说明:之前看到有人问了下Caddy怎么申请Let’s Encrypt泛域名SSL证书,就翻了下官方文档了解下,发现比用Nginx申请的过程简单很多,这里就发下方法。如果有人需要Nginx申请的方法,可以看下博主很久前发过的Nginx申请教程→传送门。
说明
Caddy支持以下DNS服务商,所以需要提前将你的域名DNS服务器转移到指定服务商。
cloudflare、cloudxns、dnspod、gandi/gandiv5、godaddy、namecheap、vultr、googlecloud、auroradns、azure、 digitalocean、dnsimple、dnsmadeeasy、dyn、lightsail、linode、ns1、namedotcom、ovh、otc、pdns、rackspace、rfc2136、route53
申请
由于博主的域名DNS都在CloudFlare,所以下面以CF为例。
1、安装Caddy
curl https://getcaddy.com | bash -s personal tls.dns.cloudflare后面的tls.dns.cloudflare为cloudflare的插件,如果你是其它DNS服务商就需要替换下插件参数,比如:
tls.dns.auroradns
tls.dns.azure
tls.dns.cloudflare
tls.dns.cloudxns
tls.dns.digitalocean
tls.dns.dnsimple
tls.dns.dnsmadeeasy
tls.dns.dnspod
tls.dns.dyn
tls.dns.exoscale
tls.dns.gandi
tls.dns.gandiv5
tls.dns.godaddy
tls.dns.googlecloud
tls.dns.lightsail
tls.dns.linode
tls.dns.namecheap
tls.dns.ns1
tls.dns.otc
tls.dns.ovh
tls.dns.powerdns
tls.dns.rackspace
tls.dns.rfc2136
tls.dns.route53i
tls.dns.vultr
2、设置环境变量
以下为Caddy申请通配符时所需要的DNS服务商的环境变量。
#Aurora DNS by PCExtreme
AURORA_USER_ID
AURORA_KEY
AURORA_ENDPOINT(optional)
#Azure DNS
AZURE_CLIENT_ID
AZURE_CLIENT_SECRET
AZURE_SUBSCRIPTION_ID
AZURE_TENANT_ID
#Cloudflare
CLOUDFLARE_EMAIL
CLOUDFLARE_API_KEY
#CloudXNS
CLOUDXNS_API_KEY
CLOUDXNS_SECRET_KEY
#DigitalOcean
DO_AUTH_TOKEN
#DNSimple
DNSIMPLE_EMAIL
DNSIMPLE_OAUTH_TOKEN
#DNS Made Easy
DNSMADEEASY_API_KEY
DNSMADEEASY_API_SECRET
DNSMADEEASY_SANDBOX(true/false)
#DNSPod
DNSPOD_API_KEY
#DynDNS
DYN_CUSTOMER_NAME
DYN_USER_NAME
DYN_PASSWORD
#Gandi/Gandiv5
GANDI_API_KEY/GANDIV5_API_KEY
#GoDaddy
GODADDY_API_KEY
GODADDY_API_SECRET
#Google Cloud DNS
GCE_PROJECT
GCE_DOMAIN
GOOGLE_APPLICATION_CREDENTIALS
#Lightsail by AWS
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN(optional)
DNS_ZONE(optional)
#Linode
LINODE_API_KEY
#Namecheap
NAMECHEAP_API_USER
NAMECHEAP_API_KEY
#NS1
NS1_API_KEY
#Open Telekom Cloud Managed DNS
OTC_DOMAIN_NAME
OTC_USER_NAME
OTC_PASSWORD
OTC_PROJECT_NAME
OTC_IDENTITY_ENDPOINT(optional)
#OVH
OVH_ENDPOINT
OVH_APPLICATION_KEY
OVH_APPLICATION_SECRET
OVH_CONSUMER_KEY
#PowerDNS
PDNS_API_URL
PDNS_API_KEY
#Rackspace
RACKSPACE_USER
RACKSPACE_API_KEY
#RFC2136
RFC2136_NAMESERVER
RFC2136_TSIG_ALGORITHM
RFC2136_TSIG_KEY
RFC2136_TSIG_SECRET
#Route53 by AWS
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
#Vultr
VULTR_API_KEY这些变量值可以在DNS服务商账户中查找,一般在设置什么的地方。然后这里以CloudFlare为例,先登录账号,然后再去获取API,API获取地址:https://www.cloudflare.com/a/profile。.png "请输入图片描述")
再使用命令设置环境变量:
export CLOUDFLARE_API_KEY="4993d7315d4c72770242357da" #CloudFlare账户API
export CLOUDFLARE_EMAIL="moerats@live.com" #CloudFlare账户邮箱
3、获取通配符
先新建配置文件,使用命令:
#将域名修改为自己的,然后将下面全部一起复制到SSH客户端运行
echo "*.moerats.com {
tls {
dns cloudflare
}
}" > Caddyfile这里如果你是其它DNS服务商就需要修改dns后面的参数,也就是服务商名称,均用小写字母,可以参考步骤1安装caddy的插件参数,比如插件为tls.dns.auroradns,那就用dns auroradns参数。
然后启动Caddy:
caddy -conf Caddyfile接下来几秒钟后,会自动给你生成一个通配符SSL证书,证书存放路径为:
~/.caddy/acme/acme-v02.api.letsencrypt.org/sites/wildcard_.moerats.com
此时你就可以使用crt和key文件为你的所有子域名配置SSL了。
最后证书有效期依然是3个月,到期后可以重新用此方法申请。.png "请输入图片描述")
每三个月就要重新申请一次吗
再使用命令设置环境变量
export CLOUDFLARE_API_KEY="4993d7315d4c72770242357da" #CloudFlare账户API
export CLOUDFLARE_EMAIL="moerats@live.com" #CloudFlare账户邮箱
这个在哪设置?如何设置?劳烦指教,新手,谢谢
这个直接在ssh客户端运行就行
caddy2 如何申请泛域名?
