr202212:06:02PMCST]Checkingoiox.cnfor_acme-challenge.oiox.cn
[Fri15Apr202212:06:04PMCST]Domainoiox.cn'_acme-challenge.oiox.cn'success.
[Fri15Apr202212:06:04PMCST]Checkingoiox.cnfor_acme-challenge.oiox.cn
[Fri15Apr202212:06:05PMCST]Domainoiox.cn'_acme-challenge.oiox.cn'success.
[Fri15Apr202212:06:05PMCST]Allsuccess,let'sreturn
[Fri15Apr202212:06:05PMCST]Verifying:*.oiox.cn
[Fri15Apr202212:06:17PMCST]Processing,TheCAisprocessingyourorder,pleasejustwait.(1/30)
[Fri15Apr202212:06:24PMCST]Success
[Fri15Apr202212:06:24PMCST]Verifying:oiox.cn
[Fri15Apr202212:06:31PMCST]Processing,TheCAisprocessingyourorder,pleasejustwait.(1/30)
[Fri15Apr202212:06:34PMCST]Success
[Fri15Apr202212:06:34PMCST]RemovingDNSrecords.
[Fri15Apr202212:06:34PMCST]Removingtxt:DDuc5hd3b1RIoa5BefBkA53EpEtbAY0Fk8jOVVJcL6Efordomain:_acme-challenge.oiox.cn
[Fri15Apr202212:06:35PMCST]Removed:Success
[Fri15Apr202212:06:35PMCST]Removingtxt:43GHnhiHjyxCxsdHSDRDP_A4YqP8dDjc_9YgnkFNk5Ifordomain:_acme-challenge.oiox.cn
[Fri15Apr202212:06:36PMCST]Removed:Success
[Fri15Apr202212:06:36PMCST]Verifyfinished,starttosign.
[Fri15Apr202212:06:36PMCST]Letsfinalizetheorder.
[Fri15Apr202212:06:36PMCST]Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/G4Sy37Y-eHjHX1wLMAh5nA/finalize'
[Fri15Apr202212:06:44PMCST]Orderstatusisprocessing,letssleepandretry.
[Fri15Apr202212:06:44PMCST]Retryafter:15
[Fri15Apr202212:07:00PMCST]Pollingorderstatus:https://acme.zerossl.com/v2/DV90/order/G4Sy37Y-eHjHX1wLMAh5nA
[Fri15Apr202212:07:03PMCST]Downloadingcert.
[Fri15Apr202212:07:03PMCST]Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/r4l-4WevkiEwiZA3U340ig'
[Fri15Apr202212:07:10PMCST]Certsuccess.
-----BEGINCERTIFICATE-----
MIIGaDCCBFCgAwIBAgIRAPw9soTBNxRGIVE6ANgMifAwDQYJKoZIhvcNAQEMBQAw
SzELMAkGA1UEBhMCQVQxEDAOBgNVBAoTB1plcm9TU0wxKjAoBgNVBAMTIVplcm9T
U0wgUlNBIERvbWFpbiBTZWN1cmUgU2l0ZSBDQTAeFw0yMjA0MTUwMDAwMDBaFw0y
MjA3MTQyMzU5NTlaMBQxEjAQBgNVBAMMCSoub2lveC5jbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALj8qi39uAgrhdwzQ6zP+ADRZgO2qGAVN4Qmu/ul
tANIVXuM/B3lbD6RM+Msb1Df5FKXJoga+hBjBQI9iX+k4M3uf2isIeZBJix1dj2N
6o2NpcbCXEyPclOFSWHuOuMgCXKofThz9Vlgb1sZsuBv7+6mF/qGEmX2nsjIYlPh
