怎么看一个域名有没有ssl证书(Let39)
怎么看一个域名有没有ssl证书(Let39)2.性价比高一般而言,通配符证书是会比单域名证书会贵上不少,但是假如按每个二级域名的证书价格摊分下来,那其实证书单价是及其的低。当然这要看你的二级域名数量总数有多少而定。但如今互联网时代,很多公司企业他们都会用户多个二级域名。对于这些企业而言,通配符证书无疑是一种高性价比的SSL证书。root@cby:~#apt-getinstallsocat-y root@cby:~#curlhttps://get.acme.sh|sh %Total%Received%XferdAverageSpeedTimeTimeTimeCurrent DloadUploadTotalSpentLeftSpeed 00000000--:--:----:--:----:--:--0 1009370937007880--:--:--0:00:01--:--:--789 %Total%Received%XferdAver
泛域名泛域名证书又名通配符证书是SSL证书中的其中一种形式,一般会以通配符的形式(如:*.domain.com)来指定证书所要保护的域名。
OV证书和DV证书都会有通配符的域名形式提供,而EV证书一般没有通配符的证书形式。
1.配置灵活方便
由于采用了通配符的形式对域名进行配置,那么对于拥有多个二级域名的网站是一件非常便利的事情。只要申请一张通配符证书,就能用于所有的二级域名网站中。而且如果以后需要继续增加二级域名,也不需要再去申请购买证书,只需继续使用原有的证书就可以,对于网站管理者来说确实是非常的方便。
2.性价比高
一般而言,通配符证书是会比单域名证书会贵上不少,但是假如按每个二级域名的证书价格摊分下来,那其实证书单价是及其的低。当然这要看你的二级域名数量总数有多少而定。但如今互联网时代,很多公司企业他们都会用户多个二级域名。对于这些企业而言,通配符证书无疑是一种高性价比的SSL证书。
root@cby:~#apt-getinstallsocat-y
root@cby:~#curlhttps://get.acme.sh|sh
%Total%Received%XferdAverageSpeedTimeTimeTimeCurrent
DloadUploadTotalSpentLeftSpeed
00000000--:--:----:--:----:--:--0
1009370937007880--:--:--0:00:01--:--:--789
%Total%Received%XferdAverageSpeedTimeTimeTimeCurrent
DloadUploadTotalSpentLeftSpeed
100210k100210k00131k00:00:010:00:01--:--:--131k
[Fri15Apr202211:54:09AMCST]Installingfromonlinearchive.
[Fri15Apr202211:54:09AMCST]Downloadinghttps://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Fri15Apr202211:54:11AMCST]Extractingmaster.tar.gz
[Fri15Apr202211:54:11AMCST]Installingto/root/.acme.sh
[Fri15Apr202211:54:11AMCST]Installedto/root/.acme.sh/acme.sh
[Fri15Apr202211:54:11AMCST]Installingaliasto'/root/.bashrc'
[Fri15Apr202211:54:11AMCST]OK Closeandreopenyourterminaltostartusingacme.sh
[Fri15Apr202211:54:11AMCST]Installingcronjob
490***"/root/.acme.sh"/acme.sh--cron--home"/root/.acme.sh">/dev/null
[Fri15Apr202211:54:11AMCST]Good bashisfound sochangetheshebangtousebashaspreferred.
[Fri15Apr202211:54:12AMCST]OK
[Fri15Apr202211:54:12AMCST]Installsuccess!
