It is very convenient and low-cost to obtain SSL certificates for free or pay for SSL purchases. If it is an overseas website such as foreign trade or a website targeting Google search engine, it is recommended to give priority to adding SSL certificates to the website, but the compatibility of search engines such as Chinese websites and auxiliary services is not so clear. However, the basic SSL certificate configuration website must be mastered in advance. The configuration of various server environments and the quick installation of various one key packages are more and more convenient.
In this article, what Lao Zuo wants to share is the CloudXNS based domain name resolution API interface seen at GITHUB to quickly verify domain name ownership and automatically acquire Let's Encrypt SSL The certificate can also be automatically renewed. We know that when we obtain a certificate, the domain name needs to be analyzed and verified or the ownership of the file needs to be verified, which is a little troublesome.
After seeing this verification method, Lao Zuo thought it was more convenient. If we need to configure it Let's Encrypt SSL Certificate can try this method.
First, preparations
1. The domain name is resolved using CloudXNS DNS, which is a CloudXNS resolution service for domain names.
2. Enable the CloudXNS API, which is available in the settings. By default, it is not enabled.
API KEY and SECRET KEY are recorded here, and they will be configured for use later.
3. The domain name is resolved to the server.
Second, download the automatic verification script
wget https://github.com/xdtianyu/scripts/raw/master/le-dns/le-cloudxns.sh
wget https://github.com/xdtianyu/scripts/raw/master/le-dns/cloudxns.conf
chmod +x le-cloudxns.sh
Here we download the verification script and authorize it.
Third, modify the configuration file
cloudxns.conf
Modify the configuration file, here:
API_KEY="YOUR_API_KEY"
SECRET_KEY="YOUR_SECRET_KEY"
DOMAIN="laozuo.org"
CERT_DOMAINS="laozuo.org www.laozuo.org"
#ECC=TRUE
Here we modify two API parameters and the domain name of the SSL certificate.
Fourth, fast installation
./le-cloudxns.sh cloudxns.conf
Execute the command to automatically install SSL and verify the domain name.
Finished verifying and obtaining the certificate. The certificate file is in the "certs" folder in the current directory.
Fifth, deployment certificate
Configuring and deploying certificates is simple. We need to import privkey.pem and cert.pem files into the configuration file and restart Nginx.
VI. Regular renewal of Let's Encryption certificate
0 0 2/20 * * /etc/nginx/le-cloudxns.sh /etc/nginx/le-cloudxns.conf >> /var/log/le-cloudxns.log 2>&1
It is added to the crontab configuration file, and will be automatically updated 30 days before expiration in the future.
Scan the code to follow the official account
Get more news about webmaster circle!
Entrepreneurship, operation and new knowledge