我还没看,有空看看caddy2
三个月证书到期续签重启服务以后发现 caddy 到cloudflare有点问题
Cloudflare上删除重建了DNS 还是这个现象
log粘贴you问题, 放到了这里 https://pastebin.com/WZYTjifH
这个暂时只能看出dns的问题,其它看不出来
三个月证书到期续签重启服务以后发现 caddy 到cloudflare有点问题
Cloudflare上删除重建了DNS 还是这个现象,非常奇怪
Activating privacy features... 2020/02/03 08:17:51 [INFO] [*.example.com] acme: Obtaining bundled SAN certificate
2020/02/03 08:17:51 [INFO] [*.example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2618093996
2020/02/03 08:17:51 [INFO] [*.example.com] acme: use dns-01 solver
2020/02/03 08:17:51 [INFO] [*.example.com] acme: Preparing to solve DNS-01
2020/02/03 08:17:52 [INFO] cloudflare: new record for example.com, ID 7d88d4be804178dfdb0f7326d2ce2dd
2020/02/03 08:17:52 [INFO] [*.example.com] acme: Trying to solve DNS-01
2020/02/03 08:17:52 [INFO] [*.example.com] acme: Checking DNS record propagation using [127.0.0.53:53]
2020/02/03 08:17:52 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2020/02/03 08:18:02 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:18:14 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:18:26 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:18:38 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:18:50 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:19:02 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:19:14 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:19:26 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:19:38 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:19:50 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:19:52 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge
2020/02/03 08:19:52 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2618093996
2020/02/03 08:19:53 [INFO] [*.example.com] acme: Obtaining bundled SAN certificate
2020/02/03 08:19:53 [INFO] [*.example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2618235436
2020/02/03 08:19:53 [INFO] [*.example.com] acme: use dns-01 solver
2020/02/03 08:19:53 [INFO] [*.example.com] acme: Preparing to solve DNS-01
2020/02/03 08:19:54 [INFO] cloudflare: new record for example.com, ID a8d06014881a4b45d321a0cff0e6ece72
2020/02/03 08:19:54 [INFO] [*.example.com] acme: Trying to solve DNS-01
2020/02/03 08:19:54 [INFO] [*.example.com] acme: Checking DNS record propagation using [127.0.0.53:53]
2020/02/03 08:19:54 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2020/02/03 08:20:04 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:20:16 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:20:28 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:20:40 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:20:52 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:21:04 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:21:16 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:21:28 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:21:40 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:21:52 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:21:54 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge
2020/02/03 08:21:54 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2618235436
2020/02/03 08:21:55 [INFO] [*.example.com] acme: Obtaining bundled SAN certificate
2020/02/03 08:21:56 [INFO] [*.example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2618262229
2020/02/03 08:21:56 [INFO] [*.example.com] acme: use dns-01 solver
2020/02/03 08:21:56 [INFO] [*.example.com] acme: Preparing to solve DNS-01
2020/02/03 08:21:56 [INFO] cloudflare: new record for example.com, ID e374f47856c2433851b263e61db1b2db
2020/02/03 08:21:56 [INFO] [*.example.com] acme: Trying to solve DNS-01
2020/02/03 08:21:56 [INFO] [*.example.com] acme: Checking DNS record propagation using [127.0.0.53:53]
2020/02/03 08:21:56 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2020/02/03 08:22:06 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:22:18 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:22:30 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:22:42 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:22:54 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:23:06 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:23:18 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:23:30 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:23:42 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:23:54 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2020/02/03 08:23:56 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge
2020/02/03 08:23:56 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2618262229
2020/02/03 08:23:58 failed to obtain certificate: acme: Error -> One or more domains had a problem:
[*.example.com] time limit exceeded: last error: read udp 45.205.1.150:45453->173.245.59.236:53: i/o timeout
使用 基础配置 + 一键脚本 反向代理, 遇到一个诡异的问题:
一键脚本中 ulimit -n 51200 的时候启动成功,但是访问失败;
ulimit -n 8192 反向代理成功,这个有什么办法解决么?
*.example.com
{
tls {
dns cloudflare
}
proxy /xxx.com
}
哪个一键脚本
尝试了一下,可以获得泛域名*.example.com的证书。就是用https://example.com访问不了,用www.example.com就没问题,设置了www跳转也不行(不知道是不是没设置对),网上也没找到有效的解决方法,不知大佬有啥解决方法不?
if {host} not_starts_with www / https://www.{label1}.example.com{uri} }大致的配置:
*.example.com
{
tls {
dns cloudflare
}
fastcgi / /run/php/php7.3-fpm.sock php
rewrite {
if {path} not_match ^/admin
to {path} {path}/ /index.php?{query}
}
redir {
}
你这个301咋感觉不对,试试这篇文章的301和配置,https://www.moerats.com/archives/651/
谢谢大佬,按照提供的配置来尝试了一下,可以正常跳转www了
可以去SSL For Free在线申请,也是3个月,相对方便
其实命令行更快。
如果更改证书时间为一年应该怎么操作啊
这种证书不能改时长,默认3个月。
用acme也能申请通配符证书也挺方便的 还有certbot 这玩意还能自动配置ssl
对的,姿势有很多,多会点还是好的
你好博主 如果是Lighttpd + PHP + SQLite环境呢 怎么搞泛域名证书
Lighttpd没试过
不知道有没有空 测试下呀,我的VPS是64M的搞个Lighttpd + PHP + SQLite加SSL 加小飞机
用nginx或者caddy申请泛域名后,把证书拿出来,再配置到你需要的地方就行了