certbot自动签发80端口ssl证书
远程连接阿里云轻量级服务器IP:47.100.252.46
Certificate is saved at: /etc/letsencrypt/live/c.zhonjin.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/c.zhonjin.com/privkey.pem
Successfully deployed certificate for c.zhonjin.com to
/etc/apache2/sites-available/000-default-le-ssl.conf
/etc/letsencrypt/archive/z.zhonjin.com
sudo chown stevenroc:stevenroc /etc/letsencrypt/archive/
2、
cd /etc/apache2/sites-available/
nano default-ssl.conf
3、
cd /etc/apache2/cert/
SSLCertificateFile /etc/apache2/cert/chanking.zhonjin.com.crt
SSLCertificateChainFile /etc/apache2/cert/chanking.zhonjin.com_chain.pem
SSLCertificateKeyFile /etc/apache2/cert/chanking.zhonjin.com_key.key
更新如下:
SSLCertificateFile /etc/apache2/cert/fullchain1.pem
SSLCertificateChainFile /etc/apache2/cert/chain1.pem
SSLCertificateKeyFile /etc/apache2/cert/privkey1.pem
sudo systemctl restart apache2
二、方案一:Certbot(官方推荐,最简单)
Certbot 由 EFF 开发,自动完成申请、安装与续期,与主流 Web 服务器深度集成。
1. 安装 Certbot
先更新包列表并安装对应插件:
bash
运行
sudo apt update && sudo apt upgrade -y
# Apache 用户
sudo apt install certbot python3-certbot-apache -y
# Nginx 用户
sudo apt install certbot python3-certbot-nginx -y
# 无 Web 服务器(用 standalone 模式)
sudo apt install certbot -y
2. 签发与自动配置证书
根据环境选择以下命令,全程交互式完成:
Apache 一键配置(推荐)
bash
运行
sudo certbot –apache -d c.zhonjin.com
sudo certbot –apache -d zhonjin.com -d c.zhonjin.com
==========================
Certbot自动生成 c.zhonjin.com ssl证书成功
root@iZuf6gpqjdrtxhrlu713q7Z:~# sudo apt install certbot -y
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
certbot is already the newest version (2.9.0-1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
root@iZuf6gpqjdrtxhrlu713q7Z:~# sudo certbot –apache -d c.zhonjin.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter ‘c’ to cancel): steven_roc@126.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf. You must agree
in order to register with the ACME server. Do you agree?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: y
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let’s Encrypt project and the non-profit organization that
develops Certbot? We’d like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: y
Account registered.
Requesting a certificate for c.zhonjin.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/c.zhonjin.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/c.zhonjin.com/privkey.pem
This certificate expires on 2026-05-22.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for c.zhonjin.com to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://c.zhonjin.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
root@iZuf6gpqjdrtxhrlu713q7Z:~# sudo certbot –apache -d chanking.zhonjin.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for chanking.zhonjin.com
Successfully received certificate.
/etc/letsencrypt/archive/chanking.zhonjin.com
Certificate is saved at: /etc/letsencrypt/live/chanking.zhonjin.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/chanking.zhonjin.com/privkey.pem
This certificate expires on 2026-05-22.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
We were unable to find a vhost with a ServerName or Address of chanking.zhonjin.com.
Which virtual host would you like to choose?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: 000-default-le-ssl.conf | c.zhonjin.com | HTTPS | Enabled
2: 000-default.conf | | | Enabled
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Successfully deployed certificate for chanking.zhonjin.com to /etc/apache2/sites-enabled/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://chanking.zhonjin.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
十、自动续期90天续期
root@iZuf6gpqjdrtxhrlu713q7Z:~# sudo systemctl list-timers | grep certbot
Sun 2026-02-22 02:04:35 CST 1h 50min – – certbot.timer certbot.service
自适应IP