I’m working on the certificate recently, and I’ll write down what I know.

Let’s Encrypt’s free certificate has been available for almost a year. Chrome used to have a shiny green lock for HTTPS domain names, but recent updates have removed the green lock.

Sslabs is a website that monitors THE security and performance of SSL. After deployment you can check it out and sslLabs will give you A rating. For example, I currently have an A and the highest grade is A+.

1. How to apply for a free certificate?

Let’s Encrypt supports universal domain names for free, use the foot 🦶 want to know which to use.

How do I apply for a Let’s Encrypt certificate?

Let’s Encrypt officially recommends Cerbot to apply for a certificate. Follow the official website tutorial step by step. Below is a demonstration of the application process for Ubuntu + Nginx.

(1) the install

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 
Copy the code

Run the above command and you are finished installing Cerbot. The next step is to get DNS authentication right, which automatically renewals the certificate.

â‘¡ DNS authentication plug-in DNS-plugin

The official command for applying for a certificate is as follows:

$ sudo certbot -a dns-plugin -i nginx -d"* example.com"-d example.com --server https://acme-v02.api.letsencrypt.org/directory
#Dns-plugin,-nginx, and example.com are individual replacements.
#The corresponding DNS service provider has the corresponding DNS plug-in
# (https://certbot.eff.org/docs/using.html#dns-plugins) find relevant information.
Copy the code

I use dnspod, the above link does not help me, so I use the third library certbot-dnS-dnspod

To use this library, you need to get the API Token generated by DNspod.

Generation path :dnspod Backstage Trial user center Trial security setup Trial API Token Create API Token.

Dnspod this token has a pit, be sure to pay attention to the ID and token in the above information, these two fields need to be combined to form a complete token: “ID, token “(separated by English half corner comma)

So, the complete Token is:

13490, 6 b5976c68aba5b14a0558b77c17c3932Copy the code

Return to your own server, create the/etc/letsencrypt dnspod. Conf, use this file will be in the CARDS link.

certbot_dns_dnspod:dns_dnspod_email = "[email protected]" certbot_dns_dnspod:dns_dnspod_api_token = "13490, 6 b5976c68aba5b14a0558b77c17c3932"Copy the code

(3) the CARDS!

sudo certbot certonly -a certbot-dns-dnspod:dns-dnspod --certbot-dns-dnspod:dns-dnspod-credentials /etc/letsencrypt/dnspod.conf --server https://acme-v02.api.letsencrypt.org/directory -d gongchen.com -d "*.gongchen.com"
Copy the code

. Automatic renewals are pending