/x7NqB1+WF+ouKPWOvWTg/O+NaJd/8EkIhtqwYRH19JtIMxZAnVcnk/vlUirHFdl
K0C21mCn4SZpG/k0tfLkUAJ/dokWAYKiAV5kCr1cpS/mEKGWKbgR0+e436ZlAXR8
pPJLHvV19U+D4+YrjvEGrxh0p3sQmVLAQiKvX8H/2e6/lJUCAwEAAaOCAnwwggJ4
MB8GA1UdIwQYMBaAFMjZeGii2Rlo1T1y3l8KPty1hoamMB0GA1UdDgQWBBQNQ6Tg
Wc9VXEb7JBebpnqg07n6lDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEE
AbIxAQICTjAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAI
BgZngQwBAgEwgYgGCCsGAQUFBwEBBHwwejBLBggrBgEFBQcwAoY/aHR0cDovL3pl
cm9zc2wuY3J0LnNlY3RpZ28uY29tL1plcm9TU0xSU0FEb21haW5TZWN1cmVTaXRl
Q0EuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vemVyb3NzbC5vY3NwLnNlY3RpZ28u
Y29tMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUARqVV63X6kSAwtaKJafTzfREs
QXS+/Um4havy/HD+bUcAAAGAK2cJxgAABAMARjBEAiBqAyCsE36I+qUvZaEuWqNf
XuLAgdaNl6Xi/XrtpEIQhAIgRxOZNoDnqjgxGxfuG4kaGvLzlJezgbzss49CK/pH
g+MAdQBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAYArZwmVAAAE
AwBGMEQCIE4CJqmMWMJBpSMumrxsK4hBV2aVoG6zke9vqjvUD6mQAiBaCjPj2NJC
ULsSB39TVW9maHtX9oQ8Wl9vLAD4dKirkDAdBgNVHREEFjAUggkqLm9pb3guY26C
B29pb3guY24wDQYJKoZIhvcNAQEMBQADggIBAGdRf30QaQQ764Qe7e/+qFX6gcQ2
nee8w4jKTLgcXL0un5Fb9lJi/cJtdsMDxvYyrFEhYIl3XosP2Kzl0DAwxYV2QcN0
g0EulOfU46v/rueWuLo/AwzSVdSwxPTLa+QI69cPgQk/skqRigv17zjdbRRVY7jm
/+a9wGc8st0CNUtCgH4N03HcexIqbo7wquNUE19rvhFOTPMewID7P8NviitM76vS
K3C7SNqnyeIAZ3ydOFamZ4ye68mEQCJ0LGaSlDme8tY3eA3vliziKeouv6itGbRS
X2Ze8Twk/8PADC0sxIjPjrh47ngE+DNpEEDr6PH89hnvjEl3V0ZFV9dW1McAoq2Q
RW4LyXeSXasYPKQU1ncTjDsymquX5r7OJ1SCnXUCuEFohoGWkZTWUFQBy3C8Xwuz
AHzYxzsSPyKV19sJEUkSaFIEQH5dbMqGSnk60gE+bqDfRTZ2PL9WGp+by60HSbzo
3ehnUoyRkggmoD+SX8AAJLPuxkHFB/L68CL7knwWXzYcBYfj0yv+0T5HPhOofHud
Fwv/h5loRN/1jeVwIblo9B+3KnNNDAxd5NTf1l80oZJgKqS6zoFJwKbE0X11Ved7
m35ZEcj4UwrgSFLE7Y9+to66In2N/QpvFPFclE9Xfwdd03YAmxS/biIul2xrkzBf
E9Q19NWLnTA2YU52
-----ENDCERTIFICATE-----
[Fri15Apr202212:07:10PMCST]Yourcertisin:/root/.acme.sh/*.oiox.cn/*.oiox.cn.cer
[Fri15Apr202212:07:10PMCST]Yourcertkeyisin:/root/.acme.sh/*.oiox.cn/*.oiox.cn.key
[Fri15Apr202212:07:10PMCST]TheintermediateCAcertisin:/root/.acme.sh/*.oiox.cn/ca.cer
[Fri15Apr202212:07:10PMCST]Andthefullchaincertsisthere:/root/.acme.sh/*.oiox.cn/fullchain.cer

