Last update at :2024-06-21,Edit by888u
Snail's article "Use CloudXNS API to quickly verify domain names and obtain Let\\'s Encrypt SSL certificate with one click", if our domain name resolution uses CloudXNS, we can quickly obtain Let\\'s Encrypt SSL certificate and deployment can be regarded as one of the more convenient methods in the many Let's Encrypt configuration processes. At the same time, in the GITHUB script, there is also a domain name resolution platform script corresponding to DNSPOD. If our domain name uses DNSPOD resolution, we can also use the corresponding script to quickly configure Let\\’s Encrypt certificate.
In this article, Snail will sort out how this script obtains Let\\’s Encrypt certificate for the domain name resolved by DNSPOD.
First, preparations
1. Linux VPS and server are configured with WEB environment, and the website is added and laid out on the server
2. Check whether our current domain name is using DNSPOD resolution
3. Create API Token
The default API Token is closed, we need to log in to https://www.dnspod.cn/console/user/security to open and create it.
After creating this, make a record, you will need it later.
Second, download the DNSPOD one-click installation Let\\’s Encrypt script
wget https://github.com/xdtianyu/scripts/raw/master/le-dns/le-dnspod.shwget https://github.com/xdtianyu/scripts/raw/master/le-dns/dnspod .confchmod +x le-dnspod.sh
Download and Authorize
Third, modify the dnspod.conf configuration file
TOKEN=\\”YOUR_TOKEN_ID,YOUR_API_TOKEN\\” RECORD_LINE=\\”Default\\”DOMAIN=\\”laobuluo.com\\”CERT_DOMAINS=\\”laobuluo.com www.laobuluo.com\\” #ECC=TRUE
Here you need to modify TOKEN (note the format), DOMAIN, and CERT_DOMAINS. Pay attention to the format when replacing the file.
Fourth, automatically execute configuration
./le-dnspod.sh dnspod.conf
Seeing such a result can confirm that the installation can be successful, and there will be a corresponding domain name folder in the current cert directory.
Fifth, configure SSL to the website
After we automatically obtain the Let\\’s Encrypt certificate, we need to go to Nginx (different methods if using apache) to modify the configuration file.
ssl_certificate /root/certs/corresponding domain name certificate folder/cert.pem;ssl_certificate_key /root/certs/corresponding domain name certificate folder/privkey.pem;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE :ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;
After modifying the configuration file, restart Nginx to take effect.
It seems that it is done. We only need to modify whether it is necessary to force a 301 jump (Nginx environment forces http 301 jump to https setting record) to point to HTTPS.
Sixth, set Let\\’s Encrypt to automatically renew
Because it is free for 90 days by default (this is not good, let’s give it a year anyway), but we need to renew the mobile phone contract before it expires. It also supports automatic activation and renewal using crontab.
0 0 5/20 * * /root/le-dnspod.sh /root/le-dnspod.conf >> /var/log/le-dnspod.log 2>&1
Add the automatic renewal task to crontab, so that the contract will be automatically detected and renewed according to the set time. After execution, restart nginx to take effect.
Recommended site search: Ministry of Industry and Information Technology ICP registration number, local IP query, free asp.net space, Korean cn2 server, website space registration-free, registration information query, Alibaba Cloud registration, mainland China permanent free cloud server, how to register a domain name , the best virtual host in mainland China,
发表评论