root@cby:~#
进入导入环境变量并提出申请
root@cby:~#cd.acme.sh/
root@cby:~/.acme.sh#exportDP_Id="abcd"
root@cby:~/.acme.sh#exportDP_Key="xxxxxxxxxx"
root@cby:~/.acme.sh#./acme.sh--issue--dnsdns_dp-d*.oiox.cn-doiox.cn
[Fri15Apr202212:05:13PMCST]UsingCA:https://acme.zerossl.com/v2/DV90
[Fri15Apr202212:05:13PMCST]Multidomain='DNS:*.oiox.cn DNS:oiox.cn'
[Fri15Apr202212:05:13PMCST]Gettingdomainauthtokenforeachdomain
[Fri15Apr202212:05:38PMCST]Gettingwebrootfordomain='*.oiox.cn'
[Fri15Apr202212:05:38PMCST]Gettingwebrootfordomain='oiox.cn'
[Fri15Apr202212:05:39PMCST]Addingtxtvalue:DDuc5hd3b1RIoa5BefBkA53EpEtbAY0Fk8jOVVJcL6Efordomain:_acme-challenge.oiox.cn
[Fri15Apr202212:05:39PMCST]Addingrecord
[Fri15Apr202212:05:39PMCST]Thetxtrecordisadded:Success.
[Fri15Apr202212:05:40PMCST]Addingtxtvalue:43GHnhiHjyxCxsdHSDRDP_A4YqP8dDjc_9YgnkFNk5Ifordomain:_acme-challenge.oiox.cn
[Fri15Apr202212:05:40PMCST]Addingrecord
[Fri15Apr202212:05:40PMCST]Thetxtrecordisadded:Success.
[Fri15Apr202212:05:40PMCST]Let'scheckeachDNSrecordnow.Sleep20secondsfirst.
[Fri15Apr202212:06:01PMCST]Youcanuse'--dnssleep'todisablepublicdnschecks.
[Fri15Apr202212:06:01PMCST]See:https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Fri15Apr202212:06:02PMCST]Checkingoiox.cnfor_acme-challenge.oiox.cn
[Fri15Apr202212:06:04PMCST]Domainoiox.cn'_acme-challenge.oiox.cn'success.
[Fri15Apr202212:06:04PMCST]Checkingoiox.cnfor_acme-challenge.oiox.cn
[Fri15Apr202212:06:05PMCST]Domainoiox.cn'_acme-challenge.oiox.cn'success.
[Fri15Apr202212:06:05PMCST]Allsuccess let'sreturn
[Fri15Apr202212:06:05PMCST]Verifying:*.oiox.cn
[Fri15Apr202212:06:17PMCST]Processing TheCAisprocessingyourorder pleasejustwait.(1/30)
[Fri15Apr202212:06:24PMCST]Success
[Fri15Apr202212:06:24PMCST]Verifying:oiox.cn
[Fri15Apr202212:06:31PMCST]Processing TheCAisprocessingyourorder pleasejustwait.(1/30)
[Fri15Apr202212:06:34PMCST]Success
[Fri15Apr202212:06:34PMCST]RemovingDNSrecords.
[Fri15Apr202212:06:34PMCST]Removingtxt:DDuc5hd3b1RIoa5BefBkA53EpEtbAY0Fk8jOVVJcL6Efordomain:_acme-challenge.oiox.cn
[Fri15Apr202212:06:35PMCST]Removed:Success
[Fri15Apr202212:06:35PMCST]Removingtxt:43GHnhiHjyxCxsdHSDRDP_A4YqP8dDjc_9YgnkFNk5Ifordomain:_acme-challenge.oiox.cn
[Fri15Apr202212:06:36PMCST]Removed:Success
[Fri15Apr202212:06:36PMCST]Verifyfinished starttosign.
[Fri15Apr202212:06:36PMCST]Letsfinalizetheorder.
[Fri15Apr202212:06:36PMCST]Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/G4Sy37Y-eHjHX1wLMAh5nA/finalize'
[Fri15Apr202212:06:44PMCST]Orderstatusisprocessing letssleepandretry.
[Fri15Apr202212:06:44PMCST]Retryafter:15
[Fri15Apr202212:07:00PMCST]Pollingorderstatus:https://acme.zerossl.com/v2/DV90/order/G4Sy37Y-eHjHX1wLMAh5nA
[Fri15Apr202212:07:03PMCST]Downloadingcert.
[Fri15Apr202212:07:03PMCST]Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/r4l-4WevkiEwiZA3U340ig'
[Fri15Apr202212:07:10PMCST]Certsuccess.
