Focus on cloud service provider activities
Notes on website operation and maintenance

Use DNSPOD resolution API to quickly verify domain names and quickly install free Let's Encrypt certificates

Lao Zuo is in“ Use CloudXNS API to quickly verify domain name and obtain Let's Encrypt SSL certificate by one click "Article, if we use CloudXNS for domain name resolution, we can quickly obtain Let's Encrypt SSL certificate and deployment can be counted as one of the Let's Encrypt One of the more convenient methods in the configuration process. At the same time, the GITHUB script also provides the DNSPOD corresponding domain name resolution platform script. If our domain name uses DNSPOD resolution, we can also use the corresponding script to quickly configure Let's Encrypt certificates.

In this article, Lao Zuo will organize how this script obtains Let's Encrypt certificates for DNSPOD resolved domain names.

First, preparations

1. Linux VPS and servers are configured with the WEB environment, and websites are added and laid out on the server

2. Check whether our current domain name uses DNSPOD resolution

3. Create API Token

The default API Token is closed. We need to log in https://www.dnspod.cn/console/user/security Start and create.

 Create API Token

After creation here, make records, which will be needed later.

Second, download the DNSPOD one click installation Let's Encrypt script

wget https://github.com/xdtianyu/scripts/raw/master/le-dns/le-dnspod.sh
wget https://github.com/xdtianyu/scripts/raw/master/le-dns/dnspod.conf
chmod +x le-dnspod.sh

Downloads and Licensing

Third, modify the dnspod.conf configuration file

TOKEN="YOUR_TOKEN_ID,YOUR_API_TOKEN"
RECORD_LINE="Default"
DOMAIN="laobuluo.com"
CERT_DOMAINS="laobuluo.com www.laobuluo.com"
#ECC=TRUE

Here, you need to modify TOKEN (pay attention to the format), DOMAIN, and CERT_DOMAINS. Pay attention to the format when replacing files.

IV. Automatic configuration

./le-dnspod.sh dnspod.conf

 Use DNSPOD resolution API to quickly verify domain name One click installation of free Let's Encrypt certificate

When you see this result, you can confirm that the installation is successful, and there will be a corresponding domain name folder in the current cert directory.

Fifth, configure SSL to the website

After we automatically obtain the Let's Encrypt certificate, we need to go to Nginx (different if using Apache) to modify the configuration file.

Ssl_certificate/root/certs/corresponding domain name certificate folder/cert.pem;
Ssl_certificate_key/root/certs/corresponding domain name certificate folder/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

After modifying the configuration file, restart Nginx to take effect.

 Configure SSL to the website

It seems to be a success. We need to force 301 jump when we modify it later( Nginx environment forces http 301 to jump to https setting record )Point to HTTPS.

Sixth, set Let's Encrypt automatic renewal

Because the default is free for 90 days (which is not good, but it will take one year), but we need to renew the mobile phone contract before the expiration. It also supports automatic activation and renewal using crontab.

0 0 5/20 * * /root/le-dnspod.sh /root/le-dnspod.conf >> /var/log/le-dnspod.log 2>&1

Add the automatic renewal task to crontab, which will automatically detect and renew the contract according to the set time. After execution, restart nginx to take effect.

Domain name host preferential information push QQ group: six hundred and twenty-seven million seven hundred and seventy-five thousand four hundred and seventy-seven Get preferential promotion from merchants.
Like( zero )
Do not reprint without permission: Lao Zuo's Notes » Use DNSPOD resolution API to quickly verify domain names and quickly install free Let's Encrypt certificates


Scan the code to follow the official account

Get more news about webmaster circle!
Entrepreneurship, operation and new knowledge