2023/05/12

Ubuntu 22.04 LTS Certbot 使用 CloudFlare 申請全域的 Let's Encrypt憑證

先輸入以下命令安裝套件 
# Install CertBot
sudo apt update -y
sudo apt install snapd -y
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo apt install python-is-python3 python3-certbot-dns-cloudflare -y
進到CloudFlare所要取得SSL的Domain頁面,點擊Get your API token 編輯cf.ini
點擊Create Token

點擊Get started,啟用下列Pemission和選取要設定的Domain,點擊Continue to summary就會得到Token


sudo vim /etc/letsencrypt/cf.ini
dns_cloudflare_api_token = token
取得SSL 
sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cf.ini -d "your.domain"
將SSL設定在Nginx上重新載入即可 
vim /etc/nginx/conf.d/test.conf
server {
    listen 443 ssl http2;
    server_name _;
    ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem;
}
定時更新可以透過Crontab 
# Install crontab
sudo apt-get -y install cron

#automatic renew ssl
echo "0 0 * */3 * (echo 2 | sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cf.ini -d 'your.domain') && sudo systemctl restart nginx | crontab -
sudo systemctl enable --now cron
sudo systemctl restart cron
By at
標籤: , , , , , ,