-----BEGINCERTIFICATE-----
MIIGaDCCBFCgAwIBAgIRAPw9soTBNxRGIVE6ANgMifAwDQYJKoZIhvcNAQEMBQAw
SzELMAkGA1UEBhMCQVQxEDAOBgNVBAoTB1plcm9TU0wxKjAoBgNVBAMTIVplcm9T
U0wgUlNBIERvbWFpbiBTZWN1cmUgU2l0ZSBDQTAeFw0yMjA0MTUwMDAwMDBaFw0y
MjA3MTQyMzU5NTlaMBQxEjAQBgNVBAMMCSoub2lveC5jbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALj8qi39uAgrhdwzQ6zP ADRZgO2qGAVN4Qmu/ul
tANIVXuM/B3lbD6RM Msb1Df5FKXJoga hBjBQI9iX k4M3uf2isIeZBJix1dj2N
6o2NpcbCXEyPclOFSWHuOuMgCXKofThz9Vlgb1sZsuBv7 6mF/qGEmX2nsjIYlPh
/x7NqB1 WF ouKPWOvWTg/O NaJd/8EkIhtqwYRH19JtIMxZAnVcnk/vlUirHFdl
K0C21mCn4SZpG/k0tfLkUAJ/dokWAYKiAV5kCr1cpS/mEKGWKbgR0 e436ZlAXR8
pPJLHvV19U D4 YrjvEGrxh0p3sQmVLAQiKvX8H/2e6/lJUCAwEAAaOCAnwwggJ4
MB8GA1UdIwQYMBaAFMjZeGii2Rlo1T1y3l8KPty1hoamMB0GA1UdDgQWBBQNQ6Tg
Wc9VXEb7JBebpnqg07n6lDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEE
AbIxAQICTjAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAI
BgZngQwBAgEwgYgGCCsGAQUFBwEBBHwwejBLBggrBgEFBQcwAoY/aHR0cDovL3pl
cm9zc2wuY3J0LnNlY3RpZ28uY29tL1plcm9TU0xSU0FEb21haW5TZWN1cmVTaXRl
Q0EuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vemVyb3NzbC5vY3NwLnNlY3RpZ28u
Y29tMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUARqVV63X6kSAwtaKJafTzfREs
QXS /Um4havy/HD bUcAAAGAK2cJxgAABAMARjBEAiBqAyCsE36I qUvZaEuWqNf
XuLAgdaNl6Xi/XrtpEIQhAIgRxOZNoDnqjgxGxfuG4kaGvLzlJezgbzss49CK/pH
g MAdQBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAYArZwmVAAAE
AwBGMEQCIE4CJqmMWMJBpSMumrxsK4hBV2aVoG6zke9vqjvUD6mQAiBaCjPj2NJC
ULsSB39TVW9maHtX9oQ8Wl9vLAD4dKirkDAdBgNVHREEFjAUggkqLm9pb3guY26C
B29pb3guY24wDQYJKoZIhvcNAQEMBQADggIBAGdRf30QaQQ764Qe7e/ qFX6gcQ2
nee8w4jKTLgcXL0un5Fb9lJi/cJtdsMDxvYyrFEhYIl3XosP2Kzl0DAwxYV2QcN0
g0EulOfU46v/rueWuLo/AwzSVdSwxPTLa QI69cPgQk/skqRigv17zjdbRRVY7jm
/ a9wGc8st0CNUtCgH4N03HcexIqbo7wquNUE19rvhFOTPMewID7P8NviitM76vS
K3C7SNqnyeIAZ3ydOFamZ4ye68mEQCJ0LGaSlDme8tY3eA3vliziKeouv6itGbRS
X2Ze8Twk/8PADC0sxIjPjrh47ngE DNpEEDr6PH89hnvjEl3V0ZFV9dW1McAoq2Q
RW4LyXeSXasYPKQU1ncTjDsymquX5r7OJ1SCnXUCuEFohoGWkZTWUFQBy3C8Xwuz
AHzYxzsSPyKV19sJEUkSaFIEQH5dbMqGSnk60gE bqDfRTZ2PL9WGp by60HSbzo
3ehnUoyRkggmoD SX8AAJLPuxkHFB/L68CL7knwWXzYcBYfj0yv 0T5HPhOofHud
Fwv/h5loRN/1jeVwIblo9B 3KnNNDAxd5NTf1l80oZJgKqS6zoFJwKbE0X11Ved7
m35ZEcj4UwrgSFLE7Y9 to66In2N/QpvFPFclE9Xfwdd03YAmxS/biIul2xrkzBf
E9Q19NWLnTA2YU52
