通过Certbot申请域名通配符

安装snap

以centos7为例子

1.sudo yum install epel-release
2.sudo yum install snapd
3.sudo systemctl enable --now snapd.socket
4.sudo ln -s /var/lib/snapd/snap /snap

安装Certbot

1.sudo snap install core
2.sudo snap refresh core
3.sudo yum remove certbot
4.sudo snap install --classic certbot
5.sudo ln -s /snap/bin/certbot /usr/bin/certbot

申请域名通配符

1.sudo certbot certonly --manual --preferred-challenges=dns-01出现以下提示，输入邮箱回车即可

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): 

然后出现一些同意事项,按Y即可,然后到输入域名这里(主域名和*号域名,中间逗号或者空格隔开都行)

Account registered.
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): YouDomain.com,*.YouDomain.com

回车，然后出现

Please deploy a DNS TXT record under the name:

_acme-challenge.YouDomain.com.

with the following value:

YfBA-x2Vdw_j5t1gvBSSee8GX1PBx-y2hM1bx9rgijg

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.YouDomain.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

然后到域名服务商那里添加主机记录_acme-challenge,值为上面给出的，也就是YfBA-x2Vdw_j5t1gvBSSee8GX1PBx-y2hM1bx9rgijg,过一会 https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.YouDomain.com.上面查下DNS记录，这个地址是输入域名后回车后显示出来的，确保记录值只有一条，有多条的话可能会验证失败。

这里提醒一下，如果主机名显示是这样_acme-challenge.YouDomain.com.,在域名服务商解析那里填写的应该是_acme-challenge

如果显示的是_acme-challenge.www.YouDomain.com.,那应该在域名服务商解析那里填写的是_acme-challenge.www
3.生成的证书在/etc/letsencrypt/live目录下