查看已申请出来nginx怎么读证书

root@cby:~/.acme.sh#cd\*.oiox.cn
root@cby:~/.acme.sh/*.oiox.cn#ll
total 44
drwxr-xr-x 2 root root 4096 Jul 27 10:31  ./
drwx------ 7 root root 4096 Jul 27 10:28  ../
-rw-r--r-- 1 root root 4399 Jul 27 10:31  ca.cer
-rw-r--r-- 1 root root 6684 Jul 27 10:31  fullchain.cer
-rw-r--r-- 1 root root 2285 Jul 27 10:31 '*.oiox.cn.cer'
-rw-r--r-- 1 root root  556 Jul 27 10:31 '*.oiox.cn.conf'
-rw-r--r-- 1 root root  956 Jul 27 10:28 '*.oiox.cn.csr'
-rw-r--r-- 1 root root  156 Jul 27 10:28 '*.oiox.cn.csr.conf'
-rw------- 1 root root 1679 Jul 27 10:28 '*.oiox.cn.key'
root@cby:~/.acme.sh/*.oiox.cn#

Nginx部署证书

示例:
server{
listen80;
listen[::]:80;
listen443ssl;
listen[::]:443;
ssl_certificate/ssl/cert.pem;
ssl_certificate_key/ssl/cert.key;
ssl_session_timeout5m;
ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocolsTLSv1TLSv1.1TLSv1.2;
ssl_prefer_server_cipherson;
server_namedns.oiox.cn;
root/var/www/dns;
indexindex.html;
location/{
try_files$uri$uri/=404;
}
}
# 转化证书
acme.sh --install-cert -d *.oiox.cn --key-file  /ssl/cert.key  --fullchain-file /ssl/cert.pem --reloadcmd  "service nginx force-reload"
[Wed 27 Jul 2022 10:34:41 AM CST] Installing key to: /ssl/cert.key
[Wed 27 Jul 2022 10:34:41 AM CST] Installing full chain to: /ssl/cert.pem
[Wed 27 Jul 2022 10:34:41 AM CST] Run reload cmd: service nginx force-reload
[Wed 27 Jul 2022 10:34:41 AM CST] Reload success

证书更新

目前通过 acme.sh网络安全工程师 生成的证书会nginx是什么意思在60天过期
安装 acme.sh 时会自动创建一个 cronjob,每天定期检查所有证书,如果证书需要更新会自动更新证书。

# 1.手动更新
acme.sh --renew -d example.com --force
# 2.自动更新
crontab -l
12 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
# 3.主程序自动更新
acme.sh  --upgrade  --auto-upgrade

附录

上面使用DNSPOD进行动态解析申请证书
阿里云DNS申请
exportAli_Key="abcd"
exportAli_Secret="xxxxxxxxxx"
#RSA证书
acme.sh--issue--dnsdns_ali-dblog.exsvc.cn-d*.exsvc.cn
#ECC证书
acme.sh--issue--dnsdns_ali-dblog.exsvc.cn-d*.exsvc.cn--keylengthec-256
腾讯云DNS申请
root@cby:~/.acme.sh#exportDP_Id="abcd"
root@cby:~/.acme.sh#exportDP_Key="xxxxxxxxxx"
root@cby:~/.acme.sh#./acme.sh--issue--dnsdns_dp-d*.oiox.cn-doiox.cn
更多申请方式见:https://github.com/acmesh-official/acme.sh/wiki/dnsapi

关于

http网络安全知识s://www.oiox.cn/

https://www.oiox.cn/index.php/start-page.html

CSDN、GitHub、知乎、开源中国、nginx反向代理思否、掘金、简书、华数据建模为云、阿数据建模里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客

全网可搜《小陈运维

文章主要发nginx面试题布于微信公众号