-----ENDCERTIFICATE-----
[Fri15Apr202212:07:10PMCST]Yourcertisin:/root/.acme.sh/*.oiox.cn/*.oiox.cn.cer
[Fri15Apr202212:07:10PMCST]Yourcertkeyisin:/root/.acme.sh/*.oiox.cn/*.oiox.cn.key
[Fri15Apr202212:07:10PMCST]TheintermediateCAcertisin:/root/.acme.sh/*.oiox.cn/ca.cer
[Fri15Apr202212:07:10PMCST]Andthefullchaincertsisthere:/root/.acme.sh/*.oiox.cn/fullchain.cer
查看已申请出来证书
root@cby:~/.acme.sh#cd\*.oiox.cn
root@cby:~/.acme.sh/*.oiox.cn#ll
total44
drwxr-xr-x2rootroot4096Apr1512:07./
drwx------8rootroot4096Apr1511:55../
-rw-r--r--1rootroot4399Apr1512:07ca.cer
-rw-r--r--1rootroot6680Apr1512:07fullchain.cer
-rw-r--r--1rootroot2281Apr1512:07'*.oiox.cn.cer'
-rw-r--r--1rootroot563Apr1512:07'*.oiox.cn.conf'
-rw-r--r--1rootroot956Apr1512:05'*.oiox.cn.csr'
-rw-r--r--1rootroot156Apr1512:05'*.oiox.cn.csr.conf'
-rw-------1rootroot1675Apr1511:55'*.oiox.cn.key'
root@cby:~/.acme.sh/*.oiox.cn#Nginx部署证书
示例:
server{
listen80;
listen[::]:80;
listen443ssl;
listen[::]:443;
ssl_certificate/ssl/fullchain.cer;
ssl_certificate_key/ssl/*.oiox.cn.key;
ssl_session_timeout5m;
ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocolsTLSv1TLSv1.1TLSv1.2;
ssl_prefer_server_cipherson;
server_namedns.oiox.cn;
root/var/www/dns;
indexindex.html;
location/{
try_files$uri$uri/=404;
}
}附录
上面使用DNSPOD进行动态解析申请证书
阿里云DNS申请
exportAli_Key="abcd"
exportAli_Secret="xxxxxxxxxx"
#RSA证书
acme.sh--issue--dnsdns_ali-dblog.exsvc.cn-d*.exsvc.cn
#ECC证书
acme.sh--issue--dnsdns_ali-dblog.exsvc.cn-d*.exsvc.cn--keylengthec-256
腾讯云DNS申请
root@cby:~/.acme.sh#exportDP_Id="abcd"
root@cby:~/.acme.sh#exportDP_Key="xxxxxxxxxx"
root@cby:~/.acme.sh#./acme.sh--issue--dnsdns_dp-d*.oiox.cn-doiox.cn
更多申请方式见:https://github.com/acmesh-official/acme.sh/wiki/dnsapi
https://www.oiox.cn/
https://www.chenby.cn/
https://cby-chen.github.io/
https://weibo.com/u/5982474121
https://blog.csdn.net/qq_33921750
https://my.oschina.net/u/3981543
https://www.zhihu.com/people/chen-bu-yun-2
https://segmentfault.com/u/hppyvyv6/articles
https://juejin.cn/user/3315782802482007
https://space.bilibili.com/352476552/article
https://cloud.tencent.com/developer/column/93230
https://www.jianshu.com/u/0f894314ae2c
https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/
CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
