CentOS 6
- 建立 /root/lets-encrypt/authenticator.sh
cd /root/lets-encrypt/ wget https://svn.ichiayi.com/opensvn/opentrysoft/certbot/authenticator.sh chmod a+x authenticator.sh
- 建立 /root/lets-encrypt/cleanup.sh
cd /root/lets-encrypt/ wget https://svn.ichiayi.com/opensvn/opentrysoft/certbot/cleanup.sh chmod a+x cleanup.sh
- 取得 CloudFlare 的 Zone ID 與 Global API Key 更改 authenticator.sh 與 cleanup.sh 內容
: API_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" EMAIL="[email protected]" ZONE_ID="xxxxxxxxxxxxxxx" :
- 執行取得 SSL 憑證命令 Exp. erp.ichiayi.com
/root/lets-encrypt/certbot-auto certonly --manual --preferred-challenges=dns --manual-auth-hook /root/lets-encrypt/authenticator.sh --manual-cleanup-hook /root/lets-encrypt/cleanup.sh -d erp.ichiayi.com
- 設定憑證到期自動更新
- 建立 /root/lets-encrypt/renewcert.sh Exp. erp.ichiayi.com
vi /root/lets-encrypt/renewcert.sh
/root/lets-encrypt/certbot-auto renew --preferred-challenges=dns --manual-auth-hook /root/lets-encrypt/authenticator.sh --manual-cleanup-hook /root/lets-encrypt/cleanup.sh --agree-tos
- 設定執行權限
chmod a+x /root/lets-encrypt/renewcert.sh
- 設定每天 4:30 執行自動檢查一次
vi /etc/crontab
: # erp.ichiayi.com SSL cert auto renew 30 4 * * * root /root/lets-encrypt/renewcert.sh > /tmp/certrenew.log
service crond restart