Now it is a HTTPS age, you can apply free ssl certificates with any cloud platform, but wildcard (*.domain.com) certificate is not free. So how to generate your first free wildcard certificate with Let’s Encrypt?
Let’s Encrypt is a public benefit organization by the
Internet Security Research Group(ISRG), and sponsored by many famous foundations, such as Mozilla, Linux, Cisco, etc.
The purpose of Let’s Encrypt is to promote
HTTPSto whole internet, reduce the difficulty of obtaining and deploying certificates through the
Automated Certificate Management Environment(ACME), and realize the simple, automatic and free ssl certificate of the website.
For simple and safe, the certificate is only valid for 3 months, so the client must have the ability to automatically renew, otherwise every 3 months, millions of website manual renewals will become a nightmare.
There are more than 30 clients, include the official client: certbot, I read the document, it’s very powerful and professional, the others are available for many languages and platforms. However, I don’t need the power or the function, I just hope it quick and simple.
So I choose the most recommended client:
Using bash, and auto update!
curl https://get.acme.sh | sh
to auto update, get DNS API token, for example: Tencent Cloud
record ID and Token, then run in shell:
run once, remembered by acme.sh
acme.sh --issue -d dengcb.com -d *.dengcb.com --dns dns_dp
if alias mode, add:
acme.sh --installcert -d dengcb.com -d *.dengcb.com \
update cert: latest acme.sh supported auto update already
auto update acme.sh:
acme.sh --upgrade --auto-upgrade
acme.sh --issue ..... --debug(optional)